Update 3/10/2015: How is this not a bug, when you shouldn't have to disable mod security to change page logos and or fonts? I'm more thankful that someone suggested to check if Mod Security was enabled, otherwise I could have spent hours or days changing chmod settings on all the files and folders, and responding to several host tickets regarding the issue.
Thankfully my shared host allows me to disable Mod Security myself, otherwise could have been left holding the can. Other users aren't always this lucky, and some hosts just don't allow it to be disabled for possible security issues. Isn't it possible to code to accept if Mod Security is enabled or not? @Alexander Ebert Now I have to keep disabling mod security every time I create a sub domain name.
Update: After I disabled ModSecurity I don't see the problem happening all that often. ModSecurity was enabled on the sub domain. Maybe wbb is not compatible with Modsecurity?
Changing the page logo under Appearance > List Styles > Edit a Style > Global Settings > Page Logo.
Attempt 1: Manually typing in the new logo's name, example; logo_blue.png, seems to load it in logo preview box, but then hitting "submit" gives 403 access denied.
Attempt 2: Hitting the upload button, choosing the image to upload seems to work, gives green message above saying it was saved/successful. But then after hitting submit button below, gives 403 access denied.
Refreshing the site index page shows no change of logo at all. I even chmodded wcf/images/ 777, and also premium style folders 777, and yet some how the uploaded logos are being generated in the wcf/images/ folder as chmod 644. I've just been uploading the logo images directly via file manager or ftp client.
Edit: While doing this in xampp / localhost seems to be working, uploading images and hitting submit is working, no 403 access denied. But I don't have the same premium styles installed in the xampp copy though either. Will test that once. - update, installed the same premium style(s) in xampp, and changed logo and it works. Must be a host setting or whatever.