406/403 Not Acceptable - ModSecurity - WP Simple Pay Documentation
  1. Home
  2. FAQs
  3. Common Problems
  4. 406/403 Not Acceptable – ModSecurity
  1. Home
  2. FAQs
  3. 406/403 Not Acceptable – ModSecurity

406/403 Not Acceptable – ModSecurity

ModSecurity is an open source firewall solution that some web hosts automatically enable on their servers.

Some configurations of ModSecurity can accidentally block valid requests to your server which can in turn cause WP Simple Pay to not function correctly.

Error Returning from Stripe Checkout (checkout.stripe.com)

A common request ModSecurity may block is returning from a Stripe.com-hosted Stripe Checkout page. It is important that ModSecurity does not block requests from any of Stripe’s fully qualified domain names:

api.stripe.com
checkout.stripe.com
files.stripe.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com

Your web host will be able to add these domains to the ModSecurity whitelist to ensure your users see their Payment Success page after a Stripe Checkout payment.

Error Attempting an Embedded or Overlay Payment Form

ModSecurity can also incorrectly block requests to your website’s WordPress REST API. This can occur in certain instances such as using a custom field to collect a URL, which ModSecurity may flag when the form’s content is submitted.

Your web host will be able to see POST requests to the /wp-json/wpsp REST API endpoints and whitelist any rules that have been improperly triggered that may be blocking requests.

See our documentation article on the WordPress REST API for more information.

Updated on November 17, 2020

Was this article helpful?

Related Articles