18

Security

Last Update hace 2 meses

How to Enable or Disable ModSecurity (cPanel & DirectAdmin) How to restrict directory access by IP address How to protect your .htaccess file How to disable directory browsing using .htaccess How to ban an IP Address using the .htaccess file

How to Enable or Disable ModSecurity (cPanel & DirectAdmin)

Evans

Last Update hace 2 meses

What is ModSecurity?

ModSecurity is a web application firewall (WAF) designed to protect websites from:


  • SQL injection

  • Cross-site scripting (XSS)

  • CSRF attacks

  • Brute-force attempts

  • And other known exploits


While helpful, ModSecurity can sometimes block legitimate requests, especially from CMS dashboards like WordPress, Joomla, or some web apps. If you're seeing frequent "403 Forbidden" errors or getting blocked unexpectedly, ModSecurity could be the cause.

đź”” Note: Disabling ModSecurity is not generally recommended unless for troubleshooting. Always ensure your website is up-to-date and secure.

How to Enable or Disable ModSecurity in cPanel

Disable or Enable ModSecurity for All Domains

  1. Log in to your cPanel account.

  2. Scroll to the Security section.

  3. Click on ModSecurity.

  4. You’ll see a list of your domains and an option to Enable or Disable the feature globally.

    • Click Disable to turn it off for all domains.

    • Click Enable to reactivate it.

⚙️ Disable ModSecurity for a Specific Domain in cPanel

  1. Log in to cPanel.

  2. Navigate to Security > ModSecurity.

  3. Scroll to the domain list below.

  4. Under the domain name you want to manage, click On/Off next to “Status”.

That’s it! ModSecurity will now be active/inactive only on the selected domain.

How to Enable or Disable ModSecurity in DirectAdmin

Step-by-Step for DirectAdmin

Requirement: The ModSecurity plugin must be enabled on the server by your hosting provider.

  1. Log in to your DirectAdmin panel.

  2. From the user dashboard, go to Account Manager > ModSecurity Setup.

  3. You’ll see a list of your hosted domains with their current ModSecurity status.

  4. To disable ModSecurity:

    • Toggle the switch to Off for the domain you want.

  5. To re-enable it:

    • Toggle the switch back to On.

When Should You Temporarily Disable ModSecurity?

  • Troubleshooting 403 errors or WordPress admin lockouts

  • Specific plugin conflicts (e.g., contact forms, login security plugins)

  • During web development or migration, if safe IPs are being blocked

Remember:

  • Keep ModSecurity enabled unless you’ve confirmed it’s causing an issue.

  • If disabling ModSecurity resolves a problem, consider reviewing your app/plugin settings or contacting support to whitelist the triggered rule instead of leaving it off.


  • Always monitor your site for unusual activity if ModSecurity is disabled.

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us