But adding a custom firewall rule like in the image seems to have solved it for me. But I’m not completely sure how safe this solution is? What I did was to create an firewall rule, where I bypassed the firewall if the uri path contains /wp-json/wp/v2.
Any thoughts on this? Good or bad practice? Do you perhaps have any other suggestions that could be better to try out?
May I ask do you get this error while being logged in or logged out into WordPress admin dashboard?
I usually restrict this manually in a functions.php file to specific routes and the ones which I need and which my plugins use (only /users/ when I am logged in).
Maybe you are using a security plugin like Wordfence?
Have you tried adding your server IP to the IP Access Rules / Firewall Rules with the action “Allow” at Cloudflare dashboard (requests to wp-cron.php as an example could also be blocked by a Bot Fight Mode, etc.)?
I am using Classic Editor. So I cannot say it’s related to it.
I also vote for this. You can check if your own IP gets blocked or the server’s IP, and determine wheater you have to adjust a bit your CF Firewall as @sdayman already stated.
I did not check in the firewall log. I found that this was happening in the developer tools. I’m on a pro plan, but can’ät find the logs in the dashboard? Or do I need an higher level of subsciptionplan?
For searching the problem, I made try this, try that, inactivate that to see when the problem stopped
I do wonder thoug what settings to adjust for WordPress. Could it be under this and just do an trial and error (activate/deactivete features until I find what’s causing it?