Locked out of my own website by CF

WCUWdotorg. A Wordpress site.

I was having problems trying to upload new images, and got kicked out by Cloudflare, with this note:
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

I have the Cloudflare Ray ID, but should I post it here?

I have the Pro plan. Just upgraded to it last week.

Why did this happen? And how do I unblock myself?


It’s always a good idea to :search: first.

See if this answer to a similar post gives you a hint as to how to find out.


thanks! I just upgraded to the Pro plan, and although I searched, I did not really know what I was searching for. I scrolled through 3 pages of results, but did not find much of use.

From the link you provided, I was able to get my problems fixed by setting up a WAF exception. However, the only way I could write the exception was to have CF skip all manager rules when the IP address was mine (or the CF proxied address).

So it worked- for a while.

My home router had to be rebooted and- the exception no longer worked, as my CF IP address had changed. I edited the exception, and was able to complete my web work.

But there must be some way to set up the exception or something so that if my CF IP address (or even my dynamic home IP address) changes, I don’t have to go and edit the rules.

You shouldn’t ever need to place any Cloudflare proxy IPs in any exception rules in Cloudflare. The proxy will never be connecting to itself to access your site. Your origin server IP may need to be in there for certain actions that involve your site connecting to itself.

I’m sorry that I don’t have any immediate suggestions concerning your dynamic home IP.

1 Like

I do have an Skip action for my home IP address, and need to update it every time I need to perform certain tasks on the WordPress panel. If I was to need it constantly and my IP also changed constantly, I’d need to write a script to (1) fetch my current IP address from some online service/API, then (2) update the rule via Cloudflare API. No magic button for this.


You should be able to Skip a particular rule. In the process of creating a WAF exception, you will be asked whether you want to skip specific rules, at which point you should provide the Rule ID. You find the Rule ID in the Security > Events log that was triggered and resulted in your action being blocked. Please see this answer to a previous topic.


thanks. I will be setting up IP access rules to allow my computers to access the site. I will not worry about the CF proxied ones. I’m going to look into my router info and see if I can fix the IP address.


thanks for your help. The links you’d given were really useful.


yeah- no magic button.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.