Site is on Wordpress
Its under ddos attack right now
When “Under atack mode” is active I have NO problems with server load, so its working fine.
But some features like crossposting to social and scheduled posts are not working.
I know from which country attack is going
If I disable “Under attack” mode and make rule (country equals to “attacking country” to block that country, i have problems with server load. Like its not blocking anything
Can i make something like Under attack mode ? ,But not so strict, that my scheduled posts and crossposting plugins could work properly (because when under attack mode is active I have errors in wp site health - REST api error, and site could not complete loopback request)
You should check and make the URLs list that you will need to use and create FireWall’s rules that bypass UAM with your IP.
For example, the post scheduling feature, it is possible that your server itself is blocked when trying to access the website through Cloudflare.
Make sure Cloudflare is proxied and set to for your website (both www and non-www).
Regarding performance, you can try out Cloudflare APO for WordPress for a month and see how it goes:
Some useful multiple stuff linked inline here:
In that case, I’d suggest you to whiltelist/allow your server IP by navigating to the Security → Tools → IP Access Rules. Add your origin host / server / web hosting IP address in the input field and select the action “allow” from the dropdown for your website.
Furthermore, are you using any of the WordPress security plugins which could restrict WP JSON or it’s API, so maybe some of your plugin(s) might not work as expected?