It all started with a couple of tweets by Bradley Potter when he mentioned a HostGator specific bug to Andrew Nacin. Since WPTavern.com is also hosted on HostGator, I decided to try and replicate the bug. Following his instructions I was able to replicate the error pointing towards the possibility of something on HostGator not configured just right.
While testing another plugin by Trevor Fitzgerald that ties into his website PressTags.com, I noticed that the Reblog feature didn’t work. It provided the same error as the Comment Trash link bug that Brad had mentioned. The reblog feature uses the built in PressThis bookmarklet in WordPress to republish an article. After going back and forth with Trevor as I thought his plugin was the one causing the error, I decided to install a fresh copy of WordPress within a subfolder to see if I could recreate the PressThis bookmarklet error. Sure enough, even on a fresh install, I would receive a 404 error each time I tried to use it. However, the raw URL for the bookmarklet worked just fine. Thinking that it was an HTACCESS problem, I got with Peter Westwood on Skype to perform some more troubleshooting but we discovered that even with an empty HTACCESS file, the error still occurred.
Trevor and I finally came to the conclusion that there was something wonky with HostGator and the way it treats URLs that had the following in it: _wp_original_http_referer. Both the move comment to trash link and the PressThis bookmarklet utilized this text and from what I can tell, adds the URL to my site twice within the link. Trevor then discovered a thread on the HostGator support forum from 2008 that mentions an Apache upgrade that broke someones site. More specifically, the PressThis bookmarklet.
It looked as though mod_security had something to do with the breakage and in order for it to work again, the URL had to be whitelisted by HostGator. After I created a support ticket with HostGator explaining the situation and linking to the thread, they were able to tell me that some of the things I had been doing were definitely triggering some mod_security rules. They whitelisted those items which ended up fixing my problem not only with the PressThis Bookmarklet but with the Move Comment To Trash link as well.
So if you’re running on HostGator and the same thing is happening to you, create a support ticket and request that you be whitelisted for those mod_security rules. One of the questions I had received after publishing the answer to this support question is whether the whitelist for mod_security opens up the site to any security vulnerabilities. I have no idea. But if you do, please share those within the comments.