I am being rate limited since updating to wordpress 5.8 and using the new widgets section

I am being rate limited by Cloudflare since updating to wordpress 5.8 and using the new widgets section. Here is the issue. The rate limiting thing happens on any computer I use. That meaning any Outside IP Address. I know this since I tried this on my work computer and had the same issue. You can easily reproduce this issue when you simply go to wp-admin > appearance > widgets. This new widgets section in Wordpress 5.8 causes the rate limiting to happen. I can use any other portion of wordpress, but once I go into the widgets is when the rate limiting happens. In saying that, this is a big deal since I will not be able to edit wordpress widgets in the future in wordpress unless this gets taken care. I can avoid the rate limiting by not touching widgets, but since I need to, this doesn’t work either. I hope this helps. I do use siteground and have cloudflare configured with them. They said to come to your support for help.
Thanks.
-Paul {redacted}

I’m unable to replicate this on my 5.8 sites. What theme are you using?

I get the following error after going into the new widgets block area in wordpress 5.8. Your screenshot is not what I see in my widgets area. See below for what the widgets area now looks like.

I am using Generatepress Premium for my theme and it is up to date including the plugin.
I am also using Siteground Go Geek for my hosting.
Thanks.

I’m not seeing an error in your screen, but when I switch to Generate Press Premium, I see this with my “legacy widgets”:

I don’t think that’s a rate limiting error, but I’m also not getting anything in my mailbox. I can add a new widget block, like Latest Posts. As this is a brand new feature in WordPress, I’ve not had time to experiment with it.

Yep, you first get the critical error messages with your widgets and then after a while they all start to show up correctly. Now, it was a little while after working with the new widget section is when the rate limiting messages started to pop-up and I could not even access my site for a little while. This still happens when I am accessing the new widgets section in WP 5.8 with GP Premium.

I generally don’t even have Rate Limiting set for any of my domains, and certainly not for wp-admin. Does anything show up in the Firewall Event Log of the Cloudflare dashboard?

In the Firewall Evens, you will see the Rate Limiting Service set against my Work IP (65.144.71.30). This is after going into the widgets section in wordpress.

And also on my home IP in the same section in Wordpress…

What Rate Limit to you have set? It could be that widgets now require more requests and it’s just pushed you over the limit you set.

I’ve never had the rate limiting issue until WP 5.8 pushed out the new widgets section. I do think that the widgets section must be using more requests now then before. Hopefully cloudflare fixes this so that rate blocking doesn’t happen when using it. In saying this, I have the option to Enable Rate Limiting, but have never done this before…

I’d be surprised if this is some default Rate Limit Cloudflare uses. Can you expand one of those Firewall Events to show more info about the rate limit event? And post the screenshot.

Here is the first event that happened for the Rate Limiting today…

I don’t think Workers would help, or is something you necessarily need.

I also suggest you delete that image since it has your address on it.

I’m stumped on the Rate Limiting. Can you open a ticket: support AT cloudflare DOT com (from your account’s email address)? Please post the ticket # here so some can take a look at it quicker.

I deleted the image. Thanks for the advice on that.

I did create a ticket and they automatically closed it and told me to use the Community Section instead. That ticket is #2213754.

Make sure you reply to the ticket to keep it open. Then someone should take a look at it. I’ve added this thread to the escalation queue.

I updated the ticket with what you said in this thread. Thanks for all your help.

1 Like

This looks like it could be somehow related to the WordPress Heartbeat API. Are all of the firewall events for the same path? (/wp-admin/admin-ajax.php)

Rate Limiting always begins with…
/wp-admin/admin-ajax.php

Then…
/wp-admin/edit.php

Then…
/favicon.ico

Then…
/wp-admin/edit.php

Then…
/favicon.ico

And then again…
/wp-admin/admin-ajax.php

These are the Paths in the Firewall for Rate Limiting and they are when I access the widgets block section in WP 5.8.

Hi @paulgee98 I’ll reply on your ticket but it looks like your hosting provider Siteground have configured a worker here and that is triggering the rate limit. I’ll share more on the ticket but you’ll need to contact them to ensure they have everything set up correctly.

1 Like