{"id":12494,"date":"2026-06-05T05:03:56","date_gmt":"2026-06-05T05:03:56","guid":{"rendered":"https:\/\/www.webystrata.com\/blog\/?p=12494"},"modified":"2026-06-05T05:05:40","modified_gmt":"2026-06-05T05:05:40","slug":"how-to-disable-modsecurity-in-cpanel","status":"publish","type":"post","link":"https:\/\/www.webystrata.com\/blog\/how-to-disable-modsecurity-in-cpanel\/","title":{"rendered":"How to Disable ModSecurity in cPanel"},"content":{"rendered":"<h1>How to Disable ModSecurity in cPanel<\/h1>\n<p>Website security is one of the most important aspects of managing a hosting account. Most web hosting providers include various security features to help protect websites from hackers, malicious bots, and common web-based attacks. One such security feature available in many cPanel hosting environments is ModSecurity.<\/p>\n<p>ModSecurity acts as a Web Application Firewall (WAF) and helps filter incoming requests before they reach your website. While this security layer is highly effective, there are situations where ModSecurity may incorrectly block legitimate website activity. This can result in errors when submitting forms, uploading files, accessing specific pages, or using third-party applications.<\/p>\n<p>In such cases, temporarily disabling ModSecurity can help identify whether the firewall is causing the issue. This guide explains how to disable ModSecurity in cPanel, when you should disable it, and important considerations before making changes.<\/p>\n<h2>What Is ModSecurity?<\/h2>\n<p>ModSecurity is an open-source web application firewall designed to protect websites hosted on Apache, LiteSpeed, and other supported web servers.<\/p>\n<p>It analyzes incoming traffic and blocks requests that match known attack patterns. This helps protect websites from various security threats including:<\/p>\n<ul>\n<li>SQL Injection attacks<\/li>\n<li>Cross-Site Scripting (XSS)<\/li>\n<li>Remote File Inclusion attacks<\/li>\n<li>Brute-force login attempts<\/li>\n<li>Malicious bots and crawlers<\/li>\n<li>Exploits targeting website vulnerabilities<\/li>\n<\/ul>\n<p>Because ModSecurity uses predefined security rules, there are times when legitimate website requests may accidentally trigger those rules. These situations are known as false positives.<\/p>\n<h3>Before You Disable ModSecurity<\/h3>\n<p>Before disabling ModSecurity, keep the following recommendations in mind:<\/p>\n<ul>\n<li>Disable it only for troubleshooting purposes.<\/li>\n<li>Always create a website backup before making significant changes.<\/li>\n<li>Test your website immediately after disabling the firewall.<\/li>\n<li>Re-enable ModSecurity once troubleshooting is complete.<\/li>\n<li>Consider requesting a rule adjustment from your hosting provider instead of permanently disabling protection.<\/li>\n<\/ul>\n<p>Maintaining website security should always remain a priority.<\/p>\n<h2>How to Disable ModSecurity in cPanel<\/h2>\n<p>Follow these simple steps to disable ModSecurity for a domain within your cPanel account.<\/p>\n<h3 data-section-id=\"1hmzdnt\" data-start=\"203\" data-end=\"246\"><span style=\"color: #000000;\">Step 1: Login to cPanel from Client Area<\/span><\/h3>\n<p data-start=\"446\" data-end=\"570\">First, visit the WebyStrata website and log in to your client area account using your registered email address and password.<\/p>\n<p data-start=\"446\" data-end=\"570\">official Website <a href=\"https:\/\/www.webystrata.com\">www.webystrata.com<\/a><\/p>\n<p data-start=\"291\" data-end=\"308\"><span style=\"color: #000000;\">After logging in:<\/span><\/p>\n<ol data-start=\"310\" data-end=\"429\">\n<li data-section-id=\"ygoy3r\" data-start=\"310\" data-end=\"331\"><span style=\"color: #000000;\">Go to <strong data-start=\"319\" data-end=\"331\">Services<\/strong><\/span><\/li>\n<li data-section-id=\"wyqca4\" data-start=\"332\" data-end=\"359\"><span style=\"color: #000000;\">Click on <strong data-start=\"344\" data-end=\"359\">My Services<\/strong><\/span><\/li>\n<li data-section-id=\"8kxumo\" data-start=\"360\" data-end=\"397\"><span style=\"color: #000000;\">Select your active hosting service<\/span><\/li>\n<li data-section-id=\"4ekbul\" data-start=\"398\" data-end=\"429\"><span style=\"color: #000000;\">Click on <strong data-start=\"410\" data-end=\"429\">Login to cPanel<\/strong><\/span><\/li>\n<\/ol>\n<p><code><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone wp-image-11961 size-full\" title=\"how-to-disable-modsecurity-in-cpanel\" src=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/05\/login-into-cpanel-5.webp\" alt=\"how-to-disable-modsecurity-in-cpanel\" width=\"1902\" height=\"957\" srcset=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/05\/login-into-cpanel-5.webp 1902w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/05\/login-into-cpanel-5-300x151.webp 300w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/05\/login-into-cpanel-5-1024x515.webp 1024w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/05\/login-into-cpanel-5-768x386.webp 768w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/05\/login-into-cpanel-5-1536x773.webp 1536w\" sizes=\"(max-width: 1902px) 100vw, 1902px\" \/><\/code><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #000000;\">Step 2: Open the ModSecurity Tool<\/span><\/h3>\n<ul>\n<li><span style=\"color: #000000;\">Scroll down to the <strong>Security<\/strong> section of cPanel and click on <strong>ModSecurity<\/strong>. <\/span><\/li>\n<li><span style=\"color: #000000;\">This feature allows you to manage ModSecurity protection for all domains associated with your hosting account.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-12495\" src=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/mod.webp\" alt=\"how-to-disable-modsecurity-in-cpanel\" width=\"1913\" height=\"902\" srcset=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/mod.webp 1913w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/mod-300x141.webp 300w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/mod-1024x483.webp 1024w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/mod-768x362.webp 768w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/mod-1536x724.webp 1536w\" sizes=\"(max-width: 1913px) 100vw, 1913px\" \/><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #000000;\">Step 3: Locate the Domain<\/span><\/h3>\n<ul>\n<li><span style=\"color: #000000;\">After opening ModSecurity, you will see a list of domains and subdomains hosted within your account. <\/span><\/li>\n<li><span style=\"color: #000000;\">Find the domain for which you want to disable ModSecurity protection.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-12496\" src=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/dlist.webp\" alt=\"how-to-disable-modsecurity-in-cpanel\" width=\"1912\" height=\"893\" srcset=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/dlist.webp 1912w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/dlist-300x140.webp 300w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/dlist-1024x478.webp 1024w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/dlist-768x359.webp 768w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/dlist-1536x717.webp 1536w\" sizes=\"(max-width: 1912px) 100vw, 1912px\" \/><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #000000;\">Step 4: Disable ModSecurity<\/span><\/h3>\n<p><span style=\"color: #000000;\">Next to the selected domain, you will find a toggle button showing the current status.<\/span><\/p>\n<ol>\n<li><span style=\"color: #000000;\">If the status is <strong>On<\/strong>, click the toggle button.<\/span><\/li>\n<li><span style=\"color: #000000;\">The status will change to <strong>Off<\/strong>.<\/span><\/li>\n<li><span style=\"color: #000000;\">ModSecurity will now be disabled for that domain.<\/span><\/li>\n<\/ol>\n<p><span style=\"color: #000000;\">The change takes effect immediately in most hosting environments.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-12497\" src=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/disable.webp\" alt=\"how-to-disable-modsecurity-in-cpanel\" width=\"1918\" height=\"897\" srcset=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/disable.webp 1918w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/disable-300x140.webp 300w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/disable-1024x479.webp 1024w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/disable-768x359.webp 768w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2026\/06\/disable-1536x718.webp 1536w\" sizes=\"(max-width: 1918px) 100vw, 1918px\" \/><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #000000;\">Step 5: Test Your Website<\/span><\/h3>\n<p><span style=\"color: #000000;\">Once ModSecurity has been disabled, visit your website and test the functionality that was previously causing issues. This may include:<\/span><\/p>\n<ul>\n<li><span style=\"color: #000000;\">Contact forms<\/span><\/li>\n<li><span style=\"color: #000000;\">Login pages<\/span><\/li>\n<li><span style=\"color: #000000;\">Shopping cart functions<\/span><\/li>\n<li><span style=\"color: #000000;\">API integrations<\/span><\/li>\n<li><span style=\"color: #000000;\">CMS plugins and extensions<\/span><\/li>\n<\/ul>\n<p><span style=\"color: #000000;\">If the issue is resolved, it is possible that a ModSecurity rule was blocking the request.<\/span><\/p>\n<h3><span style=\"color: #000000;\">Step 6: Re-enable ModSecurity<\/span><\/h3>\n<p><span style=\"color: #000000;\">For security reasons, it is highly recommended to re-enable ModSecurity after troubleshooting is complete.<\/span><\/p>\n<p><span style=\"color: #000000;\">To do this:<\/span><\/p>\n<ol>\n<li><span style=\"color: #000000;\">Return to <strong>cPanel \u2192 ModSecurity<\/strong>.<\/span><\/li>\n<li><span style=\"color: #000000;\">Locate your domain.<\/span><\/li>\n<li><span style=\"color: #000000;\">Toggle the status back to <strong>On<\/strong>.<\/span><\/li>\n<\/ol>\n<p><span style=\"color: #000000;\">This restores firewall protection for your website.<\/span><\/p>\n<h3>Why Disable ModSecurity?<\/h3>\n<p>Although ModSecurity provides valuable protection, there are situations where temporarily disabling it may be necessary.<\/p>\n<p>Common reasons include:<\/p>\n<p>1. Website Forms Are Not Working<\/p>\n<p>2. Receiving 403 Forbidden Errors<\/p>\n<p>3. Plugin Conflicts<\/p>\n<p>4. API Integration Issues<\/p>\n<p>5. Troubleshooting Website Problems<\/p>\n<h3>Advantages of Using ModSecurity<\/h3>\n<p>Even if you occasionally need to disable it for troubleshooting, ModSecurity provides several important benefits.<\/p>\n<ul>\n<li>Enhanced Website Security<\/li>\n<li>Protection Against Vulnerabilities<\/li>\n<li>Real-Time Request Filtering<\/li>\n<li>Reduced Risk of Data Breaches<\/li>\n<li>Additional Layer of Defense<\/li>\n<li>Better Compliance<\/li>\n<\/ul>\n<h3>Risks of Leaving ModSecurity Disabled<\/h3>\n<p>While disabling ModSecurity can solve temporary issues, leaving it disabled permanently may expose your website to security threats.<\/p>\n<p>Potential risks include:<\/p>\n<ul>\n<li>Increased vulnerability to attacks<\/li>\n<li>Higher risk of malicious traffic<\/li>\n<li>Unauthorized access attempts<\/li>\n<li>Exploitation of website vulnerabilities<\/li>\n<li>Increased likelihood of data compromise<\/li>\n<\/ul>\n<p>For these reasons, ModSecurity should only be disabled when absolutely necessary.<\/p>\n<h3>Alternative Solutions<\/h3>\n<p>Instead of completely disabling ModSecurity, consider these alternatives:<\/p>\n<ul>\n<li>Contact Your Hosting Provider<\/li>\n<li>Whitelist Legitimate Requests<\/li>\n<li>Update Plugins and Applications<\/li>\n<li>Use Developer Tools<\/li>\n<\/ul>\n<h2>Conclusion<\/h2>\n<p>ModSecurity is a powerful security feature that helps protect websites from a wide range of online threats. However, there are occasions when legitimate website activity may be blocked due to strict security rules. In these situations, temporarily disabling ModSecurity through cPanel can help identify and resolve the problem.<\/p>\n<p>The process is simple: log in to cPanel, open the ModSecurity tool, locate your domain, and switch the protection off. After troubleshooting, remember to re-enable ModSecurity to ensure your website remains protected against malicious traffic and common web-based attacks.<\/p>\n<p>By understanding how ModSecurity works and when to disable it safely, website owners can effectively balance security and functionality while maintaining a reliable hosting environment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How to Disable ModSecurity in cPanel Website security is one of the most important aspects of managing a hosting account. Most web hosting providers include various security features to help protect websites from hackers, malicious bots, and common web-based attacks. One such security feature available in many cPanel hosting environments is ModSecurity. ModSecurity acts as [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":12498,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,1],"tags":[],"class_list":["post-12494","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cpanel","category-latest-updates"],"_links":{"self":[{"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/posts\/12494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/comments?post=12494"}],"version-history":[{"count":2,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/posts\/12494\/revisions"}],"predecessor-version":[{"id":12500,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/posts\/12494\/revisions\/12500"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/media\/12498"}],"wp:attachment":[{"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/media?parent=12494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/categories?post=12494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/tags?post=12494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}