How To Disable Mod Security
Have you ever tried to make a post in WordPress, Xenforo, or some other content management system only to get a 500 internal server error?
I was chatting on Skype yesterday with one of my friends (and Name Hero customers) who was having this issue over and over.
First off, I can relate as I’ve experienced this for nearly a decade now, and always wanted to pull my hair out troubleshooting the issue.
After spending HOURS troubleshooting this many years ago, I discovered it was Mod Security blocking it.
More specifically, some word processing programs such as Microsoft Word insert ambiguous characters into your text which when pasted into WordPress (or similar) can create the error as Mod Security considers it a threat.
This is also the same problem many face when trying to get the Manage WP Worker plugin to connect.
You can do this by logging into cPanel, searching for, and then clicking on ModSecurity:
You can then disable it for the domain in question or for your entire cPanel account:
If you administer your server (i.e. on a VPS) you can login to Web Host Manager -> ModSecurity Tools and you can disable the one rule causing the issue (if you don’t want to disable Mod Security all together).
This works as well, but sometimes you’ll find there are multiple rules creating the issue. In a lot of cases it’s just as easy to disable it all together.
If you must do that, it's best to contact support, have us look though some logs for your IP address and see exactly which rule is causing the issue. The short fix is just turning off mod_security. But mod_security is GREAT for protecting your website. So contact us and we can examine logs to determine which rule needs to be whitelisted. That way you can still enjoy 'behind the scenes' protection.
Mod Security acts as a web application firewall blocking your site from many hacking / exploit attempts. If you decide to disable it you need to make SURE you regularly change your passwords (using strong ones) as well as keep your software updated.
This means regularly updating WordPress (when updates are available) as well as all your plugins, themes, etc. Running older versions of software is the number one reason websites get hacked. Also using insecure passwords without strong characters!
If you have any questions or issues with this, feel free to reach out and our team can ensure your website is secured!
I was chatting on Skype yesterday with one of my friends (and Name Hero customers) who was having this issue over and over.
First off, I can relate as I’ve experienced this for nearly a decade now, and always wanted to pull my hair out troubleshooting the issue.
You need to disable Mod Security
After spending HOURS troubleshooting this many years ago, I discovered it was Mod Security blocking it.
More specifically, some word processing programs such as Microsoft Word insert ambiguous characters into your text which when pasted into WordPress (or similar) can create the error as Mod Security considers it a threat.
This is also the same problem many face when trying to get the Manage WP Worker plugin to connect.
How to disable Mod Security
You can do this by logging into cPanel, searching for, and then clicking on ModSecurity:
You can then disable it for the domain in question or for your entire cPanel account:
If you administer your server (i.e. on a VPS) you can login to Web Host Manager -> ModSecurity Tools and you can disable the one rule causing the issue (if you don’t want to disable Mod Security all together).
This works as well, but sometimes you’ll find there are multiple rules creating the issue. In a lot of cases it’s just as easy to disable it all together.
If you must do that, it's best to contact support, have us look though some logs for your IP address and see exactly which rule is causing the issue. The short fix is just turning off mod_security. But mod_security is GREAT for protecting your website. So contact us and we can examine logs to determine which rule needs to be whitelisted. That way you can still enjoy 'behind the scenes' protection.
How to keep your website secure
Mod Security acts as a web application firewall blocking your site from many hacking / exploit attempts. If you decide to disable it you need to make SURE you regularly change your passwords (using strong ones) as well as keep your software updated.
This means regularly updating WordPress (when updates are available) as well as all your plugins, themes, etc. Running older versions of software is the number one reason websites get hacked. Also using insecure passwords without strong characters!
If you have any questions or issues with this, feel free to reach out and our team can ensure your website is secured!
Updated on: 10/10/2024
Thank you!