Zapier - can't access Wordpress



I want to connect Zapier (the automation tool) to my Wordpress site. But the access is denied (Zapier can’t log in).

When trying, I get this error message: ‘authentication failed: undefined entity: line 10, column 16’.

Zapier uses AWS, so the only way to whitelist the IPs is to do a bulk whitelisting of all AWS us-east-1 IP range. Is this possible (and recommended)?

And of course: The XML-RPC functionality must be turned on, but in the Cloudflare Rule Set for Wordpress, you can only choose the default mode (which is ‘disable’) and disable/simulate/block/challenge.

Zapier calls always include the header ‘User-Agent: Zapier’. Can this be a viable way to let them log in?

Really appreciate if anyone can help me out. :slight_smile:


Does it say anything in the firewall log? Which response do you get?


Hi! Yes, It shows up with Rule ID WP0002 (the rule that ‘Block WordPress XML-RPC’). I have tried disabling and ‘simulating’ his rule, but no luck.

The User Agent is identified as Zapier.

Rules Triggered:
WP0002 Block WordPress XML-RPC
950901 SQL Injection Attack: SQL Tautology Detected.
960024 Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters
973300 Possible XSS Attack Detected - HTML Tag Handler
981018 End XSS pattern check
981133 Prequalify PM
981243 Detects classic SQL injection probings 2/2
981318 SQL Injection Attack: Common Injection Testing Detected
2000001 Skip LFI Rules
2000006 Skip XSS Rules

Match Triggered:


Alright, so you did run into a filter. You could try to disable security for that particular using a page rule. Whitelisting certainly is an option too, but usually that shouldnt require entire netblocks but only the IP address in question, unless you run it in a distributed manner.


This topic was automatically closed after 14 days. New replies are no longer allowed.