https:\/\/yourdomain.com:2083\n# or\nhttps:\/\/yourserverIP:2083<\/code><\/pre>\n<\/div>\nEnter your username and password. If you’re unsure of your login details, check your original welcome email from Host & Tech or contact support.<\/p>\n
Step 2 \u2014 Find the ModSecurity Section<\/h3>\n Inside cPanel, scroll down to the Security<\/strong> section. Click ModSecurity<\/strong>. You’ll see a list of all domains and subdomains associated with your account, each with an On\/Off toggle.<\/p>\n\ud83d\udcdd Note: If you don’t see a ModSecurity option in the Security section, the module isn’t installed on your server. On shared hosting, this is controlled by the host \u2014 open a support ticket and ask for it to be enabled. On a VPS or dedicated server, you’d install it via WHM (covered below).<\/p>\n
Step 3 \u2014 Enable ModSecurity for Your Domain<\/h3>\n Click the toggle next to the domain you want to protect. It switches from Off<\/strong> to On<\/strong> immediately \u2014 there’s no save button. cPanel writes the configuration change live.<\/p>\n\u26a0 Warning: Enabling ModSecurity on a production site with no prior testing can cause false positives that block real users. If your site uses complex form submissions, a REST API, or a page builder like Elementor, I’d recommend enabling it first on a staging subdomain and watching the error logs for 24-48 hours before rolling it out to the live domain.<\/p>\n
Step 4 \u2014 (WHM Only) Install and Configure a Rule Set<\/h3>\n ModSecurity without rules is just an empty framework \u2014 the rules are what actually block attacks. If you have WHM access, here’s how to set up a rule set.<\/p>\n
Log in to WHM at https:\/\/yourserverIP:2087<\/code>, then navigate to Security Center > ModSecurity Vendors<\/strong>.<\/p>\nYou’ll see options to add rule vendors. The two most common are:<\/p>\n
\nOWASP Core Rule Set (CRS)<\/strong> \u2014 free, community-maintained, very comprehensive. This is what I’d recommend starting with.<\/li>\nComodo WAF Rules<\/strong> \u2014 also free via WHM’s built-in vendor list, but can be more aggressive out of the box.<\/li>\n<\/ul>\nTo add OWASP CRS manually via the command line on your server:<\/p>\n
<\/button>Copied to clipboard<\/span><\/p>\n# Navigate to ModSecurity rules directory\ncd \/etc\/apache2\/conf.d\/modsec_vendor_configs\/\n\n# Clone the OWASP CRS repo\ngit clone https:\/\/github.com\/coreruleset\/coreruleset.git owasp-crs\n\n# Copy the default config\ncp owasp-crs\/crs-setup.conf.example owasp-crs\/crs-setup.conf\n\n# Restart Apache to apply\nsystemctl restart httpd<\/code><\/pre>\n<\/div>\n\ud83d\udcdd Note: On cPanel\/WHM servers running EasyApache 4, the Apache service is usually managed via httpd<\/code>, not apache2<\/code>. If systemctl restart httpd<\/code> fails, try service httpd restart<\/code>.<\/p>\nStep 5 \u2014 Set ModSecurity to Detection Mode First<\/h3>\n This is the step most people skip, and it causes real problems. ModSecurity has two modes:<\/p>\n
\nDetection Only<\/strong> \u2014 logs rule matches but doesn’t block anything<\/li>\nPrevention (active enforcement)<\/strong> \u2014 blocks requests that match rules<\/li>\n<\/ul>\nIn WHM, go to Security Center > ModSecurity Configuration<\/strong> and set Audit Log<\/strong> to enabled and Rule Engine<\/strong> to DetectionOnly<\/code> initially. After reviewing logs for a day or two, switch to On<\/code>.<\/p>\nTo set this directly in the config file:<\/p>\n
<\/button>Copied to clipboard<\/span><\/p>\n# Edit the main ModSecurity config\nnano \/etc\/apache2\/conf.d\/modsec2.conf\n\n# Find this line and change it:\nSecRuleEngine DetectionOnly\n\n# Once you're satisfied with the logs, change to:\nSecRuleEngine On<\/code><\/pre>\n<\/div>\nSave the file and restart Apache after any manual config change.<\/p>\n
Step 6 \u2014 Review ModSecurity Logs<\/h3>\n Audit logs are stored in:<\/p>\n
<\/button>Copied to clipboard<\/span><\/p>\n\/var\/log\/modsec_audit.log<\/code><\/pre>\n<\/div>\nTo watch it live while testing your site:<\/p>\n
<\/button>Copied to clipboard<\/span><\/p>\ntail -f \/var\/log\/modsec_audit.log<\/code><\/pre>\n<\/div>\nEach blocked or flagged request will show the rule ID, the matched pattern, and the request URI. This is how you identify false positives before they affect real users.<\/p>\n
Step 7 \u2014 Whitelist a Rule Causing False Positives<\/h3>\n If a specific rule is blocking legitimate traffic (common with contact forms or WooCommerce checkout), you can disable that rule for a specific domain without turning off ModSecurity entirely.<\/p>\n
In cPanel, go to ModSecurity > Domains<\/strong>, click Rules List<\/strong> for the affected domain, find the rule ID from your audit log, and click Disable<\/strong>.<\/p>\nTo do this at the server level via WHM or config file, add a rule exception:<\/p>\n
<\/button>Copied to clipboard<\/span><\/p>\n# Add to your custom rules file, e.g. \/etc\/apache2\/conf.d\/modsec2.user.conf\n# Replace 949110 with the actual rule ID from your audit log\nSecRuleRemoveById 949110<\/code><\/pre>\n<\/div>\n\u26a0 Warning: Don’t disable rules blindly. Each rule ID maps to a specific attack vector. Look up the rule ID in the OWASP CRS documentation before disabling it \u2014 some rules are critical.<\/p>\n
Common Issues & Troubleshooting<\/h2>\n403 Forbidden After Enabling ModSecurity<\/h3>\n Cause:<\/strong> A ModSecurity rule matched something in your page’s request \u2014 often a form field value, a URL parameter, or a cookie. This is extremely common with WordPress contact forms, WooCommerce, and REST API calls.<\/p>\nFix:<\/strong> Check \/var\/log\/modsec_audit.log<\/code> or the Apache error log at \/var\/log\/apache2\/error.log<\/code> for the specific rule ID. Then whitelist that rule for the affected domain as shown in Step 7. Don’t just turn ModSecurity off entirely \u2014 that defeats the purpose.<\/p>\nModSecurity Toggle Is Missing in cPanel<\/h3>\n Cause:<\/strong> mod_security2 isn’t installed in EasyApache 4, or it’s installed but the cPanel feature isn’t enabled for your account.<\/p>\nFix:<\/strong> If you’re a WHM admin, go to EasyApache 4<\/strong>, search for mod_security2<\/code>, and install it. Then check Feature Manager<\/strong> to make sure ModSecurity is enabled for the relevant feature list. If you’re on shared hosting, contact support \u2014 you can’t install Apache modules yourself.<\/p>\nSite Loads Fine But API Calls Return 403<\/h3>\n Cause:<\/strong> ModSecurity is blocking POST requests with JSON bodies or unusual headers, which is common with headless WordPress setups, React\/Vue frontends, or mobile apps hitting a REST endpoint.<\/p>\nFix:<\/strong> This is almost always OWASP CRS rule 920420 (invalid content type) or rules in the 949xxx range. Review the audit log for the exact rule. You may need to add a location-specific exception:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\n# In your VirtualHost config or .htaccess (if AllowOverride is on)\n<Location "\/wp-json\/">\n SecRuleEngine Off\n<\/Location><\/code><\/pre>\n<\/div>\n\ud83d\udcdd Note: Turning off the rule engine for \/wp-json\/<\/code> entirely is a quick fix but not ideal for production. Prefer disabling the specific offending rule ID instead.<\/p>\nModSecurity Is On But Attacks Still Getting Through<\/h3>\n Cause:<\/strong> The rule engine is set to DetectionOnly<\/code> \u2014 it logs but doesn’t block. Or the rule set is outdated and doesn’t cover newer attack signatures.<\/p>\nFix:<\/strong> Confirm your rule engine mode in \/etc\/apache2\/conf.d\/modsec2.conf<\/code>. If you’re using OWASP CRS, update it:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncd \/etc\/apache2\/conf.d\/modsec_vendor_configs\/owasp-crs\ngit pull origin main\nsystemctl restart httpd<\/code><\/pre>\n<\/div>\ncPanel Shows ModSecurity as Enabled But Apache Isn’t Enforcing It<\/h3>\n Cause:<\/strong> A syntax error in a custom rules file is causing Apache to skip the ModSecurity config entirely. This happens silently \u2014 Apache still starts, but ignores the broken include.<\/p>\nFix:<\/strong> Test your Apache config before restarting:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\napachectl -t\n# or\nhttpd -t<\/code><\/pre>\n<\/div>\nFix any reported syntax errors in your custom rule files, then restart Apache. This is one of those issues where the official cPanel docs won’t tell you to check this \u2014 but it’s the actual cause about 30% of the time.<\/p>\n
FAQ<\/h2>\n\n
Frequently Asked Questions<\/h2>\n\n
Does enabling ModSecurity slow down my website?<\/h3>\n\n
There is a small overhead \u2014 every request gets inspected before it reaches your site. In practice, on modern hardware, this is under 5ms per request and most users won’t notice it. With a large OWASP CRS rule set and a very high-traffic site, you may see slightly higher CPU usage, but it’s rarely significant enough to warrant disabling it.<\/p>\n<\/div>\n<\/div>\n
\n
Can I enable ModSecurity on just one domain and not others?<\/h3>\n\n
Yes. In cPanel, the ModSecurity page lists each domain separately with its own toggle. You can enable it on your main domain and leave it off on a development subdomain, for example. Changes take effect immediately with no server restart needed.<\/p>\n<\/div>\n<\/div>\n
\n
Will ModSecurity protect my WordPress site from hackers?<\/h3>\n\n
It adds a meaningful layer of protection \u2014 it can block SQL injection, XSS attacks, bad bots, and known exploit attempts targeting WordPress core and popular plugins. That said, it’s not a replacement for keeping WordPress, themes, and plugins updated, using strong passwords, and running regular malware scans. Think of ModSecurity as one layer in a defence-in-depth approach.<\/p>\n<\/div>\n<\/div>\n
\n
What's the difference between ModSecurity in cPanel versus a Cloudflare WAF?<\/h3>\n\n
ModSecurity runs on your web server and inspects traffic after it arrives at your server. Cloudflare’s WAF sits in front of your server entirely and filters traffic before it even reaches you. For most sites, running both is fine and gives you more coverage \u2014 but if you’re already behind Cloudflare’s WAF, the marginal benefit of ModSecurity is smaller. I’d still keep it on as a fallback.<\/p>\n<\/div>\n<\/div>\n
\n
My ModSecurity audit log is huge and filling up disk space \u2014 what should I do?<\/h3>\n\n
This is common on busy servers. You can configure log rotation in \/etc\/logrotate.d\/modsecurity<\/code> to rotate and compress the audit log daily or weekly. You can also reduce audit log verbosity by changing SecAuditLogParts<\/code> in your ModSecurity config to only log the parts you actually need \u2014 most people don’t need parts E (response body) and F (response headers) unless actively debugging.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"ModSecurity is cPanel’s built-in web application firewall \u2014 and it’s one of the most effective ways to block common attacks before they reach your site. Here’s how to enable it, pick the right rule set, and avoid the false-positive headaches that trip most people up.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[39],"tags":[40,574,263,575,573,570,571,572],"class_list":["post-214","post","type-post","status-publish","format-standard","hentry","category-cpanel","tag-cpanel","tag-cpanel-modsecurity","tag-cpanel-security","tag-how-to-enable-modsecurity-in-cpanel-waf-setup-guide","tag-mod_security-rules","tag-modsecurity","tag-waf","tag-web-application-firewall"],"yoast_head":"\n
How to Enable ModSecurity in cPanel (WAF Setup Guide)<\/title>\n<meta name=\"description\" content=\"Learn how to enable cPanel ModSecurity WAF, configure rule sets, and fix common conflicts. Step-by-step guide for shared and VPS hosting users.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Enable ModSecurity in cPanel (WAF Setup Guide)\" \/>\n<meta property=\"og:description\" content=\"Learn how to enable cPanel ModSecurity WAF, configure rule sets, and fix common conflicts. Step-by-step guide for shared and VPS hosting users.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-03T06:08:35+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/cpanel\\\/how-to-enable-modsecurity-cpanel\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/cpanel\\\/how-to-enable-modsecurity-cpanel\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"How to Enable ModSecurity in cPanel (WAF Setup Guide)\",\"datePublished\":\"2026-06-03T06:08:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/cpanel\\\/how-to-enable-modsecurity-cpanel\\\/\"},\"wordCount\":1572,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel\",\"cPanel ModSecurity\",\"cPanel security\",\"How to Enable ModSecurity in cPanel (WAF Setup Guide)\",\"mod_security rules\",\"modsecurity\",\"WAF\",\"web application firewall\"],\"articleSection\":[\"cPanel Guides\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/cpanel\\\/how-to-enable-modsecurity-cpanel\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/cpanel\\\/how-to-enable-modsecurity-cpanel\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/cpanel\\\/how-to-enable-modsecurity-cpanel\\\/\",\"name\":\"How to Enable ModSecurity in cPanel (WAF Setup Guide)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-06-03T06:08:35+00:00\",\"description\":\"Learn how to enable cPanel ModSecurity WAF, configure rule sets, and fix common conflicts. Step-by-step guide for shared and VPS hosting users.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/cpanel\\\/how-to-enable-modsecurity-cpanel\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/cpanel\\\/how-to-enable-modsecurity-cpanel\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/cpanel\\\/how-to-enable-modsecurity-cpanel\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Enable ModSecurity in cPanel (WAF Setup Guide)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Enable ModSecurity in cPanel (WAF Setup Guide)","description":"Learn how to enable cPanel ModSecurity WAF, configure rule sets, and fix common conflicts. Step-by-step guide for shared and VPS hosting users.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/","og_locale":"en_US","og_type":"article","og_title":"How to Enable ModSecurity in cPanel (WAF Setup Guide)","og_description":"Learn how to enable cPanel ModSecurity WAF, configure rule sets, and fix common conflicts. Step-by-step guide for shared and VPS hosting users.","og_url":"https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-06-03T06:08:35+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"How to Enable ModSecurity in cPanel (WAF Setup Guide)","datePublished":"2026-06-03T06:08:35+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/"},"wordCount":1572,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel","cPanel ModSecurity","cPanel security","How to Enable ModSecurity in cPanel (WAF Setup Guide)","mod_security rules","modsecurity","WAF","web application firewall"],"articleSection":["cPanel Guides"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/","url":"https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/","name":"How to Enable ModSecurity in cPanel (WAF Setup Guide)","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-06-03T06:08:35+00:00","description":"Learn how to enable cPanel ModSecurity WAF, configure rule sets, and fix common conflicts. Step-by-step guide for shared and VPS hosting users.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/cpanel\/how-to-enable-modsecurity-cpanel\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"How to Enable ModSecurity in cPanel (WAF Setup Guide)"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=214"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/214\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}