ModSecurity is an open-source Web Application Firewall (WAF) that monitors and filters HTTP traffic to your site, blocking common attack patterns like SQL injection, XSS, and file inclusion attempts.
What ModSecurity Protects Against
- SQL Injection β attackers trying to manipulate database queries
- Cross-Site Scripting (XSS) β malicious scripts injected into pages
- Remote File Inclusion β loading malicious files from external URLs
- Command Injection β executing OS commands via web forms
- WordPress-specific attacks β targeting common WP vulnerabilities
Checking ModSecurity Status
In cPanel, go to Security > ModSecurity. Here you can see whether it's active for each domain and toggle it on or off per domain.
Handling False Positives
Occasionally, ModSecurity blocks legitimate requests β for example, a plugin trying to save HTML content. If you receive unexpected 403 errors, check cPanel's ModSecurity logs (under Metrics > ModSecurity Hits) to see which rule triggered and whitelist it if necessary.