On a WordPress website that is protected with ModSecurity, when admin edits pages using Elementor or Gutenber in wp-admin dashboard, ModSecurity may falsely detect it as XSS attack.
What we usually do is disable specific rules that create this false positive, but in this case, it is because HTML/JS code is submitted. So it is better just to disable ModSecurity for the specific URL that causes this error.
To do this, add following code to Apache VirtualHost entry for this web site.
<If "%{REQUEST_URI} =~ m#//wp-admin/admin-ajax.php#">
SecRuleEngine Off
</If>
<If "%{REQUEST_URI} =~ m#/wp-admin/ajax.php#">
SecRuleEngine Off
</If>This will disable ModSecurity for URLs /wp-admin/admin-ajax.php and /wp-admin/ajax.php
If instead you want to disable Mod_Sec completely for a specific domain in cPanel, you can learn how to do exactly that here.
