Real-Time Protection Against Targeted Web Attacks
ModSecurity is a powerful Web Application Firewall (WAF). It acts as a shield for your installed applications (such as WordPress, Joomla, or online shops) by scanning incoming HTTP traffic in real-time and blocking malicious requests before they even reach your website.
The module detects and blocks typical attack patterns such as SQL Injection (database manipulation), Cross-Site Scripting (XSS), and Session Hijacking. It is particularly effective against automated bots scanning the internet for vulnerabilities.
How it Works at a Glance
ModSecurity is rule-based. Every request to your web server is checked against an extensive list of security rules:
Traffic is inspected during transmission without noticeably affecting performance.
Detected threats are rejected immediately. The attacker only receives an error message (e.g., 403 Forbidden).
Managing ModSecurity in your cPanel
By default, ModSecurity is enabled for all your domains to provide maximum protection. However, in your cPanel under Security » ModSecurity, you have the following options:
- Check Status: See at a glance which domains have active protection.
- Disable (Emergency Only): If a legitimate function of your website is incorrectly blocked (a so-called "False Positive"), you can temporarily disable protection for the affected domain for testing purposes.
We strongly recommend keeping ModSecurity enabled at all times. Disabling the firewall exposes your applications to direct risk from hacker bots. If you encounter issues with false blocks, please contact our support team.
ModSecurity 3: Fast and Modern
We use the most modern version of ModSecurity on our servers. Compared to older versions, it offers significant speed advantages and more precise attack detection, increasing the stability of your website.
Interested in technical details?
Visit the official cPanel documentation for ModSecurity.
