Spontaneous 503 Blocks

  • Resolved mburdett555

    (@mburdett555)


    2 years, 1 month ago

    Not sure what to do here.
    If I go straight to my site /wp-admin – i’m immediatley blocked
    If I log in successfully and start editing pages, after a few WP ajax post save requests, i’m blocked again and cant save a post. I’m blocked again.

    In live traffic, its showing as block http 503, human from London blocked by the Wordfence security network. It shows pages like /xmlrpc (which I’m not directly accessing via browser) and more.

    The site is protected proxied via Cloudflare, and the IPs in Live Traffic on Wordfence aren’t mine, but instead they’re Cloudflare IPs. EG 141.101.98.11

    I’m guessing I need to whitelist Cloudflare’s IPs or something?

    Not entirely sure what the problem is here. Apart from autoptimize and a few other basis essentials, and a clean theme, nothing I know of could be causing problems.
    All plugins themes and WP core up to date.

Viewing 3 replies - 1 through 3 (of 3 total)

  • Similar issue. The last thing to be updated was wordfence on the 4th and the site worked fine yesterday. Today the only way to even view my website is to rename the wordfence folder to disable it. 503 errors if I try to log in.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @mburdett555, thanks for reaching out.

    The IP detection does seem key in this case as there some additional configuration options that usually need to be put in place for customers using Cloudflare.

    First, ensure your visitor IP detection is set up correctly. Head over to your site and go to Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs. You will most likely need to select “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.”. You can check whether the correct IP is coming through by comparing the value specified here to your IP as seen on https://www.whatsmyip.org/

    You may also need to update your Cloudflare settings to allow your site to connect back to itself. If you’ve already done this when originally setting up Wordfence, then this may be fine. I’ll provide instructions anyway just in case:

    • Login to Cloudflare
    • Go to “Firewall”
    • Click the “Firewall Rules” tab
    • Click “Create a Firewall rule”
    • Name the rule under “Rule Name”
    • Set the “Field” under “When incoming requests match…” to “IP Source Address”
    • Enter your site’s IP address under “Value”
    • At the bottom, under “Then…Choose an action” change “Block” to “Allow”
    • Click “Deploy

    Once you have added your site to the Cloudflare Whitelist, head back over to your site and attempt another scan. Sometimes, the same process needs to be done for our IP addresses, which can be found here: https://www.wordfence.com/help/advanced/#servers-and-ip-range

    Thanks,

    Peter.

    Thread Starter mburdett555

    (@mburdett555)

    Thanks Peter. Setting the IP detection to Cloudflare seems to have fixed the issue.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Spontaneous 503 Blocks’ is closed to new replies.