ModSecurity is server software for Apache that comes bundled with cPanel. ModSecurity helps protect your site from brute force attacks and, by default, automatically runs on all new accounts. ModSecurity should usually remain on. In certain situations, such as a WordPress admin lockdown caused by brute force attacks, you may need to temporarily deactivate ModSecurity to resolve an issue. The below steps show how to disable ModSecurity in cPanel. This applies to the latest versions of cPanel (starting in cPanel version 82).
While certain versions of ModSecurity used to allow admins to whitelist specific IP addresses, this feature is no longer supported due to security and performance concerns.
Disable ModSecurity for Individual Domains
- Log into cPanel.
- Choose ModSecurity listed under Security.
- Select the domain you are working with and switch ModSecurity from On to Off.
- Wait for the pop-up telling you that ModSecurity has been disabled.
- Troubleshoot the issue that you are having.
- Return and reactivate ModSecurity immediately after solving the issue you are experiencing. If you stop troubleshooting and need to wait before continuing, be sure to reactivate ModSecurity.Note: Do not leave ModSecurity disabled any longer than necessary.
Well done! You know how to disable ModSecurity through cPanel. ModSecurity is already running when you start with one of our Shared Hosting plans!
Thoughts on “How to Disable ModSecurity in cPanel”
I am receiving error 403 after trying to save settings of any WordPress theme created with https://themesgenerator.com/
The support says the problem is mod security. Can you check it?
You can turn off mod security per this article. If that doesn’t help, then you will need to speak with our live technical support team. You can reach them using the contact information at the bottom of the page.
I’m getting error when trying to disable plugin
Error disabling mod_security for ********.com
Unfortunately, the Mod Security Manager in cPanel is not working currently. Please contact Live Support if you need assistance disabling a mod security rule. We apologize for any inconvenience this may cause.
I’m also getting a 406 error, and the error said it was likely due to mod security. But I cannot find this tool in my cPanel.
The mod security manager should be available in your cPanel. If not, I advise contacting our Live Support team, so they can verify your account and help you locate this tool.
I cannot find modsecurity in my cpanel. what should i do
Edifofon, it is possible that your cPanel may not have this plugin enabled, or otherwise available. I would recommend contacting your host for account specific assistance.
i disabled the mode security successfullly………. but its not working again its showing the 406 errod
The mod_security tool only disables minor rules. If you are still getting it, then you are likely running up against a major rule. You will need to contact your hosting support to see if that rule is able to be disabled for you.