Note: This article ONLY applies if you are using Cloudflare in front of your website.
This issue is caused by a recent update in November of 2025 that has caused the /wp-admin/admin-ajax.php file to have certain operations blocked that pass through this file. To correct this issue, we can add a rule to Cloudflare that will whitelist this file’s operations to make sure that your users can still interact with Elementor without an issue.
Initial Discovery
This was discovered on a website utilizing Cloudflare that had Bot fight mode, as well as additional stringent security restrictions installed. This website did NOT have the default Cloudflare configuration, however no rules were in place that would have actively blocked this particular file. This issue was discovered when attempting to save a post with a container that had a custom Padding value set that caused this 403 Forbidden error. This issue did not reoccur if the custom padding value was removed. This applied to any containers within the post that had custom padding values.
Install Cloudflare Security Rule
- Log into Cloudflare
- Go to Security > Security Rules
- Click Create Rule +
- Give the rule a name, such as “Whitelist WordPress Admin Operations”
- Set the When Incoming Requests Match… section to the following
- Field: URI Path | Operator: Contains | /wp-admin/admin-ajax.php
- Field: Cookie | Operator: Contains | wordpress_logged_in_
- Under Take Action…
- Choose Action: Skip
- Under WAF Components to Skip, make sure that all options are checked
- Set Place At to First
It may behoove you to clear all caches, including Cloudflare cache, your website cache, and any web server caches or reverse proxies that may be installed.