WordPess API problem


I have a data loading process that uses both the WordPress and WooCommerce API’s to load both product data and images to both a Staging and Live store. Both stores have a Rest API setup with the same user credentials on both stores. When the process runs, it successfully loads both products and images to the Staging store. When the process run for the Live store, it is able to load products, but when it tries to use the WordPress API to load images, it fails and the error message is that the user ID and password are missing.

Both stores are configured identically, with only two differences. The Live store is connected to CloudFlare and uses a Cloudflare SSL cert. The staging store is not connected to Cloudflare and the SSL cert comes from the Cloudways interface with “Let’s Encrypt”. I have whitelisted the data process servers on both the server and MySQL, as well as on Cloudflare. I have configured the server WAF setting on Cloudways for Cloudflare.

With all of this, it appears that something is blocking the data process from loading the Rest API credentials and logging in to allow images to load via the WordPress API.


I’m assuming since it’s a WordPress API that it’s still connecting via HTTPS. And I suspect that User ID/Password error aren’t what’s really going on and the connection is just blocked.

I’m hoping some logs can provide some insight: Cloudflare’s Firewall Events Log (in the Firewall settings page) and your server’s own logs.


We use a REST API key and secret via a JSON Basic Authentication plugin. The log on the WordPress side via a REST API Log only indicates ERROR: The username field is empty." and then the same error message for “The password Field is empty.”

I can find no indication in the CF Firewall Events Log of the data servers IP address in the logs, although I have whitelisted all of them. It was suggested that I add these lines to my htaccess file:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

But since I don’t know what they do or if they are really necessary, I didn’t edit them in. (should the characters after https:// be edited to my domain?)

Thanks for the comments.

closed #5

This topic was automatically closed after 14 days. New replies are no longer allowed.