Cloudflare Wordpress WP-CRON Issues

I have an issue I need assistance with. Our client is using cloudflare.com with wordpress website. Unfortunately it appears something changed over the past month or so and now the /wp-cron.php scheduled actions won’t run properly. When I go to FIREWALL > ACTIVITY LOG I can see instances where the firewall blocked this URL path (various query strings on end of it).

How can I prevent this from happening as it appears this is causing issues with various records not being properly updated. Also of note; I did setup a firewall rule that is supposed to ignore all requests to that URL path, but even that doesn’t seem to resolve the issue.

As it stands right now there is 8958 pending tasks in wordpress. Help! Any guidance is greatly appreciated.

If you click on the firewall event, it will show you the specific rule that’s blocking it. That portion of the rule should be modified to allow the desired access to wp-cron

1 Like

So here is the names I see of the rules related variables.

Ruleset ID: 48ba18287c544bd7bdbe842a294f1ae2
Ruleset Name: Bot Fight Mode for Definite Bots
Rule ID: 874a3e315c344b1281ad4f00046aab6f
Rule name: manage definite bots
Action taken: Managed Challenge

And the info related to the URL…

Path: /wp-cron.php
Query string: ?doing_wp_cron=1636124723.6286320686340332031250
(which the query string may or may not be present and the numerical string differs)

So where would I go to adjust this rule? I went into “manage rules” and nothing obvious is there.

Also of note; I performed a test where I put CF on pause and within minutes most of the WP-CRON scheduled tasks began firing off. So its definately some setting on CF when its active causing this.

Those rules are very unforgiving, which is why many people here have had to disable them. Trying to Allow list in any way doesn’t work.

If you have command line access and your host lets you run system cron jobs, there are some options. You can ‘curl’ to the local host with some parameters. Or, if your host has wp-cli installed, you can use the ‘wp’ command as well.

Unfortunately I dont have wp-cli available. How would I go about disabling the “manage definite bots” rule(s)?

It looks a lot like the Paid Plan’s Super Bot Fight Mode through the Firewall page’s → Bots menu.

Thank you for your assistance on this. CF replied with something the same time as you as follows:

If you encounter any issues with this feature (e.g. false positive), we recommend that you disable it under Firewall > Bots:
• For Free plans, toggle Bot Fight Mode option to Off.
• For Pro plans, click Configure Super Bot Fight Mode and set Definitely automated and Verified bots to Allow, and toggle JavaScript Detections to Off.
• For Business and Enterprise (no BM add-on) plans, click Configure Super Bot Fight Mode and set Definitely automated, Likely automated and Verified bots to Allow, and toggle Static resource protection and JavaScript Detections to Off.
For more details, please see https://developers.cloudflare.com/bots/get-started.

My client does have the “Pro” plan, so I disabled the “definitely automated” one along with the other settings above.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.