See how to fix common errors when adding GA tracking code, Facebook Pixel, or other code to the head of your site.
They are often caused by the firewall in ModSecurity or other site protection methods.
And you don’t want to turn that security off permanently, even if the host tells you to.
The 2 Most Common Errors
500 Internal Server Error – You may encounter this error when adding scripts via an insert header/footer plugin.
Something Went Wrong – You may encounter this error when adding scripts via your Genesis theme.
This tutorial addresses both issues.
Why the Errors Happen
Attack vectors from hackers and bad bots are getting more sophisticated every day.
That means that any security measure that provides a firewall to block malicious activity on your site has to evolve to look for new threats.
One of those threats is the injection of malicious code in the form of an executable script.
The Google Analytics tracking code is one such script and is the one used in this tutorial.
When you try to insert it either a firewall at your host, security plugin, or CDN (like the WAF in Cloudflare) is being triggered to stop the attack.
That’s actually a good thing.
Bad Way to Fix the Error
Some hosts run an extra layer of security protection on the server where your site files reside.
The most popular brand is ModSecurity.
To get around the scrutinizing of the GA script you are trying to add, some hosts are telling site owners to turn ModSecurity off and leave it off.
That’s a super bad idea!!!!
Not only does it eliminate that extra layer of security for your site, it also eliminates the host’s ability to detect a legitimate attack on your site and put a stop to it.
Worse, it opens the entire host to an attack that could affect all sites.
READ: What is ModSecurity and Should You Turn it Off? for more info on what ModSecurity does, why we need it, and why not to permanently turn it off even if your host tells you to.
Good Way to Fix the Error
Fortunately there is a work around for this issue that allows you to input your code while keeping your host and site protected.
You can turn off ModSecurity just long enough to input your Google Analytics tracking code and then turn it back on.
I have tested confirmation that your GA code will continue to track correctly with this method.
You’re simply bypassing the security rule that initially scrutinizes the script coming into the site.
Once the script is in, ModSecurity no longer checks it.
How to Temporarily Turn Off ModSecurity
See the tutorial below for the most common errors and how to access and temporarily disable ModSecurity.
If you need to know how to get your GA tracking code and add it to your site via a plugin or through your theme, see this tutorial first.
Video Tutorial
There is also a transcript with screenshots below the video too.
Tutorial Transcript
In this MaAnna Minute tutorial you’ll see how to fix common errors when adding Google Analytics tracking code, Facebook Pixel, or other code scripts to the head of your site.
They are often caused by the firewall in ModSecurity or other site protection methods. And you don’t want to turn off that security permanently, even if the host tells you to.
Error When Inserting GA code via Genesis
I’m trying to insert my Google Analtyics tracking code into the header scripts area of my Genesis site.
It is producing this error at the top that states:
Looks like something’s gone wrong. Wait a couple seconds, and then try again.
You may also see a 500 Internal Server Error when trying to add script code via the Insert Headers and Footers plugin, or a similar plugin, or even through other themes, like Astra.
Both of these errors are likely caused by tripping a security wire that scrutinizes malicious code injection into your site.
The Role of ModSecurity
Some hosts run ModSecurity, which is an extra layer of defense against those malicious code injections.
To get around this issue, some hosts are simply telling you to turn ModSecurity off permanently.
That’s a super bad idea!!!!
It means that your site is no longer protected, and even the host can’t help you by auto detecting that your site is under attack.
READ: Why you need to leave ModSecurity on.
The Fix
So, here’s the trick for getting around this extra security protection temporarily.
ModSecurity only scrutinizes the code as it is being added.
So, we’re going to turn it off temporarily.
To do that, go to your hosting control panel.
Search for ModSecurity.
And then click on that tool.
If you don’t have ModSecurity on your host, then you may have a similar security wire in a security plugin or even your CDN, like Cloudflare.
Perhaps you can try pausing those security measures until after you get your script added to your site, as I’ll show you here with ModSecurity.
If you have more than one domain, select it from the drop-down.
Otherwise, just locate your domain in the list near the bottom.
Then click the Off button to disable ModSecurity.
Now, return to your site and add your code and save it.
Then, return to your hosting control panel and enable ModSecurity.
I have confirmation that Google Analytics tracking code still works after turning ModSecurity back on.
Please look for the link to the post for adding tracking code to your site, for more details on how to do it, and how to check that it is still working.
That’s it!!
Need More Help?
Get a site audit and see all of the plugins you should get rid of, including those that are slowing down your site page load time.
Thanks MaAnna! I’ve been dragging my feet about doing this-but just went through the whole process and as usual with your great directions it was far easier than I had imagined it to be.
Glad to hear it, Tipper!! And glad you’re off the plugin way of doing it.