WpEngine, Wordpress, and Cloudflare managed ruleset

Having an issue, just moved my site to WPEngine, and DNS to Cloudflare. My production website is not updating plugins, getting a 403 Error.

The test WpEngine not associated with Cloudflare works flawlessly. I following the FAQ, https://support.cloudflare.com/hc/en-us/articles/227634427-Using-the-Cloudflare-plugin-with-WordPress

But there is no * Navigate to the Firewall app in the Cloudflare dashboard, then the Managed Ruleset tab, and toggle the Cloudflare WordPress rule to On

Anyone know how to fix this?

You’re right, and the instructions aren’t very clear on that. That’s only for paid plans. As such, if you can’t access it, then it’s not likely the cause of the 403 error.

For the 403, check the Firewall Events Activity Log from the overview section of Firewall for an entry that corresponds with that request.

1 Like

thanks ironically I am paying :frowning:

Solved!! That was quick so you say

There was an SSL plugin in Wordpress that was borking Cloudflare.

Then it’s this:

You shouldn’t need one of these. If the site is properly configured with HTTPS at the host, you’d only need a header in Rules → Transform → Response Header to rewrite HTTPS:

Yes on my dashboard I don’t see “Managed Rules”

That’s not the section I marked. Try under Firewall.

Thanks for the quick response….but still not there?

And under the Overview tab, the far right column of that page shows you have a Pro/Paid Plan under Plan Extensions?

It does, indicates “Pro Plan”….See screen shot for subscriptions

Not there. On the Overview page for that domain.

Ok yes, this correlates to the billing

If that is indeed the same zone as the one that’s not showing Managed Rules, open a ticket from the Support menu → Get More Help. They should be able to find out why Managed Rules aren’t showing up.

1 Like

Will do thank you

1 Like

Update…discovered that my new account wasnt provisioned with the “new” WAF which was released February of 2021. I have requested the upgrade but am still waiting for CF to get it done. Frustrating to say the least

You shouldn’t need to have the new WAF to enable the Cloudflare WordPress package of rules.

I see from your previous screen shot that you have WAF under Overview, right? What do you see when you click there? There should be two large groups, one titled Cloudflare Managed Ruleset, and the other is the OWASP rule set. In the first group you should be able to see and toggle on/off the Cloudflare WordPress package.

There is no Cloudflare Managed Ruleset option under my account, according to Cloudflare support this feature is only available with the “new” WAF.