Hello,
I’m running DirectAdmin + LiteSpeed Enterprise on AlmaLinux 10 and recently installed Imunify360. After enabling Imunify360’s WAF, I started experiencing extremely aggressive false positives.
Here is what happened:
I would like to ask:
Thank you.
I’m running DirectAdmin + LiteSpeed Enterprise on AlmaLinux 10 and recently installed Imunify360. After enabling Imunify360’s WAF, I started experiencing extremely aggressive false positives.
Here is what happened:
- My own IP (server owner) was instantly blocked multiple times
- Even normal WordPress actions such as installing a theme, updating plugins, or saving settings triggered WAF bans
- WAF added my IP to chain_DENY through ModSecurity
- I got locked out of DirectAdmin, WP Admin, SSH (even through VPN/Warp)
- CSF/LFD and WordFence were NOT the cause
- The blocking logs clearly showed:
BFM: mod_security1=748 on my IP - Even after whitelisting my IP, the bans continued
- Removing WordFence made no difference
- Problem disappeared ONLY AFTER fully removing Imunify360
- After uninstalling, everything works perfectly: CSF + LFD are stable, no bans, no false positives, WordPress works normally.
I would like to ask:
- Is this a known issue with Imunify360 on DirectAdmin?
- Are there recommended ModSecurity configurations for WordPress to avoid these aggressive false positives?
- Do most DirectAdmin users rely only on CSF + LFD instead of Imunify360?
- Should Imunify360 be avoided in DirectAdmin + LiteSpeed environments?
Thank you.