Changes in WordPress backend result in downloads of PHP files (some POST requests are blocked)

When I try to create a user in WordPress, the download of the file "user-new.php" starts. But no user is created. The same problem if I want to change the settings. Then the download of "options.php" starts

This is the content of downloaded options.php:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Unavailable</title>
</head><body>
<h1>Service Unavailable</h1>
<p>The server is temporarily unable to service your
request due to maintenance downtime or capacity
problems. Please try again later.</p>
</body></html>


Error log from the provider:

30.10.2018 16:45:01 example.org [client 2a01:c23:9000::] rdbm_handle_postscan_block: hostname=example.org, client_ip='2a01:c23:9027:b800:34b5:9469:33f9:1ef4', would captcha uri: '/wp-admin/options.php'
30.10.2018 16:53:58 example.org [client 2a01:c23:9000::] rdbm_handle_postscan_block: hostname=example.org, client_ip='2a01:c23:9027:b800:34b5:9469:33f9:1ef4', would captcha uri: '/wp-admin/options.php'
30.10.2018 17:01:23 example.org [client 2a01:c23:9000::] rdbm_handle_postscan_block: hostname=example.org, client_ip='2a01:c23:9027:b800:34b5:9469:33f9:1ef4', would captcha uri: '/wp-admin/options.php'
30.10.2018 17:01:52 example.org [client 2a01:c23:9000::] rdbm_handle_postscan_block: hostname=example.org, client_ip='2a01:c23:9027:b800:34b5:9469:33f9:1ef4', would captcha uri: '/wp-admin/user-new.php'
30.10.2018 17:06:34 example.org [client 2a01:c23:9000::] rdbm_handle_postscan_block: hostname=example.org, client_ip='2a01:c23:9027:b800:34b5:9469:33f9:1ef4', would captcha uri: '/wp-admin/options.php'


The problem only affects the admin options. Posts and pages can still be created, edited, etc. and updating theme and plugins work fine too.

I'm stuck. I googled for a long time, but unfortunately I can*t find a thread or someone else with the same problem. Anyone here who might be able to help me? I hope I have expressed myself clearly enough.

EDIT: .htaccess

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Answers

I figured it out:

After finding out that all websites have the same hoster, I took a deep look into the provider settings. In my case, there was an active spam filter that blocked various POST requests. Just had to turn off the filter to remove the error.

Provider: STRATO AG

STRATO ServerSide Security Settings

Posted on by Stefan P.

Relevant tags