contact_mailContact Form 7•error403securityfirewalldescriptioncontact-form-7settingsserver_configuration•labelCommon•warningModerate

Contact Form 7: Form submission blocked by ModSecurity

When a visitor submits a Contact Form 7 form, the request passes through ModSecurity before reaching WordPress. ModSecurity evaluates the request against a large rule set.

Some rules treat URLs, HTML tags, or long strings as threats. The rule engine flags these patterns even when they belong to a legitimate message. This creates a false positive that stops the form.

If the request body exceeds the configured size limit, ModSecurity stops processing and returns a 403 response. The same occurs when the regular expression engine reaches its match limit while parsing a large message.

Older Core Rule Set versions contain patterns that have been relaxed in newer releases. Shared hosting providers often enable a high‑security profile that blocks any request containing a URL or SQL keyword.

When the visitor’s IP address is not on a whitelist, the profile may reject the POST request regardless of content.

Symptoms

[dashicons-warning]

Form hangs after submit

No success message appears and the page does not reload.

[dashicons-no]

403 Forbidden response

Browser shows a generic forbidden page or blank screen.

[dashicons-admin-site]

CF7 error message

Message reads "The form could not be submitted. Please try again later."

Common Causes

Rule‑triggered false positive

A CRS rule matches a URL, HTML tag, or SQL keyword in the form data.

Request body size limit

Payload exceeds SecRequestBodyLimit or SecRequestBodyNoFilesLimit.

PCRE match limits

Long or complex message hits SecPcreMatchLimit or SecPcreMatchLimitRecursion.

Out‑of‑date CRS

Older rule set contains overly aggressive patterns.

Strict hosting profile

Provider blocks any request containing URLs or certain keywords.

Need this fixed right now?

Don't waste your day debugging. Our experts can Fix your issues in under 2 hours.*

Success Rate

100% Guaranteed

Starting from

$35 /hour

99+

Trusted by Business Owners

“I spent 3 days trying to fix the Elementor loading loop. These guys fixed it in 20 minutes. Lifesavers!”

— Sarah J., Web Designer

Related Issues

Contact Form 7: REST API request failed: 503 Service Unavailable

A 503 Service Unavailable response stops Contact Form 7 from sending data...

apiREST APIerror503descriptioncontact-form-7

Contact Form 7: REST API request failed: 429 Too Many Requests

The form tries to send data through the WordPress REST API. The...

apiREST APIerrorerrorsecurityfirewalldescriptioncontact-form-7settingsserver_configuration

Contact Form 7: REST API request failed: 401 Unauthorized

The form tries to send data via the WordPress REST API. The...

apiREST APIadmin_panel_settingspermissionsdescriptioncontact-form-7lock401

Contact Form 7: File upload error: temporary directory missing

The error appears when Contact Form 7 cannot locate a writable temporary...

codePHPcloud_offupload erroradmin_panel_settingspermissionsdescriptiontemporary filedescriptioncontact-form-7

Contact Form 7: Mail (2) sending failed: PHP mail() function disabled

Contact Form 7 reports a failure for Mail (2) when the PHP...

codePHPerrorerrordescriptioncontact-form-7mailMailsettingsserver_configuration

Contact Form 7: Mail (2) sending failed: SSL certificate verification failed

Contact Form 7 reports a failure when trying to send the secondary...

errorerrorlocksslcodecURLdescriptioncontact-form-7