WordPress 4 was released today and both WordPress 3.9 and 4.0 have big improvements to the “Customizer”. But I’ve been having some issues with the customizer that are actually hosting-related.  If you’re getting issues with your customizer preview not loading, then here’s how to fix it.

What’s the customizer?

For those of you that don’t even know that the customizer exists, it’s a clever part of WordPress that lets you customise the look and feel of your site with a live preview showing you how your changes look.  With recent updates you can even modify widgets with real-time previews too!  Its great if you’re making some structural changes to your site.

I don’t get a live preview?

Ah. Well, you may well have the same problem that I did.  Here’s a broken customizer screen of mine:

Broken WordPress Customizer Screen

Broken WordPress Customizer Screen

You’ll notice that it’s mostly a dull grey. It’s loaded all of the options on the left-hand side, but the site preview has failed to load.  Refreshing does nothing. Saving the options does nothing. The preview is broken.

If you’re technical enough to open developer tools in your browser, you will see an HTTP request to your site’s homepage that sends a load of POST data, and returns a 403 Forbidden code.

How do I fix my broken customizer?

If you’re seeing this issue then it’s possible that you’ve got the same issue that I had: your web host or web server has mod_security rules that are being triggered by the POST data being sent, and the loading of the preview is being blocked.

The fix is either:

  • if you’re on shared web hosting, contact your web host and ask them if you’re triggering mod_security rules, and to allow the blocked request through; or
  • if you have your own server, analyse your own web server logs to see if you’re triggering a security rule, and allow if through yourself (doing this is left as an exercise for the reader).

Nope, that didn’t work!

Sorry about that. I guess there are other possible things that could block the preview loading. But I wanted to document the one that I’d found in case others had the same issue.

It worked! You’re a genius!!

Well, actually, I’m totally indebted to my pal @keiron at Better Web Space who was the one who suggested it could be a mod_security rule. He’s the genius! Look him up and buy his hosting. 🙂