ModSecurity is a web‑application firewall that runs at the server level. It inspects each request and compares it against a rule set. When a rule flags a request as malicious, ModSecurity returns a 403 or 406 response and displays the “The site is blocked by a firewall (mod_security)” notice. WordPress actions such as form submissions, AJAX calls, or media uploads often contain patterns that resemble attacks, so an over‑aggressive rule set generates false positives.
The block occurs before WordPress code executes. The server stops the request, logs the event, and shows the error to the user. Because the firewall operates outside of WordPress, the platform itself cannot resolve the issue without server‑level changes.