You install Divi 5. The Visual Builder shows errors. You open the console and see “401 Unauthorized” or “403 Forbidden.” Something is blocking Divi from talking to your server. Divi 5 relies heavily on the WordPress REST API. If something blocks that API, the builder breaks [citation:5].
Why You See 401/403 Errors
These errors mean your server is rejecting Divi’s requests. Common causes:
- Security plugins – Wordfence, Sucuri, or others are blocking REST API access
- Web Application Firewall (WAF) – ModSecurity rules may be too strict
- Nonce/cookie issues – authentication tokens are not being accepted
- IP restrictions – your hosting only allows certain IPs
How to Fix 401/403 Errors
Try these solutions in order:
- Whitelist REST API in security plugins – add /wp-json/* to allowed URLs
- Temporarily disable WAF – if the builder works, add rules to allow Divi requests
- Check .htaccess or Nginx config – look for blocks on wp-json
- Clear all cookies and re-authenticate – log out and back in
Testing REST API Access
Open your browser and go to: https://yoursite.com/wp-json/
You should see a JSON response (a bunch of text in curly braces). If you see an error or blank page, your REST API is blocked [citation:5].
WordPress 6.9.x Specific Issues
Divi 5 was released around WordPress 6.9. Some compatibility issues exist. The most reliable fix is to:
- Deactivate all optimization plugins
- Save permalinks
- Clear cache
- Reactivate plugins one by one
When Nothing Works
Roll back to Divi 4 temporarily. Export your layouts. Wait for Divi 5 to mature. You do not need to be an early adopter.