This question already has an answer here:
I've installed the newest version of Wordpress on my own VPS running Apache and PHP 7.2
The Apache was installed automatically when I had installed centos web panel (CWP)
In Wordpress, when I want to publish or update a Post containing HTML styles or classes, the page redirects to a 403 error page with this content:
Forbidden
You don't have permission to access /wp-admin/post.php on this server.
For example, when I change the text font or color, the post could not be saved!
I've deactivated all plugins and tested again but nothing changed.
</div>
I got myself.
the problem was due to mod security of my CentOS Web Panel (CWP) I'd installed.
The XSS mod security rule also prevents injecting special HTML tags.
To disable XSS rule:
removal rule to file: global_disabled_rules.conf in apache mod-security-owasp folder. in centos web panel, the Apache folder is in /usr/local/apacheOR
modsecurity_crs_41_xss_attacks.conf in this path ( path is correct for CWP panel ): /usr/local/apache/modsecurity-owasp-old/base_rules/OR you can simply, completely disable mod security
Consider that, I first disabled my firewall, but nothing got changed but when I disabled mod-security, the 403 Forbidden error had gone away.
So notice that firewall and mod-security are two separated things.