WordPress Gutenberg content save being blocked

Hi there,

We’re currently using Cloudflare infront of our WordPress instance and we’ve had a couple of issues with saving some content.

We write some tutorials that require code snippets and one thing that is always being blocked is any use of the text substring() or substr() within our content when it is submitted to be saved.

Another issue we’ve had is with inlining scripts using their “custom HTML” block, if we try to add even just <script href="" ></script> Cloudflare will block the page saving.

We work from home atm, so we’re not comfortable with whitelisting all our home IPs just to get the editors to be able to edit content to then need to update these whitelists every time their IP changes.

Any idea on how to disable these rules in the firewall or is this something that either Cloudflare or WordPress needs to fix?

Our old CMS would accept these content changes from the editor with ease without Cloudflare blocking them.

Thank you for any help you can provide!

These requests are most likely blocked by WAF. I’d go through the firewall event log, check what exactly blocks it, and then adjust the settings accordingly.

The search seems to have a few articles on that subject as well → Search results for 'gutenberg' - Cloudflare Community


Cheers had to disable these two rules to fix the issues

  • 100008A - SQLi - String Function
  • 100173 - XSS, HTML Injection - Script Tag

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.