ModSecurity adds server-side protection. Pair it with hardening and virtual patching practices.
Install
sudo apt install -y libapache2-mod-security2Enable OWASP CRS
Follow your distro’s packaged ruleset guidance.
⚠️ Test in staging first to reduce false positives. After enabling, run Apache configtest and reload.
Related
- Essential security hardening for self-hosted WordPress on Ubuntu — hardening baseline