Upfront - Getting: "Please, hold on for just a little bit more"

Click on Upfront when viewing the theme and get this message over and over again: "Please, hold on for just a little bit more" - It has been doing that for an hour. Site is hosted at SiteGround. Tried searching for this in the forums, but the search engine is really pitiful.

  • Adam Czajczyk

    Hello @clickbrain,

    I hope you're well today and thank you for your question!

    This was an issue that happened quite often with SiteGround hosting in the past and is most likely related to Apache "mod_security" module settings (which is an additional security layer for web server software).

    Please add the following lines to your site's .htaccess file (at the beginning of the file, above existing lines):

    <IfModule mod_security.c>
    SecFilterRemove 00318
    </IfModule>

    This usually fixes an issue in case of SiteGround servers. Would you give it a try and let me know if it worked for you, please?

    Please note though that after applying this fix you may need to clear your site's cache (if you're using any caching plugin such as e.g. W3 Total Cache) and your browser's cache.

    Best regards,
    Adam

  • Adam Czajczyk

    Hello @clickbrain, hello @Alex!

    I think Alex made a good point here. Just to complete both these replays I'd like to add that if none of the above solutions works for you, you may want to get in touch with SiteGround tech support and ask them to "whitelist" your site in Apache mod_security settings.

    From what I know, they do not make a big deal out of it and usually help relatively fast with this.

    Best regards,
    Adam

    • clickbrain

      Reply from siteground

      I have carefully investigated the problem, and tried to resolve it however to no avail. As a part of my investigation I checked the server logs for the Mod_security errors but there is not such logs. The problem is not from the mod_security.

      Our goals are to provide a high quality hosting environment, our Technical Support Team is specialized in providing assistance in case your script is not accessible due to a problem with your host server or a vital service running on it. Third-party application-related problems such as this are at times beyond the scope of our expertis.

      In order to receive specialized support for your theme/plugin, we recommend that you contact the developers of the theme/plugin.

      As an alternative you can also contact a third party professional developer who is familiar with the application, and has the required knowledge and skill set to provide you with assistance on this issue.

      If you need any further assistance on our end don't hesitate to contact us again.

      Best Regards,
      Vasil Miloykov
      Technical Support Team

  • clickbrain

    A 2nd response from them. Kind of crazy that to use a theme I have to open a vulnerability. Is this problem being addressed by WPMU?

    Brad,

    There is not issue with the Mod_Security, so for this reason there is not need to whitelist. If we whitelist them without need the website will be vulnerable. However, if you still want you can add the rules in the .htaccess file. You should add the following code which they provided to you:
    Code:
    <IfModule mod_security.c>
    SecRuleEngine Off
    SecFilterInheritance Off
    SecFilterEngine Off
    SecFilterScanPOST Off
    SecRuleRemoveById 300015 3000016 3000017
    </IfModule>

    Should you have any further questions regarding our services do not hesitate to contact us at any time - we are available 24/7.

  • clickbrain

    Hey Folks,

    I've heard nothing more about this problem. I was excited to see the new version of Upfront come out, so I installed it on a test install of Wordpress. When I click on Upfront on the menu bar, nothing happens. No side menu and no error message. Tried customize too and no results.

    Any chance you are going to fix this soon so we can actually use your themes if we are a siteground customer without risking security?

    Thanks,
    Brad

  • Alex Stine

    How would siteground be able to find the problem if there are no error messages from which to diagnose? Seems to me, that it isn't their issue. I've never had another theme fail on their hosting and I have no way to tell them what to look for to fix it. Last time this came up I was asked to degrade security and that is not an option.

    They are a pretty awesome hosting company. Anyway, if mod_security is preventing some scripts from being accessed by Upfront, chances are that you will have this problem. You should contact SiteGround so that they can review the server logs to see if there is anyway around disabling security or only disabling the part that is interfering. Sometimes mod_security is a little bit to much.

    Thanks.

  • Milan

    Hello @clickbrain and Hello @alexstine,

    I hope you both have been well today. :slight_smile:

    First of all let me tell you what does mod_security module does. :slight_smile:

    Mod_security is an apache module that helps to protect website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule sets and is enabled on all InMotion servers by default. Mod_Security can potentially block common code injection attacks which strengthens the security of the server.

    So basically its meant to protect code injection attacks which may take place if you are asking some information from user via any medium( ie. contact forms, servery, subscription forms ). But in this age when wordpress got real power and these user information gather works shifted to good third party plugin, you don't really need to worry about code injection attacks, as third party plugin and wordpress itself takes very good care of these critical things. Having this said, if you are using good third party plugin for taking user information then its okay if you disable mod_security rules on your domain.

    Now as my colleague @dubajicp1 stated, our developer are already working on this to fix this issue with mod_security module of Apache server. But meantime, we don't have many option here as developer lookup is in progress and we can't modify product functionality from core.

    So my suggestion to you is that please let your site ground support tech disable mod_security rules for you.

    Thanks for being with us. :slight_smile:

    Have a fantastic moments to you and our valuable member @alexstine. :slight_smile:

    Cheers,
    Milan Savaliya

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.