Update: Astra Theme developers said they fixed this in the next release. Right now they are on version 1.3.2.
I ran into an unusual issue building a new WordPress website using the very popular Astra theme as a foundation. When I used the Astra customizer I got a 403 Forbidden error.
- I only got this with the Astra theme and not when I switched to one of the default WordPress themes like Twenty Sixteen.
- I removed all plugins so that was not the issue.
- And I only got this on my A2 Hosting server, not on any of the other hosting servers I had. However it is not necessarily an issue with A2 Hosting as you will see, I only have a few different hosts I tried it on.
Support from Astra said it was a server issue. Support from my hosting provided said it was a theme issue. Well, they were both right. Eventually another support tech from A2 hosting helped nail the problem on the head.
And you might have this on other hosting servers as well.
The Astra Customizer was triggering a specific server security filter which A2 Hosting uses and obviously my other host did not.
If you have this problem, ask your host to white list Mod Security filter ID# 212800 which is for a cross site scripting attack. I think the url parameters used by the Astra theme for the customizer trigger this.
Let me know if you also had this problem and if it worked for you.