Skip to main content

ModSecurity to disable for Wordpress

Comments

8 comments

  • cPRex Jurassic Moderator
    Hey there! I'm not sure if there is a one-size-fits-all solution to this problem. Some people have run into issues with the auto-save feature as mentioned here: You can also whitelist a certain IP address, such as the home IP of the site admin:
    0
  • ITHKBO
    I can provide you the list we use for our wordpress clients but I agree with cPRex that it is better to audit the logs. Below is based on 3 months observations since 2023 on our new Cloudlinux server with 800 plugins spread between the accounts. We have not had any new incidents for a few months now. 942100, 942140, 942190, 941100, 941110, 941120, 941130, 941140, 941160, 941170, 941180, 941210, 921110, 921130, 980130, 930100, 930110, 920120
    0
  • quietFinn
    @ITHKBO If you disable rule 949110 you pretty much disable ModSecurity o_O
    0
  • retechpro
    I"ve same issue. I need to disable mod_security on whole server because client facing issue. Some client facing post save issue. Some client facing 404 error. Some facing ajax error in plugins. Which rules are creating issue. What should we have to do. I"m using imunify360 & Cloudlinux. Is it safe to disable mod security on whole server?
    0
  • ITHKBO
    @ITHKBO If you disable rule 949110 you pretty much disable ModSecurity o_O
    0
  • azednetma
    Thank you! This is my whitelist: 300013 300015 300016 300017 942100 942140 942190 941100 941110 941120 941130 941140 941160 941170 941180 941210 921110 921130 980130 930100 930110 920120 949110 980130 Anyhting to add or to remove?
    0
  • quietFinn
    As I mentioned earlier in this thread, if you disable rule 949110 you pretty much disable ModSecurity
    0
  • azednetma
    Done thanks.
    0

Please sign in to leave a comment.