Skip to main content
All CollectionsWordify Help
Understanding 406 "Not Acceptable" Errors on Your Wordify Site
Understanding 406 "Not Acceptable" Errors on Your Wordify Site

Occasionally you might see a 406 "Not Acceptable" error on your site. This article will explain why and what you can do about it.

Nick avatar
Written by Nick
Updated over a month ago

What is a 406 Error?

A 406 "Not Acceptable" error occurs when our Web Application Firewall (WAF) identifies and blocks traffic that it considers potentially malicious. When this happens, users will typically see "406 Not Acceptable" displayed in their browser. This security measure is part of our "Protect AI" security suite that safeguards your WordPress site from various types of attacks.

Common Causes

Your site might display 406 errors to visitors due to:

  • Detection of suspicious request patterns

  • Blocking of potential SQL injection attempts

  • Prevention of cross-site scripting (XSS) attacks

  • Protection against known vulnerability exploits

  • Blocking of suspicious user agents or IP addresses

  • Rate limiting to prevent brute force attacks

WAF False Positives

While our WAF is designed to protect your site, it can sometimes generate false positives. For example, a common WAF rule that might cause false positives is:

SQL Injection Protection Rule: This rule scans for SQL query patterns in URL parameters and form submissions. While it effectively blocks actual SQL injection attempts, it may occasionally flag legitimate requests that contain SQL-like syntax in normal form submissions, especially on sites that use custom search functionality or specialized form fields.

How to Resolve 406 Errors

If you or your legitimate visitors are experiencing 406 errors, the most effective solution is to contact our support team. When reporting the issue, please include:

  • Your site URL

  • Your IP address (you can find this by visiting whatismyip.com)

  • The approximate time you experienced the error

  • Any specific actions you were taking when the error occurred

With this information, our support team can:

  • Review WAF logs for your specific case

  • Identify the rule that triggered the block

  • Disable or modify the specific rule for your site if it's causing false positives

  • Create a custom allowlist for legitimate traffic

Immediate Steps You Can Take

While waiting for support assistance, you can:

  1. Try accessing your site from a different network (e.g., switch from WiFi to mobile data)

  2. Clear your browser cache and cookies

  3. Disable any browser extensions that might modify requests

  4. Document the specific URLs where you're encountering the error

Prevention Tips

To minimize false positives while maintaining security:

  • Keep your WordPress core, themes, and plugins updated

  • Use strong, complex passwords and enable 2FA

  • Be cautious when implementing custom forms with complex query parameters

  • Use well-established plugins for e-commerce and form handling

  • Notify support before launching marketing campaigns that might trigger abnormal traffic patterns

Support SLA

Remember, our team is available 24/7 with our standard 1-hour response SLA. We're committed to balancing robust security with legitimate site functionality. Don't hesitate to reach out if you or your visitors encounter any 406 errors.

Did this answer your question?