WordPress.org

Ready to get started?Download WordPress

Forums

disable mod_security = dangerous? (4 posts)

  1. zesty1
    Member
    Posted 4 years ago #

    I have had many issues with this blocking out certain words (btw can anyone explain why this happens? it was driving me to complete madness until I figured it must be this).

    My host tells me they highly recommend against disabling mod_security though, as it then poses some large security risk.

    Can anyone expand on this please? I have databases with peoples names/phone numbers/addresses/ etc stored on them, i dont want to open up any security holes

    Thanks

  2. Samuel B
    moderator
    Posted 4 years ago #

    brief explanation
    http://onlamp.com/pub/a/apache/2003/11/26/mod_security.html

    you definitely don't want to turn it off
    it is likely blocking certain words to stave off sql injections, etc.

  3. There IS a difference, as I mentioned in your other thread between turning it off and turning it of selectively.

    If you disable it for admin posting (which if you read the disable mod security post, you'll note we're only advocating turning it off for THREE files, all of which are only available on the admin side) you're at a higher risk, yes, but not a devastating one.

  4. Samuel B
    moderator
    Posted 4 years ago #

    Sound advice from Ipstenu

Topic Closed

This topic has been closed to new replies.

About this Topic