ModSecurity is Apache server software, and it is included in cPanel. ModSecurity is enabled by default for all new accounts to assist prevent brute force attacks on your website. By default, ModSecurity ought to be enabled. There are times when you’ll need to temporarily disable ModSecurity in order to fix an issue, such as when brute force attacks have locked you out of the WordPress admin area. If you want to turn off ModSecurity in cPanel, follow these simple instructions. All recent cPanel releases are affected (starting in cPanel version 82).
In the past, administrators were able to whitelist specific IP addresses in ModSecurity, but this functionality was discontinued for security and performance reasons in later versions of the software.
Steps to Disable Mod_Security in cPanel
1. Connect your server with SSH.
2. Install the mod_security2 Apache module in EasyApache 4
3. Using the following commands :
yum remove ea-apache24-mod_security2
or
4. Now you can turn ON or OFF mod_ security in Cpanel.
5. Now you can disable mod_security in a particular domain.
Following this step by step guide, you can disable mod_security in cpanel as per your convenience.
The Best Practices for Website Safety
Mod Security is a web application firewall that prevents numerous hacker and exploit attempts from reaching your website. If you disable it, you must regularly update your software and change your passwords (to strong ones) to prevent security issues.
This includes keeping WordPress and all of your plugins, themes, etc. up-to-date at all times (when updates are available). Insecure software versions from previous years are the primary cause of website hacks. Also, using weak passwords that don’t include any symbols. Installing mod_security in cPanel will help in enhancing security.
Feel free to get in touch with us if you have any concerns or questions about this, our team is always here to help.