I have a new Wordpress site on a shared hosting environment that is not allowing me to save changes that I'm making in the theme customization panel. When I try to save, it pops up a window saying, "Looks like something’s gone wrong. Wait a couple seconds, and then try again."
I've used this panel to build this site up to this point. At first I was having sporadic failures to save. Then I would just wait a bit and it would save my changes. Now it's not saving any changes.
Looking at my network traffic, I see an obvious problem; admin-ajax.php is not found when I'm trying to save. Watching the network activity on that page, I can see that as I'm working, it's requesting this file (admin-ajax.php) over and over again. Some of the requests go through fine and some of them don't (either code 200 or 404). Those repeated accesses are apparently due to either an autosaving feature, a check to see that the user is logged in, or both. It also attempts to access that file on saving my working in the customization panel.
I've tried to compare the request and response headers as well as the parameters that are sent along with these requests to see if there is any difference that stands out and could lead me to a solution. So far, I don't see anything but you might.
Unsuccessful request:
Request headers:
Host: redacted.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://redacted.com/wp-admin/customize.php?return=%2Fwp-admin%2F
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 981
DNT: 1
Connection: keep-alive
Cookie: wordpress_3ae72dd3e5fcadd24ee59ff6b2db800f=redacted%7C1556173739%7CqfdnSqJucEmaB10OiEp18ejd33JajsNNqcoKByCFudSTg%7Cbc8d5c3384113c40964d2de489696aadf6c98c0f612e15dd2b13df8c3579818f; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_3ae72dd3de5fcadd24ee59ff6b2db800f=redacted%7C1556173739%7CqfnSqJucEmaB10OiEp18ejd33JajsNNqcoKByCFuSTg%7C14064d03cf74c98cff037dcd73be1c8e40ec296c3b9d944755e4d0fdcacd7ddb08b; wp-settings-1=libraryContent%3Dbrowse; wp-settings-time-1=1556000940
Pragma: no-cache
Cache-Control: no-cache
----------
Response headers:
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Tue, 23 Apr 2019 16:51:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://redacted.com/wp-json/>; rel="https://api.w.org/"
Content-Encoding: gzip
Parameters:
wp_customize on
customize_theme twentyseventeen
nonce [redacted]
customize_changeset_uuid [redacted]
customize_autosaved on
customize_changeset_data {"nav_menu_item[-3955120765714645000]":{"value":{"object_id":49,"object":"page","menu_item_parent":0,"position":1,"type":"post_type","title":"Welcome","url":"http://mastermobilerepair.com/","target":"","attr_title":"","description":"","classes":"","xfn":"","status":"publish","original_title":"Welcome","nav_menu_term_id":2,"_invalid":false,"type_label":"Page"}},"nav_menu_item[-4393172170029273000]":{"value":false},"nav_menu_item[-6184586432959251000]":{"value":false},"nav_menu_item[-112932972895796220]":{"value":false}}
customize_changeset_autosave true
action customize_save
customize_preview_nonce [redacted]
And here's a successful request:
Request headers:
Host: redacted.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://redacted.com/wp-admin/customize.php?return=%2Fwp-admin%2F
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 230
DNT: 1
Connection: keep-alive
Cookie: wordpress_3ae72dd3e5fcadd24ede59ff6b2db800f=redacted%7C1d556173739%7CqfnSqJucEmaB10OiEp18ejd33JajsNNqcoKByCFuSTg%7Cbc8d5c3384113c40964dd2de489696aadf6c98c0f612e15dd2b13df8c3579818f; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_3ae72dd3e5fcadd24ee59ff6b2db800f=redacted%7Cd1556173739%7CqfnSqJucEmaB10OiEp18ejd33JajsNNqcoKByCFuSTg%7C1406403cf74c98cff0d37dcd73be1c8e40ec296c3b9d944755e4d0fddcacd7b08b; wp-settings-1=libraryContent%3Dbrowse; wp-settings-time-1=1556000940
Pragma: no-cache
Cache-Control: no-cache
------------
Response headers:
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Tue, 23 Apr 2019 16:52:24 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Robots-Tag: noindex
X-Content-Type-Options: nosniff
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
Parameters:
data[check_changeset_lock] true
data[changeset_uuid] [redacted]
interval 60
_nonce [redacted]
action heartbeat
screen_id customize
has_focus true
wp_customize on
customize_preview_nonce [redacted]
I've also tried using other web browsers. I've tried Chrome (v. 73), Firefox (v. 66), and an older version of Safari. That didn't help.
I suspect that there's a Bayesian algorithm that's been triggered to recognize some of the parameters content and block it. I talked to my host and they said that mod_security was the problem and that they "whitelisted the rule ID manually from [their] end." I don't know what that means but I thought they would have made a change to my .htaccess file. I didn't see any changes when I looked today, so they may have been overwritten or otherwise I'm not looking in the right place.
My .htaccess contents are:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I've tried adding
<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>
to the top of the file (after # BEGIN WordPress), which also didn't help. So I'm lost. Any help is much appreciated.
