Sometimes while posting in WordPress blog software, users encounter the following error and fail to submit the new post or edited post.

Method Not Implemented
POST to /wp-admin/post.php not supported.

Apache/2.2.0 (XenOS) Server at techpulp.com Port 80

This error is due to mod_security which is enabled on your Apache server. The mod_security helps protect your website and is called Open Source Web Application Firewall. It comes with a big set of rules against which each server request is matched to detect any hacker trying to compromise your website. In a way mod_security is very good to have it enabled as a security measure. but if any data transfer with your Web application like WordPress or any other matched with the rules of mod_security, you will find undesired results. Some of such problems are failing to post, failing to upload a file in WordPress.

The mod_security module checks the content of your post or the uploading file to match its rules. If it finds a match it will reject the request and you will see a log message in error.log similar to the following:

[Sun Feb 01 14:52:00 2009] [error] [client 127.0.0.1] ModSecurity: Access
denied with code 501 (phase 2). Pattern match "(?:\b(?:
\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)
\b|\/etc\/)" at ARGS:content. [file "/etc/httpd/modsecurity.d
/modsecurity_crs_40_generic_attacks.conf"] [line "114"] [id "950005"] [msg
"Remote File Access Attempt"] [data "/etc/"] [severity "CRITICAL"] [tag
"WEB_ATTACK/FILE_INJECTION"] [hostname "techpulp.com"] [uri "/wp-admin
/post.php"] [unique_id "SYVpuH8AAAEAAAmySxIAAAAE"]

You have two choices if you encounter such problems.

1. Disable mod_security completely (not recommended)
2. Disable mod_security temporarily and repeat your failed attempt of posting or uploading in WordPress and then enable mod_security back.

If you have direct access to the server, you can disable the mod_security by commenting out following line in “/etc/httpd/conf.d/mod_security.conf” file.

#LoadModule security2_module modules/mod_security2.so
#LoadModule unique_id_module modules/mod_unique_id.so

If you don’t have access to Apache server configuration, you raise request with the web hosting service provider to do it for you.