disable mod_security = dangerous? | WordPress.org

zesty1
(@zesty1)

14 years, 2 months ago

I have had many issues with this blocking out certain words (btw can anyone explain why this happens? it was driving me to complete madness until I figured it must be this).

My host tells me they highly recommend against disabling mod_security though, as it then poses some large security risk.

Can anyone expand on this please? I have databases with peoples names/phone numbers/addresses/ etc stored on them, i dont want to open up any security holes

Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

Samuel B
(@samboll)

14 years, 2 months ago

brief explanation
http://onlamp.com/pub/a/apache/2003/11/26/mod_security.html

you definitely don’t want to turn it off
it is likely blocking certain words to stave off sql injections, etc.

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

🏳️‍🌈 Advisor and Activist

14 years, 2 months ago

There IS a difference, as I mentioned in your other thread between turning it off and turning it of selectively.

If you disable it for admin posting (which if you read the disable mod security post, you’ll note we’re only advocating turning it off for THREE files, all of which are only available on the admin side) you’re at a higher risk, yes, but not a devastating one.

Samuel B
(@samboll)

14 years, 2 months ago

Sound advice from Ipstenu

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘disable mod_security = dangerous?’ is closed to new replies.

Tags

mod_security

In: Installing WordPress
3 replies
3 participants
Last reply from: Samuel B
Last activity: 14 years, 2 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics