post.php forbidden… sometimes

one last answer: no.

you are NOT “creating” a security hole, you are disabling a security feature.

There IS a difference.

ok, then i will rephrase… is it a bad idea to disable this particular security feature, in other words should i keep looking for a better solution or is it reasonably safe to leave this feature disabled?

A bad idea to me might not be a bad idea to someone else. In other words, Im not going to provide reassurance or critique regarding your web site’s security

Generally speaking, its always better to disable as little as possible when it comes to security. It would follow then, that if a solution exists whereby you can selectively disable mod_security, either on a per-directory or per-file basis, it would be more prudent to take that route.

Will the sky fall if you let it be? Probably not, but I could always be wrong.

Security is all about risk management.

Mod_security protects you against badly written software, nothing more nothing less. So it all comes down on how ‘secure’ the WordPress code is. Or even more important, how good YOU think the WordPress code is.

Second point to take into account is what kind of info you keep on the box. If it’s mission critical or sensitive information, or if it’s public info anyhow, where the occasional backup is adequate enough.

Based on these factors, you have to make the choice if you want to take the extra risk you’re running without mod_security.

I can’t say anything about the second point, but if I look at just the first point, I’d personally leave it running as you have now.

thank you