mod security rule id:210220

Saturday, Feb. 3 I went to access my site, https://www.checkerboardflyer.com and it would not load. I contacted my ISP, machighway.com and they sent the following reply. This stuff is way over my head. I would like to get some advice as to what I need to do to make my site secure. I am running WordFence. Thanks.

FROM MY ISP:

Upon checking, I have noticed that your IP address (my IP address here) was blocked in the server by mod security trigger of rule id:210220. I have now unblocked your IP to fix the issues.

Please see the log details below:
[Sat Feb 03 19:51:30 2018] [error] [client 73.209.230.182] ModSecurity: Access denied with code 403 (phase 2). Pattern match “[\”‘;=]” at FILES:async-upload. [file “/var/cpanel/cwaf/rules/12_HTTP_Protocol.conf”] [line “17”] [id “210220”] [rev “1”] [msg “COMODO WAF: Attempted multipart/form-data bypass”] [data “SRCB Swap ‘Til You Drop exp.pdf”] [severity “CRITICAL”] [hostname “www.checkerboardflyer.com”] [uri “/wp-admin/async-upload.php”] [unique_id “WnZZEsfM@IYAAFAPawgAAADU”]

Mod_security is an apache module that helps to protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule sets and is enabled in our servers by default. Mod_Security can potentially block common code injection attacks which strengthens the security of the server. However, sometimes it can false positively block your IP.

As per the mod security rule id:210220, the system check for the existence of the ‘ ” ; = meta-characters in either the file or file name variables in order to detect evasion attempts. Here this rule triggers when you access the URL “www.checkerboardflyer.com/wp-admin/async-upload.php” for uploading files.

The page I need help with: [log in to see the link]