Mod Security is a web app firewall (WAF). It monitors and blocks the malicious incoming web-traffic in real-time. Once there is any incoming web request, it will compare it with the added rules and check for the pattern such as session hijacking, SQL injection, cross-site scripting, etc. Mod Security also allows adding of custom rules for incoming web-request. Simply mod security protects your application depends on the ruleset in use.
You can enable mod security for your domain from cPanel using a few steps. Please refer to how to enable ModSecurity on cPanel.
What is 403 Forbidden Error in Wordpress?
403 forbidden error for your website is an HTTP status code that a web server sends to your web browser due to incorrect permission or corrupt .htaccess file. It is possible due to a corrupt plugin as well.
WordPress 403 Forbidden Error and ModSecurity
Whenever there is any update to your Wordpress files such as admin.ajax.php, post.php, or page.php, ModSecurity may recognize it as code injection and give 403 forbidden error responses. Mod security may give you 403 forbidden error when you update or save your Wordpress post and comments. You can disable ModSecurity for your domain temporarily to fix this issue. You should enable the ModSecurity after updating your Wordpress post.