I’m new to hosting security. Somewhere along the line a day ago, I must’ve made an inappropriate change to one or more settings in Wordfence Pro plugin, WHM WordPress Toolkit, or Cloudflare configuration, because now, I have locked myself out of being able to edit or view wp-config.php. When I attempt to edit in File Manager, the loading popup just spins until I reload the page. If I simply attempt to view wp-config.php, I get a Cloudflare popup indicating that the request was blocked, giving a Ray ID. The last bit seems to indicate it’s a setting on Cloudflare, but no searches on the Cloudflare help knowledge bases resulted in anything helpful, and a response from a Cloudflare support ticket just directed me to information I’ve already read. I turned on activity logging and produced the error again, but the Cloudflare activity log shows no errors. I’ve also tried to correct the problem by reverting any changes I made In WordPress Toolket Security Measures, but the problem remains. I’m the site owner, and I can view and edit all other files, .htaccess, etc.
Any direction would be appreciated.
Good morning, I just came across the same error in my Cpanel.
Turns out that Cloudflare was blocking the IP address of my webserver when I wanted to edit the wp-config file.
I went to Cloudflare dashboard and to security and then overview and check for blocks. Noticed my webserver was there as a block. Then went to firewall rules and on the right, there are IP Access Rules.
I then added my webserver IP with the Allow Action and was then able to access the wp-config.php file.
Hope this helps.
Hi, Sandro. Thank you for the reply.
Attached is the Cloudflare message. Your link simply leads to my account dashboard with nothing referencing wp-config.php.
Over the last several hours, I’ve gone through every possible Cloudflare setting, and I don’t see anything that I’ve adjusted that could be causing this error. I followed the instructions and tried to locate the Ray error, but either I’m looking in the wrong places, or it doesn’t exist. But it must exist, right? I’ve also followed the nice suggestion of adrian13, but there were no blocks, nor any indications that the firewall has caught anything. I’ve even tried Pausing Cloudflare, but still no access to the file.
Thanks again, and any further suggestions you come up with appreciated.
I woke up to your message this morning and thought, “YES! The beauty of community support!” Well, I still feel that way, but after trying your solution – including my webserver IP with Allow Action – and a myriad other things, whatever is locking my wp-config file is stubborn and persistent. As mentioned in my most recent message to sandro, I even Pause Cloudflare on the site – nope.
Thanks again, adrian13. I really appreciate that helpful community spirit, and I’ll do my best to pitch in and help others as well.
OK. Sorry. I failed to mention that the problem is with a domain that is hosted within another domain; meaning, using its cPanel account.
I finally had the bright idea to check the firewall log of the host domain. There, I see all of the Ray IDs and blocks; however, though I see the same Ruleset ID and Rule ID, the names for both of them are showing “Unavailable”. Any ideas on how I can locate and disable or delete this particular rule?
I am sorry that it didn’t work for you. Mine was also showing unavailable, but it was giving me a source IP which I then added to the WAF with the allow action.
Before I figured this out I just used FileZilla to FTP the host and edit the wp-config file that way. Could be a last resort.
Hope you come right, I removed my whole site from Cloudflare due to a redirect issue I could not fix.
I removed my whole site from Cloudflare due to a redirect issue I could not fix.
WHOA! Sorry you had to do something so extreme. How disappointing that must’ve been / must be.
Thankfully, you’re still lurking the community here to help poor, Cloudflare-ignorant souls like me. Or maybe you are helping clients who have had better success with Cloudflare. Either way, I heartily thank you for your support.
Yes, I had tried to add a WAF allow record for the IP address, but no worky.
BUT, just now, I was able to successfully FTP in to edit wp-config.php.
Funny, though… I thought I’d do a test to see if the connection and editing success was a fluke, so I closed the FTP client (WinSCP), then opened it to see if I could reconnect. NOPE. I then deleted the connection, reconfigured it EXACTLY as before. NOPE. Tried a couple more times. NOPE.
There’s weirdness afoot, but at least I was able to make the changes that I needed… for now.
Thanks adrian13! You’ve been a great help.
Lucky it was just my one site, I still have another 10 on it so not all bad. I just can’t figure out why it was redirecting all the time to some subdomain. As you say there is weirdness afoot (
love this, I am going to use it when speaking to clients ) Glad you could get the changes done. Good luck!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.