WpEngine, Wordpress, and Cloudflare managed ruleset

user22544 · February 4, 2022, 9:44pm

Having an issue, just moved my site to WPEngine, and DNS to Cloudflare. My production website is not updating plugins, getting a 403 Error.

The test WpEngine not associated with Cloudflare works flawlessly. I following the FAQ, https://support.cloudflare.com/hc/en-us/articles/227634427-Using-the-Cloudflare-plugin-with-WordPress

But there is no * Navigate to the Firewall app in the Cloudflare dashboard, then the Managed Ruleset tab, and toggle the Cloudflare WordPress rule to On

Anyone know how to fix this?

sdayman · February 4, 2022, 9:51pm

You’re right, and the instructions aren’t very clear on that. That’s only for paid plans. As such, if you can’t access it, then it’s not likely the cause of the 403 error.

For the 403, check the Firewall Events Activity Log from the overview section of Firewall for an entry that corresponds with that request.

user22544 · February 4, 2022, 9:52pm

thanks ironically I am paying

user22544 · February 4, 2022, 9:54pm

Solved!! That was quick so you say

There was an SSL plugin in Wordpress that was borking Cloudflare.

sdayman · February 4, 2022, 9:57pm

Then it’s this:

You shouldn’t need one of these. If the site is properly configured with HTTPS at the host, you’d only need a header in Rules → Transform → Response Header to rewrite HTTPS:

user22544 · February 5, 2022, 11:35pm

Yes on my dashboard I don’t see “Managed Rules”

sdayman · February 5, 2022, 11:36pm

That’s not the section I marked. Try under Firewall.

user22544 · February 5, 2022, 11:39pm

Thanks for the quick response….but still not there?

sdayman · February 5, 2022, 11:47pm

And under the Overview tab, the far right column of that page shows you have a Pro/Paid Plan under Plan Extensions?

user22544 · February 5, 2022, 11:50pm

It does, indicates “Pro Plan”….See screen shot for subscriptions

sdayman · February 5, 2022, 11:52pm

Not there. On the Overview page for that domain.

user22544 · February 5, 2022, 11:55pm

Ok yes, this correlates to the billing

sdayman · February 5, 2022, 11:58pm

If that is indeed the same zone as the one that’s not showing Managed Rules, open a ticket from the Support menu → Get More Help. They should be able to find out why Managed Rules aren’t showing up.

user22544 · February 6, 2022, 12:05am

Will do thank you

user22544 · February 20, 2022, 5:57pm

Update…discovered that my new account wasnt provisioned with the “new” WAF which was released February of 2021. I have requested the upgrade but am still waiting for CF to get it done. Frustrating to say the least

cbrandt · February 20, 2022, 6:12pm

You shouldn’t need to have the new WAF to enable the Cloudflare WordPress package of rules.

I see from your previous screen shot that you have WAF under Overview, right? What do you see when you click there? There should be two large groups, one titled Cloudflare Managed Ruleset, and the other is the OWASP rule set. In the first group you should be able to see and toggle on/off the Cloudflare WordPress package.

user22544 · February 20, 2022, 6:36pm

There is no Cloudflare Managed Ruleset option under my account, according to Cloudflare support this feature is only available with the “new” WAF.