Reporting problem with cloudflare billing system


I would like to report a problem I have just recently discovered with the Cloudflare billing system

The issue -

If a customer is a on the pro plan and they have locked down there wp-admin or sub-domains ect ect to an IP address via zone lockdown and the customer forgets to pay the bill and the account gets rolled back to the free plan. The zonelockdown settings get “Retained” instead of being dropped (nulled) as they should

This results in someone not being able to access there locked down zones if they need to change the IP address as they get "retained "in your system when rolling back to the free plan and customers cannot access to the zone lockdown to change the IP

When a customers account gets rolled back from pro to free. You should be deactivating the zone lockdowns completely instead of locking users out of them. This is not happening

In respect to the zone lockdown via IP address. I have discovered that the IP address is RETAINED when the pro plan is deactivated. Locking users out of there site if they need to to change the IP when trying to access from a different IP.

Can you please test and make sure that when a customer is on the pro plan, and they are using a zone lockdown (via IP) when there accounts get rolled back to a free plan make sure you also disable the zone lockdown rules instead of just no longer giving a client access to them

In a nullshell. If someone forgets to pay there bill and gets rolled back to free plan. They are denied from access there own sites if they have an IP change or need to access from a different IP. When you drop someone back to the free plan. Please also make sure the zone lockdown rules are " Completely “deactivated” I have found this is not case with a recent billing issue I just had

Secondary issue

If a user decides they don’t want the pro plan anymore and happy with the free plan. They are forced to pay another month to access there site again by means of changing/updating the allowed access IP in zone lockdown

Can we make sure that if a users account is rolled back to free, the zone lockdowns no longer apply ?

I think it’s a tough call to tear down security settings guarding potentially sensitive information just for non-payment; CF probably isn’t interested in being the cause of some PII being leaked to the world and having to respond “lol you should have kept paying us”.

However I agree that it shouldn’t also simply hide the zone lockdown rules - the best way to handle this would probably be along the lines of disabling the ability to change the lockdown rules or IP list, while having a button to disable the lockdown rule to allow the domain admin the ability to drop zone lockdown altogether if they wish.

1 Like

Yes I agree with your first statement. However, A user who decided to test the pro plan for a month and decided they were happy with the free plan are forced to pay another month to get access to there site back. That’s the issue for first time users not familiar with c/f

Hi @matthew.giannelis,
If you choose not to retain the plan, you should update the settings then go ahead and order the plan cancellation, not wait to be billed the following month and allow the system to auto cancel it for non-payment.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.