Wordpress - Page returns 404 with POST variables, but not without

Prefix everything, especially your variables. The names you are using are used by WordPress internally (see the comment form), so WordPress might try to do something with your form values. If that fails you get an error.

While $_GET problems are usually rather easy to debug, $_POST and $_REQUEST names are not so simple.

The following list is probably not complete. But its bare length tells us a lesson:

Avoid any name you can find in a dictionary. Prefix your form names.

List of reserved names in $_POST and $_REQUEST used by WordPress 3.5

These names might have side effects when used in themes or plugins. Some are used on specific pages only (removeheader), others on multiple pages or requests. Avoid them all if you can.

_ajax_nonce
_page
_per_page
_signup_form
_total
_url
_wp_http_referer
_wp_original_http_referer
_wp_unfiltered_html_comment
_wpnonce
_wpnonce-custom-header-upload

aa
action
action2
active_post_lock
add_new
add_new_users
addmeta
admin_bar_front
admin_color
admin_email
admin_password
admin_password2
ajax
align
allblogs
allusers
alt
approve_parent
approved
attachment
attachment_id
attachments
auth_cookie
author
author_name
autocomplete_type
auto_draft
auto-add-pages
autosave

background-attachment
background-color
background-position-x
background-repeat
banned_email_domains
blog
blog_name
blog_public
blog_upload_space
blogname
bulk_edit

c
calendar
cat
category_base
category_name
catslist
changeit
changes
charset
checkbox
checked
clear-recent-list
closed
comment
comment_approved
comment_author
comment_author_email
comment_author_url
comment_content
comment_date
comment_ID
comment_parent
comment_post_ID
comment_shortcuts
comment_status
comments_listing
comments_popup
confirmdelete
connection_type
content
context
cpage
create-new-attachment
createuser
customize_messenger_channel
customized
customlink-tab

date
date_format
date_format_custom
day
default-header
delete
delete_all
delete_all2
delete_comments
delete_option
delete_tags
delete_widget
deletebookmarks
deletecomment
deleted
deletemeta
deletepost
description
detached
dismiss
display_name
do

edit_date
email
error
exact
excerpt

features
feed
fetch
fheight
file
fileupload_maxk
filter
find_detached
first_comment
first_comment_author
first_comment_url
first_name
first_page
first_post
found_post_id
fwidth

global_terms_enabled
GLOBALS
gmt_offset
guid

height
hh
hidden
hidden_aa
hidden_jj
hidden_mm
hidden_mn
hidden_hh
history
hostname
hour
html-upload

id
ID
ids
id_base
illegal_names
insert-gallery
insertonlybutton
interim-login
item-object
item-type

jj
json
json_data

key

last_name
limited_email_domains
link_id
link_image
link_name
link_rss
link_url
link_visible
linkcheck
locale
locked
log
logged_in_cookie

m
media
media_type
menu
menu_items
menu-item
menu-item-attr-title
menu-item-classes
menu-item-db-id
menu-item-description
menu-item-object
menu-item-object-id
menu-item-parent-id
menu-item-position
menu-item-target
menu-item-title
menu-item-type
menu-item-url
menu-item-xfn
menu-locations
menu-name
message
meta
metakeyinput
metakeyselect
metavalue
minute
mm
mn
mode
monthnum
more
move
multi_number

name
nav-menu-locations
new
new_role
new_slug
new_title
newcat
newcomment_author
newcomment_author_email
newcomment_author_url
newcontent
newuser
nickname
no_placeholder
noapi
noconfirmation
noredir
number

offset
oitar
option
option_page
order
orderby

p
pb
page
page_columns
page_id
page_options
paged
pagegen_timestamp
pagename
parent_id
pass1
pass2
password
permalink_structure
photo_description
photo_src
phperror
ping_status
plugin
plugin_status
pointer
position
post
post_category
post_data
post_format
post_ID
post_id
post_mime_type
post_password
post_status
post_title
post_type
post_view
postid
posts
preview
primary_blog
private_key
ps
public_key
publish
pwd

query

reassign_user
reauth
redirect
redirect_to
ref
referredby
registration
registrationnotification
rememberme
remove-background
removeheader
removewidget
reset-background
resetheader
review
rich_editing
robots
role

s
same
save
savewidget
savewidgets
screen
scrollto
search
second
section
selectall
selection
send
send_password
sentence
short
show_sticky
sidebar
sidebars
signup_for
signup_form_id
site_id
site_name
sitename
size
skip-cropping
spam
spammed
src
ss
stage
start
static
status
sticky
subdomain_install
submit
subpost
subpost_id
super_admin

tab
tag
tag_ID
tag-name
tag_base
tags_input
tax
tax_input
tag-name
target
taxonomy
tb
term
text-color
the-widget-id
theme
theme_status
thumb
timezone_string
time_format
time_format_custom
title
thumbnail_id
trash
trashed
type

undismiss
unspam
unspammed
untrash
untrashed
url
update_home_url
updated
upgrade
upload_filetypes
upload_space_check_disabled
use_ssl
user
user_id
user_login
user_name
username
users

verify-delete
version
visibility
visible

w
weblog_title
welcome_email
welcome_user_email
widget_id
widget_number
widget-id
widget-recent-comments
widget-rss
width
withcomments
withoutcomments
wp_customize
wp_http_referer
wp_screen_options
wp-preview
WPLANG

x1

y1
year

Variable names

$method // Filter: 'user_contactmethods'
$post_type_name . -tab
$sidebar_id . _position
$taxonomy_name . -tab
$whitelist_options // Filter: 'whitelist_options'

__i__ . $something // used in widgets
new . $taxonomy->name
new . $taxonomy->name . _parent
quick-search-posttype- . $post_type_name
quick-search-taxonomy- . $taxonomy_name
widget- . $id_base

Alternatively you could post it to WP and handle the processing in functions.php.

For the form:

action="<?php echo esc_url( admin_url('admin-post.php') ); ?>"

And include a hidden input which tells WP what is the function with which you'll be processing it:

<input type="hidden" name="action" value="my_contact_form">

Write the function in functions.php:

function my_contact_form_func(){

    if ( ! empty( $_POST ) ) {
        // do your thing
    }
}

Tell WP what is the function:

add_action( 'admin_post_nopriv_my_contact_form', 'my_contact_form_func' );
add_action( 'admin_post_my_contact_form', 'my_contact_form_func' );