I was trying to use Ultimate Member to add custom fields to my WordPress registration form. Unfortunately after setting it up, the form just doesn’t work! Users can see and fill in all the fields, but after pressing Submit, the page just refreshes and nothing gets sent to the system. I was frustrated and couldn’t find any answer on Google nor Youtube, so I did some digging.
Long story short
The easy but not recommended way: Disable mod_security on your server (or ask your server support team to help). It should work magically after that.
The harder but recommended way: Get SSL for your site(from $5 on SSLs.com), and leave mod_security alone.
Short story long
Basically the problem is the Apache Server security. It seems that when an HTTP request that includes the string “password” within its post fields is sent, it’s rejected by the server with a 403 status code. Because your website has no SSL (https), sending “password” strings within form fields is considered as highly insecure by your server.
You can contact and ask your hosting provider to remove that protection (i.e. disable mod_security), but again, your customers’ passwords (and your own password) will be exposed to a possible “man in the middle”.
Now, you may wonder why the default wordpress login works – that’s because its form doesn’t include the word “password” within its post fields, while Ultimate Member does. You can also try to use another plugin, but I had the same problem with Registration Magic, and you’ll likely face it with any other custom registration plugin out there.
I would recommend getting an SSL cert for your site (from $5 on SSLs.com); besides fixing this problem you also gain better security for your site, better SEO, and better assurance for the people visiting your site.
Or, you can just disable mod_security and open your site to possible attacks and data theft.
Have any ideas? Comment below 🙂