ModSecurity is server software for Apache that comes bundled with cPanel. ModSecurity helps protect your site from brute force attacks and, by default, automatically runs on all new accounts. ModSecurity should usually remain on. In certain situations, such as a WordPress admin lockdown caused by brute force attacks, you may need to temporarily deactivate ModSecurity to resolve an issue. The below steps show how to disable ModSecurity in cPanel. This applies to the latest versions of cPanel (starting in cPanel version 82).
While certain versions of ModSecurity used to allow admins to whitelist specific IP addresses, this feature is no longer supported due to security and performance concerns.
Disable ModSecurity for Individual Domains
- Log into cPanel.
- Choose ModSecurity listed under Security.
- Select the domain you are working with and switch ModSecurity from On to Off.
- Wait for the pop-up telling you that ModSecurity has been disabled.
- Troubleshoot the issue that you are having.
- Return and reactivate ModSecurity immediately after solving the issue you are experiencing. If you stop troubleshooting and need to wait before continuing, be sure to reactivate ModSecurity.Note: Do not leave ModSecurity disabled any longer than necessary.
Well done! You know how to disable ModSecurity through cPanel. ModSecurity is already running when you start with one of our Shared Hosting plans!