When you open Elementor editor, the interface stops loading and the browser shows a 403 or 413 response. The request that fails is a POST to wp-admin/admin-ajax.php. ModSecurity intercepts the request and returns an error page.
ModSecurity is a web application firewall that evaluates each HTTP request against a set of signatures. The default OWASP, Atomic or Comodo rule sets contain patterns that treat large JSON payloads or certain characters as suspicious. Elementor sends a JSON body that includes widget settings, template data and inline scripts. The firewall matches this payload with rules such as 949110, 980130 or 300015 and classifies it as a potential attack.
The rule that triggers often checks the size of the request body. Elementor autosave and template import exceed the default 1 MiB limit. When the limit is crossed, ModSecurity generates REQBODY_ERROR and blocks the request before PHP receives it.
Because the request never reaches WordPress, Elementor cannot retrieve the data it needs to render the editor. The result is a blank screen, missing controls or an error message. Your site remains functional for visitors, but the page‑builder becomes unusable.