1. Home
  2. Common Problems
  3. How to Resolve 406/403 Not Acceptable – ModSecurity Issues

How to Resolve 406/403 Not Acceptable – ModSecurity Issues

ModSecurity is an open source firewall solution that some web hosts automatically enable on their servers. Some configurations of ModSecurity can accidentally block valid requests to your server which can in turn cause WP Simple Pay to not function correctly.

Error Returning from Stripe Checkout (checkout.stripe.com)

A common request ModSecurity may block is returning from a Stripe.com-hosted Stripe Checkout page. It is important that ModSecurity does not block requests from any of Stripe’s fully qualified domain names:


Your web host will be able to add these domains to the ModSecurity whitelist to ensure your users see their Payment Success page after a Stripe Checkout payment.

Error Attempting an Embedded or Overlay Payment Form

ModSecurity can also incorrectly block requests to your website’s WordPress REST API. This can occur in certain instances such as using a custom field to collect a URL, which ModSecurity may flag when the form’s content is submitted.

Your web host will be able to see POST requests to the /wp-json/wpsp REST API endpoints and whitelist any rules that have been improperly triggered that may be blocking requests.

See our documentation article on the WordPress REST API for more information.

Was this article helpful?

Still stuck? How can we help?
Updated on May 9, 2022