Cannot upload media in Wordpress with Cloudflare active

I went through every setting in cloudflare turning off and on and changing security levels.
Regardless what I try out of our 5 editors in different locations, only 2 can upload photos to our WordPress site. The two editors are working from the same IP
I allowlisted the remaining IPs everywhere and even started pointing cloudflare directly to the server instead of our load balancer.
They get an error when uploading a pic saying: The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. The suggested maximum size is 2560 pixels.

Our images are very small, usually below 50.
It works fine on two IPs.
Once I bypass the DNS from Cloudflare it works.

Please help

May I ask which Cloudflare plan are you using for your zone? :thinking:

If you’re at least on a Pro, you can create a WAF Rule to SKIP the specific Rule/Ruleset which gets triggered while we’re uploading stuff to the WordPress Media Library:

  • Cloudflare OWASP Core Ruleset - 949110: Inbound Anomaly Score Exceeded - 6179ae15870a4bb7b2d480d4843b323c

Otherwise, you can create a new WAF Rule to SKIP security for paths of the upload:

(http.request.uri.path contains "wp-admin/upload.php") or (http.request.uri.path contains "wp-admin/async-upload.php")

Furthermore, kindly see possible solutions from below posts:

Thank you very much.
I added the WAF for wp-admin/upload.php and it seems to work - very helpful.
I am just worried this may also open up a path for hackers?

Thanks

Ran into the same issue today. This rule works when on pro (no regex allowed there)
(http.request.uri.path contains "wp-admin/upload.php") or (http.request.uri.path contains "wp-admin/async-upload.php")

1 Like