How to Disable ModSecurity in cPanel

How to Disable ModSecurity in cPanel title image

ModSecurity is server software for Apache that comes bundled with cPanel. ModSecurity helps protect your site from brute force attacks and, by default, automatically runs on all new accounts. ModSecurity should usually remain on. In certain situations, such as a WordPress admin lockdown caused by brute force attacks, you may need to temporarily deactivate ModSecurity to resolve an issue. The below steps show how to disable ModSecurity in cPanel. This applies to the latest versions of cPanel (starting in cPanel version 82).

While certain versions of ModSecurity used to allow admins to whitelist specific IP addresses, this feature is no longer supported due to security and performance concerns.

Disable ModSecurity for Individual Domains

  1. Log into cPanelcPanel Login Screen
     
  2. ModSecurity icon as seen within cPanelChoose ModSecurity listed under Security
     
  3. Select the domain you are working with and switch ModSecurity from On to OffModSecurity configuration screen for domains
  4. Wait for the pop-up telling you that ModSecurity has been disabled
  5. Troubleshoot the issue that you are having
  6. Return and reactivate ModSecurity immediately after solving the issue you are experiencing. If you stop troubleshooting and need to wait before continuing, be sure to reactivate ModSecurity. Do not leave ModSecurity disabled any longer than necessaryWarning one sees after disabling ModSecurity
 

Well done! You know how to disable ModSecurity through cPanel.

ModSecurity is already running when you start with one of our Shared Hosting plans!

RH
Ronnie H Content Writer I

Ronnie is a technical writer and content specialist at InMotion Hosting.

More Articles by Ronnie

13 Comments

    • You can turn off mod security per this article. If that doesn’t help, then you will need to speak with our live technical support team. You can reach them using the contact information at the bottom of the page.

    • Unfortunately, the Mod Security Manager in cPanel is not working currently. Please contact Live Support if you need assistance disabling a mod security rule. We apologize for any inconvenience this may cause.

      Thank you,
      John-Paul

  • I’m also getting a 406 error, and the error said it was likely due to mod security. But I cannot find this tool in my cPanel.

    • The mod security manager should be available in your cPanel. If not, I advise contacting our Live Support team, so they can verify your account and help you locate this tool.

    • Edifofon, it is possible that your cPanel may not have this plugin enabled, or otherwise available. I would recommend contacting your host for account specific assistance.

    • The mod_security tool only disables minor rules. If you are still getting it, then you are likely running up against a major rule. You will need to contact your hosting support to see if that rule is able to be disabled for you.

Was this article helpful? Let us know!