Cloudflare started blocking my All In One SEO plugin

Hello all. This is my first time posting here. I’ve been running Cloudflare and the All In One SEO (AIOSEO) plugin for over two years without issue. Now I’m having a problem with Cloudflare security blocking my plugin and not allowing me to save updates.

This is what AIOSEO support stated: “It looks like this issue is related to Cloudflare. Our requests being made are returning a 403 error because Cloudflare wants the plugin to complete a captcha, which it obviously can’t.

I worked with AIOSEO support and they had me create the following page rule:*

I tried setting security to medium, low, and finally no security. After waiting over an hour after each setting change the plugin is still getting blocked.

After notifying AIOSEO, I received the following response: "I was able to confirm that this is an issue with the Cloudflare service blocking our Plugin by taking a look at the screenshots shared by you. The issue resolves after Disabling Security for wp-json/aioseo in most of the cases (it may take up to 30 minutes).

They then said that it was out of their hands and that I should contact Cloudflare for support to help create an exception for their route.

Does anyone have any experience with this? Thanks in advance.

Page Rule probably isn’t going to fix this.

Give the Firewall settings page a look and read through the Firewall Event Log to see if you can see the request being blocked. Though the fact they say they’re getting a CAPTCHA indicates it’s a bigger problem.

If they have an IP address you can add to the Allow List in Firewall → Tools, that might be a better approach.

By default, Cloudflare does not block WordPress REST API accesed via /wp-json/.

Seems like your plugin is not using REST API due to being blocked by some other plugin?

Moreover, do you use any Security or Firewall plugin for WordPress?
Any custom firewall rules setup on the Cloudflare?

Thanks much, sdayman. I did as you said and found a few events in the Firewall Log. I took a screenshot and sent that along with the json file for the event to AIOSEO. They got back to me and said, “Cloudflare has a security module installed that is aggressively blocking our options from saving due to false-positive security errors.”

They provided a work around on their end with a plugin patch. I installed it and it looks as though it has been resolved.

I appreciate the help.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.