403 Errors – Beaver Builder Hangs on Publish or Save
July 11, 2019 | Beaver Builder, Troubleshooting, WordPress
Beaver Builder uses Ajax to process your work in the Beaver Builder editor, and if the Ajax process encounters something in your content that triggers a 403 error, you’ll see a popup error message. The 403 error or sometimes a 409 error may also appear in your browser console when you have trouble saving modules or publishing a page.
Nearly always, the 403 error (and sometimes a 409 error) is caused by your server having mod_security enabled. Usually (though not always), the 403 error occurs when you add some custom code to one of your modules, such as an <iframe> or <script>tag, but it has even been triggered by using the word select in a text editor.
When you make edits to a Beaver Builder layout and find that Publish or Save consistently hangs, it may be because of a mod_security issue on your hosting server.
Technical details
Mod_security is an Apache module that serves as a web application firewall. When you save or publish a page, a POST object is sent to the admin Ajax, and it is scanned by modsec if mod_security is enabled. Tags like <iframe> and <script> (non-UTF-8 characters) or words like select, which is a keyword used in MySQL queries, can be interpreted as a security threat and produce a 403 or 406 error in Ajax, causing the Save or Publish to hang.
You can find out whether your hosting server is using mod_security by asking your hosting provider or, if you know PHP, by using phpinfo(). Note that a 406 error usually indicates that mod_security is in use.
Solution
Try adding the following line to the wp-config.php file in your WordPress home directory:
define( 'FL_BUILDER_MODSEC_FIX', true );
This solution has been found to work with our MWP hosted sites in the past.
This line causes the request to be base64-encoded so modsec sees the offending tags and text as binary data and allows it to pass through. This line can go in a child theme functions.php in some cases, but we do recommend that you put it in wp-config.php. If you’ve tried adding it to wp-config.php and functions.php in your child theme and it doesn’t resolve the issue, contact support.
Source: https://kb.wpbeaverbuilder.com/article/40-403-forbidden-or-blocked-error