H
10Corp Premium Hosting

How to Enable or Disable ModSecurity in cPanel

Last Updated: 2025-01-01 2 min read

ModSecurity is a web application firewall (WAF) that protects your website by filtering and monitoring HTTP requests. It blocks common attack patterns such as SQL injection, cross-site scripting (XSS), and other malicious activity. Most cPanel hosting accounts have ModSecurity enabled by default.

When to Disable ModSecurity

While ModSecurity is a valuable security layer, there are situations where it may interfere with legitimate activity:

  • False positives — ModSecurity blocks a valid form submission, API call, or plugin function.
  • Application compatibility — Some CMS plugins or custom scripts trigger security rules unintentionally.
  • Debugging — Temporarily disabling ModSecurity can help determine if it is causing 403 Forbidden or 500 Internal Server errors.

Warning: Disabling ModSecurity removes an important layer of protection. Only disable it temporarily for testing, and re-enable it as soon as possible.

How to Toggle ModSecurity in cPanel

  1. Log in to cPanel.
  2. Navigate to the Security section.
  3. Click on ModSecurity™.
  4. You will see a list of your domains with their current ModSecurity status (On or Off).
  5. Click the toggle switch or On/Off button next to the domain you want to modify.
  6. Confirm the change when prompted.

The change takes effect immediately — no server restart is needed.

Disabling ModSecurity for a Specific Domain Only

The cPanel ModSecurity interface allows you to enable or disable the firewall on a per-domain basis. This is useful if you have multiple domains on your account and only one is experiencing issues. Keep ModSecurity enabled on all other domains for continued protection.

What If ModSecurity Is Not Available in cPanel?

If you do not see the ModSecurity option in your cPanel dashboard:

  • Your hosting provider may not have enabled the ModSecurity module on the server.
  • The feature may be restricted on your hosting plan.
  • Contact your hosting provider’s support team to request ModSecurity access or ask them to whitelist specific rules causing false positives.

Best Practices

  • Keep ModSecurity enabled whenever possible — it is your first line of defense against web attacks.
  • If a specific rule is causing issues, ask your hosting provider to whitelist that rule rather than disabling the entire firewall.
  • After disabling ModSecurity for debugging, always re-enable it once you have identified the issue.
  • Review your server error logs (cPanel → Errors) to identify which ModSecurity rule is being triggered.

ModSecurity combined with other security measures — strong passwords, updated software, and regular backups — provides robust protection for your website.

Tags: cpanel hosting security modsecurity

Related Articles

Hosting Security Best Practices Setting Up .htaccess File Troubleshooting 500 Internal Server Error
Back to Hosting All Categories

Still need help?

Our support team is available 24/7 to assist you.

Open a Ticket Live Chat