The BPS POST Attack Protection Bonus Custom Code blocks the Visual Composer editor from saving text using a POST Request. To whitelist the Visual Composer POST Request add this Query String whitelist in your BPS POST Attack Protection Bonus Custom Code in BPS Root Custom Code, save your changes and activate Root Folder BulletProof Mode.
# WPBakery Visual Composer/Salient Visual Composer Query String whitelist rule
RewriteCond %{QUERY_STRING} !^vc_editable=(.*) [NC]
Security Log entry:
[403 POST Request: June 30, 2017 - 10:34 am]
BPS Pro: 13
WP: 4.8
Event Code: WPADMIN-SBR
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 127.0.0.1
Host Name: xxxxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: POST
HTTP_REFERER: http://demo5.local/wp-admin/post.php?vc_action=vc_inline&post_id=404&post_type=page
REQUEST_URI: /?vc_editable=true&vc_post_id=404&_vcnonce=d8e7444ff7
QUERY_STRING: vc_editable=true&vc_post_id=404&_vcnonce=d8e7444ff7
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
REQUEST BODY: post_id=404&vc_inline=true&_vcnonce=d8e7444ff7&action=vc_load_shortcode&shortcodes%5B0%5D%5Bid%5D=54b0708fadffe77cdeefe2c86a5c55bf&shortcodes%5B0%5D%5Bstring%5D=%5Bvc_column_text%5D%5Blogin_form%5D%0A%0Axxxx%0A%0Axxx%0A%0Axxx%0A%0Axxx%0A%0Axxx%0A%0Axxx%0A%0Axxx%0A%0Axxx%0A%0Axxx%0A%0Aaaa%0A%0Aaaa%0A%0Aaaa%5B%2Fvc_column_text%5D&shortcodes%5B0%5D%5Btag%5D=vc_column_text
Notes: Eventually the BPS POST Attack Protection Bonus Custom Code will be added as a standard GUI feature in BPS and BPS Pro and will have auto-whitelisting capability like BPS Setup Wizard AutoFix.