Wordpress admin-ajax Bottleneck

Enabled Cloudflare on a website that is using admin-ajax.php to submit booking appointments, for some reason the requests bottled up and did not go through smoothly causing some to fail and cpu usage to max presumably because of the retries.

I had to temporarily disable Cloudflare and everything is back to normal, I just want to figure out what rule I can create in the firewall to allow admin-ajax to work without issue or how can I troubleshoot this?


Thank you for asking.

I remember this comes up on topics lately much more than ever before and I am sorry to hear that you’re experiencing this :confused:

Before moving to Cloudflare, was your Website working over HTTPS connection?

May I ask what was the error code? 403 or 520 or 521 shown in the Devloper console (F12) of your Web browser for the particular admin-ajax.php request? :thinking:

I wonder if any of Cloudflare security & protection settings like Bot Fight Mode or Browser Integrity Check challenged or blocked the request :thinking:

Kindly you check and provide some more details about which service did it trigger and got that result in the Cloudflare dashboard → Security → Overview for the past 24hours or so. Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …).

Just in case, related to the WordPress, I’d suggest you to whitelist your origin host / server / hosting IP address by navigating to the Security → WAF → Tools → IP Access Rules with the action “allow” for your Website and try again.

It knows to happen due to the WordPress using HTTP/1.0 and empty user-agent, therefore while executing WP-Cron or some other related JSON/REST API request via plugin.

The site was working on HTTPS previous to Cloudflare.

There are no error coming up in the console, the issue seems to be with the speed of the admin-ajax communicating with the database, because after submitting the form, the request goes through to the backend but for some reason the confirmation coming back to show the success screen takes a really long time.

I checked bot fight mode and it is disabled, the security setting is set to essentially off.

There is no events logged in the security overview.

I added our origin IP to the IP Access Rules however the problem persists.

The issue has something to do with the confirmation step coming back from the php rather than the outgoing request. Instead of waiting for the success screen, we can refresh while that action is still showing the processing animation and the item will show to have went through. For some reason it just not able to confirm that for a long time, if I wait for the confirmation while Cloudflare is on, it can take 10 - 20 minutes. Without Cloudflare enabled it happens instantly.

Any additional ideas how to solve this?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.