Block Modsec WAF from WordPress Website

June 12, 2020 -

You can block modsec WAF from your website via .htaccess with the following code…

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>

This may help when in development, remove when finished to get the protection back.

If there is an actual rule you keep triggering you can make an exemption by IP address…

# Whitelist 401 WordPress rule - change the ModSec rule and IP address
<IfModule security2_module>
<IF "%{REMOTE_ADDR} == 'YOUR-IP'">
SecRuleRemoveById 700001
</IF>
</IfModule>

Related Posts:

Categorized WordPress Tagged htaccess, modsec

Leave all Comment Cancel Reply