403 error blocks WordPress login unless Cloudflare is paused

What is the name of the domain?

What is the error number?

403

What is the error message?

see screenshot

What is the issue you’re encountering

When Cloudflare is paused, I can access my WordPress site. When I turn Cloudflare on, I can’t.

What steps have you taken to resolve the issue?

Contacted my hosting service (NameCheap). They have my SSL certificate.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

What are the steps to reproduce the issue?

Visit site. It doesn’t load for me as a visitor or as administrator to login.

Screenshot of the error

If you’re seeing a 403 error without Cloudflare branding, this is always returned directly from the origin web server, not Cloudflare, and is generally related to permission rules on your server. The top reasons for this error are:

  1. Permission rules you have set on the origin web server (in the Apache .htaccess for example)
  2. Mod_security rules
  3. IP deny rules. You need to make sure that Cloudflare’s IP ranges :arrow_upper_right: aren’t being blocked

Cloudflare will serve 403 responses if the request violated either a default WAF managed rule enabled for all orange-clouded Cloudflare domains or a WAF managed rule enabled for that particular zone. Read more at WAF Managed Rules.

If you’re seeing a 403 response that contains Cloudflare branding in the response body, this is the HTTP response code returned along with many of our security features:

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.