Especially when there is a new release of the plugin, there are calls that sometimes Wordfence or firewalls may flag.  The user is either not able to submit a form - just spins, but never completes.  Or they submit more than once and it will finally goes through.  If you look at the inspect/console, you may see 403 error for the wp-admin/admin-ajax.php file.


This is the typical error that is seen:

A potentially unsafe operation has been detected in your request to this site

Your access to this service has been limited. (HTTP response code 403)
If you think you have been blocked in error, contact the owner of this site for assistance.

Block Technical Data

Block Reason:A potentially unsafe operation has been detected in your request to this site
Time:Wed, 10 Nov 2021 3:08:29 GMT

About Wordfence

Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.
You can also read the documentation to learn about Wordfence's blocking tools, or visit wordfence.com to learn more about Wordfence.
Click here to learn more: Documentation
Generated by Wordfence at Wed, 10 Nov 2021 3:08:29 GMT.
Your computer's time: .


On the backend, you may also see "There was an error in the API"


Here are some things to try:


1.  Here is how to update Wordfence to whitelist admin-ajax.php:


1.  Go to Wordfence > All Options

2.  Go down to the Whitelisted URLs section

3.  Enter /wp-admin/admin-ajax.php in the URL box 

            (This is an example, you may have  /wp/wp-admin/admin-ajax.php, for example)

4.  Select  Param Type: POST body for the dropdown

5.  Enter actions for the Param Name

6.  Click the Add Button

7.  Click Save Changes in the top right corner



2.  Check this to see what the block is - you could then add whitelist of something different.
403 Forbidden. A potentially unsafe operation has been detected in your request to this site. If you see this message it means Wordfence has blocked you for violating a firewall rule. If you are an administrator on the site, check the “Tools” > “Live Traffic” page feed and locate the request that was blocked.  

3.  If you are logged on as Admin, you should get popups that will allow you to white list the services that are being called for the form. 

4.  Finally, you can turn on learning mode.  This should let the forms submit and watch for the calls in question and whitelist them automatically.