Support » Plugin: Wordfence Security - Firewall & Malware Scan » Is it okay to turn mod_security off while using Wordfence

  • Resolved ashishb01

    (@ashishb01)



    Hi,
    Thanks for this great plugin. My question is, since I have installed Wordfence, is it okay to turn mod_security off for my website?

    I mean will wordfence protect my site aginst the security checks that mod_security does so that I can turn that feature off?

    https://wordpress.org/plugins/wordfence/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Hi,

    Any updates?

    Are you having conflicts with Wordfence and modsecurity running together. If not, it shouldn’t hurt to have them both running.

    Jeff Brock

    (@jeffbrockstudio)

    Chiming in here … my client is running a site that is only accessible by users logging in to their WordPress accounts. Both WordFence and mod_security are running. This morning users saw this message for about 30 minutes:

    “WordPress Login Temporarily Disabled

    “We apologize for the inconvenience! You are seeing this message because your site has recently been targeted by attackers attempting to gain access to your WordPress Dashboard. In order to protect your site your WordPress Login page has been temporarily disabled.

    “Unfortunately, you will be unable to login to the Dashboard until the block expires.”

    I’d prefer to depend on WordFence for protecting against brute force logins, rather than mod_security, so that users aren’t locked out this way. (Also, it wouldn’t be practical at this point to obscure the login URL.) Would I be putting the server at greater risk by turning off mod_security?

    Thanks for a great plugin!

    Plugin Author WFMattR

    (@wfmattr)

    Wordfence and mod_security both do some things that the other does not, so you may lose some protection by turning off mod_security entirely, though a lot of hosts don’t have it at all.

    Your host may be able to help you find and disable just that one mod_security rule for your site, if they have mod_security set up in a way that lets you disable single rules.

    -Matt R

    Jeff Brock

    (@jeffbrockstudio)

    Splendid. Thanks for the quick reply.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Is it okay to turn mod_security off while using Wordfence’ is closed to new replies.