Wordpress 403 Forbidden On Plugin .JS

I have had several Wordpress sites on shared hosting for a number of years (currently X10-Infinity) and thought to use Cloudflare to improve performance. Having a few issues which I am struggling to resolve and hoping someone can help as I’m not sure where the problem lies.

In normal mode my site seems to load ok (I can’t see any obvious problems in Firefox or Chrome in Developer Mode), but once in wp-admin mode, a number of .js files are showing “403 Forbidden” and the pages are not displaying correctly.

It’s mostly the Yoast SEO plugin and Bulletproof Security Pro that are failing to load, but I’m not sure what’s causing it.

My cache settings are:

Caching Level - Standard
Browser Cache TTL - Respect Existing Headers

Page Rules:

*famouspeoplefrombournemouth.com/wp-admin/*
Disable Security, Cache Level: Bypass, Disable Performance
*famouspeoplefrombournemouth.com/*preview=true*
Cache Level: Bypass
*famouspeoplefrombournemouth.com/*
Cache Level: Standard, Edge Cache TTL: a month

Thanks for any help. I have 2 other Wordpress sites I would like to add to Cloudflare, but need to resolve the problems with this one first.

Are you still encountering this issue?

Yes I am unfortunately.
It seems to be mostly the bulletproof-security js files that are giving 403 errors, but there are others.
I have been using mostly the same theme (Customizer) and the same plugins on several other sites for a couple of years and not had trouble.
Going to turn off Cloudflare caching to take that out of the equation, since I only just switched over to Cloudflare and maybe I can get some clues from doing that.

I now have Cloudflare cache disabled (Development mode), all cookies cleared again, no local caching on the host. Still getting Bulletproof-Security js problems, but also this in the Firefox console:

I don’t have this with my other sites, checking with the plugin providers to see if they have any ideas.

As always great support from the people at Bulletproof Security. The pro version “plugin firewall” apparently needs the Cloudflare IP addresses whitelisting. Had to also delete the .htaccess file for the plugin firewall and re-activate it, that fixed it.
Seems the otw_shortcode_object error was due to another plugin, which is now deactivated until I can figure out the problem (more a warning than an error) or find a replacement plugin.
So ok to close this topic. Hopefully the information will help someone in the future.