If you are running some version of Fedora greater than Core 2, mod_security installation might be as simple as invoking yum:

/usr/bin/yum install mod_security
/etc/init.d/httpd restart

For Debian and Ubuntu, you could do:

apt-get install libapache2-mod-security
a2enmod mod-security
/etc/init.d/apache2 force-reload

If per chance you are running a version of Fedora that does not have the mod_security package, you will need to download the source, compile the module, configure mod_security and restart Apache.

• Get the latest version of mod_security from http://www.modsecurity.org/download/modsecurity-apache_2.1.0.tar.gz
• Make sure you have httpd-devel installed with
  

  /usr/bin/yum httpd-devel install

• Follow the steps outlined here. The steps are very clear and should not be confusing. For the step that asks to configure mod_security, you can use a very basic config from here and copy the contents to /etc/httpd/conf.d/mod_security.conf More detailed rules can be found here.
• After Apache restarts, make sure you web application (and WordPress) are running as normal

If things break, removing the module is as simple as commenting out the line that activates mod_security in httpd.conf (search for mod_security in /etc/httpd/conf/httpd.conf) and restarting your Apache. There are lots of fun rules for comment spam mitigation, Google Hack Signatures and other tricks that you can add to mod_security. As with any high level application security, this adds overhead and there is a delicate balance between protection and paranoia. mod_security 2.1.0 has significant performance improvements over earlier versions.

Standard Disclaimer: This How To comes without any warranty or guarantee of any sort. Please take these steps at your own risk and do not modify or change anything you are not familiar or comfortable with. I will not be responsible if you break your server.