Find us on social media

Client area
SecurityModSecurityFirewall5 min read

Protect your website against attacks

ModSecurity, IP blocking, Imunify360, directory protection and security headers.

Security layers at Baires Host

Web security requires multiple layers of protection. At Baires Host, your hosting includes ModSecurity, Imunify360 and cPanel tools to protect your site.

ModSecurity (WAF)

ModSecurity is a Web Application Firewall that filters malicious requests:

  1. In cPanel → SecurityModSecurity
  2. Verify it is enabled for your domain
  3. If a legitimate rule is blocked, you can disable it specifically

Common rules it blocks

  • SQL injection
  • Cross-Site Scripting (XSS)
  • Remote file inclusion
  • Directory traversal

Imunify360

Imunify360 is an advanced security system that protects at the server level:

  • Malware detection: Scans files in real time
  • Proactive firewall: Blocks malicious IPs automatically
  • Patch management: Applies virtual patches to known vulnerabilities

To check the status:

  1. In cPanel → SecurityImunify360
  2. Review detected files and actions taken

IP blocking

From cPanel

  1. Go to SecurityIP Blocker
  2. Enter the IP or range to block
  3. Click Add

From .htaccess

apache
# Block specific IPs
<RequireAll>
  Require all granted
  Require not ip 185.234.xx.xx
  Require not ip 45.148.xx.0/24
</RequireAll>

Directory protection

Protect sensitive folders with a password:

  1. In cPanel → FilesDirectory Privacy
  2. Select the folder (e.g. /admin, /wp-admin)
  3. Check Password protect this directory
  4. Create a username and password

This adds HTTP basic authentication before accessing the directory.

Disable directory listing

apache
# In .htaccess
Options -Indexes

Without this, anyone can see the contents of folders without an index file.

Security headers

Add HTTP headers that protect against common attacks:

apache
<IfModule mod_headers.c>
  # Prevent your site from being loaded in external iframes
  Header always set X-Frame-Options "SAMEORIGIN"
  
  # Prevent the browser from interpreting files incorrectly
  Header always set X-Content-Type-Options "nosniff"
  
  # Basic Content Security Policy
  Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:;"
  
  # Force HTTPS
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>

Hotlink protection

Prevent other sites from consuming your bandwidth by using your images:

apache
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?yourdomain\.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|webp)$ - [F,NC,L]

Protect wp-login.php (WordPress)

apache
# Limit login access by IP
<Files wp-login.php>
  Require ip YOUR_PUBLIC_IP
</Files>

# Or add rate limiting with fail2ban (server level)

Security checklist

  • ModSecurity enabled
  • SSL/HTTPS forced
  • Security headers configured
  • Directory listing disabled
  • Sensitive files protected (.env, wp-config.php)
  • Strong passwords on all accounts
  • Software updated (CMS, plugins, themes)
  • Automatic backups working
  • Modified file monitoring active
Was this guide helpful?
← Back to Web Hosting