if you're using mod_security, try a variant of this ruleset:

SecFilterSelective "THE_REQUEST" "wp-register.php" "id:1004,deny,log,status:412"

#SecFilterRemove 1004 <- use this to remove the rule per virtual host, uncommented.

[ reply ]