Skip to main content
Version: Beaver Builder 2.7

403 Forbidden or 403 Blocked error

Beaver Builder uses Ajax to process your work in the Beaver Builder editor, and if the Ajax process encounters something in your content that triggers a 403 error, you'll see a popup error message. The 403 error or sometimes a 409 error may also appear in your browser console when you have trouble saving modules or publishing a page.

Nearly always, the 403 error (and sometimes a 409 error) is caused by your server having mod_security enabled. Usually (though not always), the 403 error occurs when you add some custom code to one of your modules, such as an <iframe> or <script> tag, but it has even been triggered by using the word select in a text editor.

Technical details

Mod_security is an Apache module that serves as a web application firewall. When you save or publish a page, a POST object is sent to the admin Ajax, and it is scanned by modsec if mod_security is enabled. Tags like <iframe> and <script> (non-UTF-8 characters) or words like select , which Is a keyword used in MySQL queries, can be interpreted as a security threat and produce a 403 or 409 error in Ajax, causing the Save or Publish to hang.


Often your web hosting provider or server administrator can resolve this issue, or you can try this solution by enabling the Mod Security fix found in the WordPress Admin Dashboard > Settings > Beaver Builder > Advanced.

This causes the request to be base64-encoded so modsec sees the offending tags and text as binary data and allows it to pass through.


You can also add the following line to the wp-config.php file in your WordPress home directory:

define( 'FL_BUILDER_MODSEC_FIX', true );

This line can go in a child theme functions.php in some cases, but we recommend that you put it in wp-config.php.


If you've tried enabling the Mod Security fix and adding it to wp-config.php and functions.php in your child theme and it doesn't resolve the issue, contact your hosting provider or Beaver Builder Support.