Skip to content
Home > Posts > 403 Errors – Beaver Builder Hangs on Publish or Save

403 Errors – Beaver Builder Hangs on Publish or Save

Beaver Builder uses Ajax to process your work in the Beaver Builder editor, and if the Ajax process encounters something in your content that triggers a 403 error, you’ll see a popup error message. The 403 error or sometimes a 409 error may also appear in your browser console when you have trouble saving modules or publishing a page.

Nearly always, the 403 error (and sometimes a 409 error) is caused by your server having mod_security enabled. Usually (though not always), the 403 error occurs when you add some custom code to one of your modules, such as an <iframe> or <script>tag, but it has even been triggered by using the word select in a text editor.

When you make edits to a Beaver Builder layout and find that Publish or Save consistently hangs, it may be because of a mod_security issue on your hosting server.

Technical details

Mod_security is an Apache module that serves as a web application firewall. When you save or publish a page, a POST object is sent to the admin Ajax, and it is scanned by modsec if mod_security is enabled. Tags like <iframe> and <script> (non-UTF-8 characters) or words like select, which is a keyword used in MySQL queries, can be interpreted as a security threat and produce a 403 or 406 error in Ajax, causing the Save or Publish to hang.

You can find out whether your hosting server is using mod_security by asking your hosting provider or, if you know PHP, by using phpinfo(). Note that a 406 error usually indicates that mod_security is in use.


Try adding the following line to the wp-config.php file in your WordPress home directory:

define( 'FL_BUILDER_MODSEC_FIX', true );

This solution has been found to work with our MWP hosted sites in the past.

This line causes the request to be base64-encoded so modsec sees the offending tags and text as binary data and allows it to pass through. This line can go in a child theme functions.php in some cases, but we do recommend that you put it in wp-config.php. If you’ve tried adding it to wp-config.php and functions.php in your child theme and it doesn’t resolve the issue, contact support.


Scroll To Top