We’re currently using Cloudflare infront of our WordPress instance and we’ve had a couple of issues with saving some content.
We write some tutorials that require code snippets and one thing that is always being blocked is any use of the text
substr() within our content when it is submitted to be saved.
Another issue we’ve had is with inlining scripts using their “custom HTML” block, if we try to add even just
<script href="" ></script> Cloudflare will block the page saving.
We work from home atm, so we’re not comfortable with whitelisting all our home IPs just to get the editors to be able to edit content to then need to update these whitelists every time their IP changes.
Any idea on how to disable these rules in the firewall or is this something that either Cloudflare or WordPress needs to fix?
Our old CMS would accept these content changes from the editor with ease without Cloudflare blocking them.
Thank you for any help you can provide!