Wp-admin/admin-ajax.php returning a 403 error

Reopen of this post Wp-admin/admin-ajax.php returning a 403 Wordpress

Cloudflare is causing a 403 on admin-ajax in wordpress with a POST request

Here is proving it’s Cloudflare

I route straight to server, and this issue goes away

Before moving to Cloudflare, was your Website working over HTTPS connection?

If you temporary enable the “Pause Cloudflare for this site” option from the CF dashboard bottom-right corner, does it work then or still shows the same warning/error?
Does your Website work fine over HTTPS when Paused?

Is it Ajax request as I assume due to the WooCommerce or some other plugin?

Furthermore, I wonder if any of Cloudflare security & protection settings like Bot Fight Mode or Browser Integrity Check challenged or blocked the request :thinking:

Kindly could you provide some more details about which service did it trigger and got that result in the Cloudflare dashboard → Security → Overview for the past 24hours or so. Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …).

Nevertheless, I am not sure if that request to the admin-ajax.php was made via WordPress itself or via some plugin?

Just in case, related to the WordPress, I’d suggest you to whitelist your origin host / server / hosting IP address by navigating to the Security → WAF → Tools → IP Access Rules with the action “allow” for your Website and try again.

It knows to happen due to the WordPress using HTTP/1.0 and empty user-agent, therefore while executing WP-Cron or some other related JSON/REST API request via plugin.

Adding the server ip to waf tools, as an allow ip fixed it.

Thanks.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.