New firewall event created - Site doesen't work

As of today, I can not log in to my WordPress site. I have a new firewall event that blocked something. I don’t know how to fix that, nor did I create this kind of event.

Help me resolve the issue, please.

Thanks

Hi,

It blocked an attempt to request wp-config.php, an essential WordPress file, at a non-standard location. wp-config.php is normally installed on the directory where WordPress is installed (for instance, /home/userxxx/public_html/), or in some cases in the directory one level above it (if we follow the same example, /home/userxxx/.) So it doesn’t look that particular event is what is blocking your attempt at logging into WordPress.

But if that IP address is yours, it may be the case that your installation has been compromised somehow.

2 Likes

Thank you for your quick answer. I am sorry to say that I don’t understand most of it. It was done during the night and from a different browser. How can I fix that?

1 Like

You need to try to visit your backend (/wp-admin/ or / wp-login.php) and after you are blocked wait a couple of minutes and then go to Security > Events to check what is blocking that request. There are many Cloudflare features that may be at play here, and the Events log panel should tell you which service (if any) is blocking your request.

As I did try to log in many times today, there is only one event showing - the one I didn’t make that is on the screenshot. No new events after that one.

That means the problem is not caused by any Cloudflare security features. Are you getting a message that you were blocked by Cloudflare? Or a “too many redirects” kind of error?

1 Like

Yes, too many redirects error! I can enter my site after switching off the proxy. but I don’t think that is the right solution?

This error often occurs when the SSL mode isn’t right.

Does your site run on HTTPS when you un-proxy it?

If not, what you may want to do is pause Cloudflare, install an SSL certificate at the origin and make sure the whole site is running with SSL enabled. There are some plugins that help you with that, such as Really Simple SSL – WordPress plugin | WordPress.org

After SSL is fixed at the origin, un-pause Cloudflare and change the SSL mode on Cloudflare to Full (Strict).

1 Like

yes, it has ssl. See it here - https://pedalompohrvatskoj.com

It has SSL but it’s not properly configured. Please install an run the plugin I mentioned (or similar plugin) to avoid mixed content and too many redirects errors.

1 Like

Ok, thanks! Do I need to move the one from my hosting, or just leave it as it is? Is it ok to have both?

Not sure I understood, but if you’re asking about an SSL certificate, I’d suggest you first run the plugin to fix mixed content issues and check any origin redirect. If your hosting provides a valid SSL cert you shouldn’t need to change it and the plugin will probably detect it.

Ok, so I installed the plugin, but don’t really understand how to set it up

The plugin page I linked to contains links to its documentation and its support forum.

Oh, thanks. I don’t understand most of it. I will try to figure it out.

1 Like

Where do you see mixed content errors? I can’t find it on site. I would love to know to check when I make changes. thanks!

Open your home page, then Ctrl-U to open its HTML and Ctrl-F to find http:// and you’ll find at least one case where it’s pointing to an HTTP version of your own website. I did not check other pages, but the plugin should fix this for all.

I see many from https://www.w3.org/. Is that from w3 total cache? Some from facebook… Do I need to fix those, or just for my domain name?

Just for your domain and its subdomains (such as www.)

1 Like

Ok, so after I resolve this, can I move the plugin, or it has to stay? What about that proxy, do I try to turn it back on?