Errors in the log from child site hosting related to MainWP

Quick video of the things I am seeing: 2022-12-22_18-43-21 - TechSmith Screencast - TechSmith Screencast

Experiencing errors daily – they are being reported via the error log on the server. I’m including a sample (below).

[Thu Dec 22 23:46:37 2022] [-:error] [pid 22191:tid 140180744660736] [client] [client] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:mainwpsignature. [file "/etc/httpd/modsecurity.d/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 4OnGLAETEB6LFgaeQ= found within ARGS:mainwpsignature: cwF8oNPYJqH87b2NjYElq2HtlHdxCJud/QZpgBjZtvdR9Jmexo9A8yQdRBVQxjqZiPP6tjmFptc3y3DCVRBReLZqORrqLT8Mtn3 CfHYGR5Wfj0K8smnfIkqiCWFHE9HXqmn IrIeb 7LNYaov/6doJa81Bg6o8i7xRiFBU6n/TO2y6iIe fgV3bDfIw7pOYs5vuUid57IfkJ3656o3PbXcVpXOiMDf8w3sg4vlV/VHJ 2G1yMX CRzHTi4ukrf 1LhVG2eGK1S5JEQqjGthfAsfPpaHWfymQJ/j0PJv2zn7YNvpS0aPLvUrAht7Lb4Ujp7oI4OnGLAETEB6LFgaeQ=="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname ""] [uri "/"] [unique_id "Y6TsXVKzODkZmUXjgluItwAAA-k"], referer

NOTE: psi-ceu is the child site, meetsgeek is my main site.

It appears I can’t upload a file for the report, so created a ZIP file and uploaded here: – it contains the system report and the error log shown in the video.

Thanks in advance for any insight into what these errors mean.


Hey @Cenay

We haven’t seen these specific PHP warnings about a non-numeric value in class-mainwp-helper.php file.
They do point to a line that deals with Time and Date settings, so perhaps a simple re-save of the settings on the Child Site WP Admin > Settings > General page might do the trick.

The other type of warning message comes from ModSecurity, which is a security software running on the child site webhost. It appears to be falsely identifying the connection coming from the MainWP Dashboard as an attack.
You would likely need to whitelist the IP and/or URI of the Dashboard to avoid that.
The host support of the child site should be able to assist with that.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.