WordPress site health scan issues - 3 nos

Hi friends,

I am new to the Cloudflare community. I need your support for finding the solution for WordPress site heath scan issues which I encountered during the scan of my website https://futureentech.com

The arrached are screenshots of 3 issues which will help you to understand the exact issue.

Please help me to resolve these scan issues. I don’t know how to resolve it from my end. I am using WordFence plugin and cloudflare as CDN.

Thanks
Kamlesh Jolapara

May I ask did you disabled the REST API via Wordfence due to the security settings or via some other plugin, or it could be due to the Firewall Rules at Cloudflare (if you are using any)?

From the above screenshot, and the returned HTML, I cannot understand does the 403 error come from the Cloudflare, or rather from your origin host / server due to the HTTP request for the part /wp-json/wp/v2/.

Hi

Thank you for the reply.

I checked with Hostpapa hosting server, they said that this might be due to plugins. I deactivated each plugin one by one checked the site health scan each time. But no positive result. Same 3 errors displayed.

Also I have whitelisted wordfence ip address to cloudflare firewall as a rule. But still no effect to scan.

I think this might be due to cloudflare, as it doesn’t allow wordfence scan at CDN level.

What is your thought?

Kamlesh jolapara

Are we talking about WordPress Health Check or a Wordfence scan here, or both? :slight_smile:

I am afraid WordPress REST API is not being blocked and not returning 403 error by default from Cloudflare so far.

Are you using any security plugins or hardening rules in .htaccess (notably – /wp-json/)?

Can you check troubleshooting mode with this plugin?
Does the problem persist?

Having your site reverse-proxyed by Cloudflare services can cause loopback problems (not really), your Website should be able to reach itself without obstacles. You can do so by

  • re-visiting cloudlare settings (not sure what they have, but some sort of whitelisting your site IP can help)

  • avoiding cloudflare for your site when it connects to itself (adding site address to /etc/hosts , you need root access, then restart webserver software)

  • dropping cloudflare and using your real site as real site.

Otherwise, kindly re-check your SSL settings at Cloudflare dashboard under the SSL/TLS tab:

May I also ask are you on a Free or a Paid Cloudflare plan?

Kindly, see my posts here if so:

Maybe someone else, who had experience with it can provide more/better advice due to your issue.

$ curl -I --resolve www.futureentech.com:443:[IP] https://www.futureentech.com
curl: (60) SSL certificate problem: certificate has expired

:man_shrugging:t2: :slight_smile:

1 Like

Hi

Thanks for your reply…

I have checked the ssl at cloudflare and it works fine. Please refer the screenshot.

I have also updated the setting in WordFence plugin as “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.” Also added cloudflare firewall rules for whitelisted IPs.

Unfortunately, still, 3 errors are not resolved.

Kamlesh Jolapara

Please refer the attached screenshot of WordFence diagnostic error detail.

This will help to resolve the site health scan issue.

Good day
Kamlesh Jolapara

Then you might want to explain this → WordPress site health scan issues - 3 nos - #5 by sandro

Also, @fritex already posted an article where your mode is discouraged.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.