Fixing a 406 Error When Saving Big File Uploads Settings

Popular Search multisitetestvideo
Table of Contents
betterdocs-category-icon

Advanced Configuration

10
betterdocs-category-icon

Media Folders

11

If you’re seeing a “406 Not Acceptable” error when trying to save your settings in Big File Uploads, your web host’s firewall is blocking the request. This is NOT a bug in the plugin.

What’s Happening

Most shared hosting providers run a security layer called ModSecurity (or a similar WAF, which stands for Web Application Firewall). ModSecurity watches every request your site makes and blocks anything it thinks looks suspicious. The problem is that some ModSecurity rulesets are overly aggressive, and they flag Big File Uploads’ settings save as a threat when it isn’t one.

When you click Save on the Big File Uploads settings page, WordPress sends a standard POST request to /wp-admin/admin.php?page=tuxedo-big-file-uploads. ModSecurity sees that request, doesn’t like something about it (usually the form fields or the nonce token), and blocks it with a 406 status code. Think of it like a building security guard who won’t let you into your own office because your badge looks slightly different today. The badge is fine. The guard is being overly cautious.

How to Fix It

You’ll need to contact your hosting provider’s support team. Big File Uploads can’t bypass your host’s firewall, and you wouldn’t want it to. Copy and paste this message to your host:

“We’re getting a 406 error when saving settings in a WordPress plugin. It’s a basic POST request to /wp-admin/admin.php?page=tuxedo-big-file-uploads with standard fields including a WordPress nonce. Can you check the ModSecurity audit log and whitelist the rule that’s firing for that URL?”

That gives them everything they need to find the specific rule and create an exception for it.

Host-Specific Notes

Some hosts make this easier than others.

  1. InMotion Hosting has ModSecurity enabled by default on all accounts and it’s known to be aggressive. They also have a WAF rule management interface in cPanel under “ModSecurity” where rules can be disabled per domain. You can try this yourself, or their support can whitelist the specific rule ID once you point them to the URL.
  2. SiteGround runs their own custom WAF. You’ll need to contact their support directly since the WAF settings aren’t exposed in their dashboard.
  3. GoDaddy and Bluehost both run ModSecurity variants. Contact their support with the message above.
  4. Cloudways and Kinsta give you more direct control. Check your server’s security settings panel for WAF or firewall rules you can adjust yourself.

If your host isn’t listed here, the process is the same. Send them that message, and they’ll know what to do.

After the Fix

Once your host whitelists the rule, go back to Settings > Big File Uploads, set your desired maximum upload size, and click Save. It should save without any issues. You won’t need to change any PHP settings, edit your .htaccess, or modify wp-config.php. Big File Uploads handles file size limits on its own by chunking uploads. The 406 error was only about your host’s firewall blocking the settings page, not about the actual upload process.

If you’re still seeing the error after your host makes the change, clear your browser cache and try again in an incognito window. Some hosts also require a few minutes for WAF rule changes to take effect.