How to Disable mod_security in cPanel
mod_security is a Web Application Firewall (WAF) module that helps protect your website from common web attacks like SQL injection, XSS, and more. However, sometimes it can block legitimate traffic or cause issues with certain applications. In such cases, you may need to disable it for a specific domain.
Security Notice: Disabling mod_security reduces your website's protection. Only disable it if you are certain that it is blocking legitimate functionality. Contact SKPHost Support before disabling it if you are unsure.
Steps to Disable mod_security for a Domain
- Login to cPanel.
- Under the Security section, click ModSecurity.
- You will see a list of all your domains.
- Find the domain for which you want to disable mod_security.
- Toggle the switch to Off for that domain.
mod_security will be disabled immediately for that domain without requiring a server restart.
Disabling mod_security via .htaccess
Alternatively, you can disable mod_security for specific pages or folders using your .htaccess file:
# Disable mod_security for this directory
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
When to Disable mod_security
- A form submission on your site returns a 403 Forbidden error.
- An admin panel feature stops working after uploading content.
- A specific API endpoint or plugin triggers false positives.
- You are getting "You don't have permission to access" errors on your own site.
Re-enabling mod_security
To re-enable mod_security, go back to cPanel → Security → ModSecurity and toggle the switch back to On for your domain.
If you continue to face issues, please open a create a request.
