“Saving failed” WordPress Theme Customize

When customizing a theme in WordPress, you may sometimes encounter error messages in a red frame such as “Saving failed,” “Update failed. The response is not a valid JSON response,” and “Saving failed.”

This post will explain how to resolve this issue as of September 2024.

How to Resolve the “Saving Failed” Error

I encountered this error when using WordPress’s default theme called Twenty Twenty-Four. It only appeared when I tried saving from the template customization screen.

For Users of Onamae.com OR something rental server

If you are using Onamae.com, the WAF security setting might be turned ON in the Onamae.com control panel. Try turning it OFF.

To do this, access the rental server control panel:
https://cp.onamae.ne.jp/homepagesecurity/waf

In the left side panel, under Homepage Settings/Security, select the WAF option and turn off the Detection Log Management setting.

For Users of Security Plugins

If you are using a security plugin in WordPress, such as the “SiteGuard” plugin, which has a WAF security setting, you can turn it OFF from the plugin’s settings page.

If This Does Not Solve the Issue

If the issue persists after these steps, feel free to leave a comment. I might be able to help further.

---

What is WAF Security?

WAF (Web Application Firewall) is a security system designed to protect web applications from unauthorized access or attacks.

WAF plays a role in detecting and preventing application-level attacks. Specifically, it can detect attacks such as SQL injection, cross-site scripting (XSS), and malicious HTTP requests, blocking them before they reach the web application.

WAF is deployed at the boundary of the network. While a traditional firewall mainly protects the network layer, WAF monitors the communication to and from web applications, identifying attack patterns.

By implementing WAF, you can improve the security of publicly accessible web services and applications.

Types of WAF:

• Host-based WAF: Installed directly on the server, placed on each web server.
• Cloud-based WAF: Delivered through the cloud, it prevents attacks on web applications over the internet.

Introducing WAF can reduce the risk of data leaks or service outages caused by unauthorized access or attacks, making it a crucial security measure.

---

How WAF Works:

WAF is positioned between the web server and the internet, and it protects web applications through the following flow:

1. Traffic Monitoring: WAF monitors HTTP/HTTPS traffic sent to the web application in real-time.
2. Rule-based Inspection: WAF comes preconfigured with rule (signature) sets that detect common attack patterns and threats. Traffic is inspected against these rules.
   • Examples: SQL injection, cross-site scripting (XSS), file upload attacks, etc.
3. Attack Detection and Blocking: When a request shows signs of an attack, WAF blocks the request and prevents the attack. Additionally, it can log details of the attack and notify administrators.
4. Allowing Normal Requests: Requests that do not violate the rules are allowed to reach the web server, and the application operates as usual.

Reference:

https://siteguard.jp-secure.com/blog/what-is-owasp