Hello, I’m getting a 403 message for the URL of a JavaScript file that every page of my site uses (which may be causing crawling issues):

https://mydomain.com/wp-content/plugins/autoptimize/classes/external/js/lazysizes.min.js?ao_version=2.6.2

When I click on that link I get an error message by CloudFlare:

“Error 1020 Access Denied”

“This website is using a security service to protect itself from online attacks.”

The only “security service” my website uses is WordFence. But I checked with their support which said their plugin isn’t causing this. Could it be some security setting in CloudFlare? Thanks in advance

Check the Firewall Events Log to see what rule is triggering the block.

The only rule is one that blocks requests from plugins. This rule will trigger if the URI path contains the value /wp-content/plugins and the referrer does not contain mydomain.com.

Does this rule make sense and should I keep it?

If so, is there a way to amend the rule to make an exception for the Autoptimize plugin? Thanks

You already have Wordfence, so go ahead and delete that firewall rule.

Alright the linked Autoptimize JS file got access again. Thanks very much

This topic was automatically closed after 30 days. New replies are no longer allowed.