errorWordfence•apiREST APIerror403looploopbackcloudcloudflare•star_halfUncommon•warningModerate

We’ve detected CloudFlare blocking our requests to your site.

Wordfence detects that Cloudflare blocks internal REST API calls. Cloudflare treats loopback requests as automated traffic and returns a challenge or block response. The plugin receives a 403 or 429 status and reports the error.

The block originates from Cloudflare Bot Management, WAF rules, or rate‑limiting settings that do not recognize the Wordfence endpoints as safe.

Symptoms

[dashicons-warning]

Wordfence scan fails

Scans stop with the error message and never finish

[dashicons-no]

REST API returns 403 or 429

Calls to wp‑json/wordfence/v1/* return forbidden or too many requests

[dashicons-admin-site]

Admin shows connection timeout

Wordfence Central or live traffic view cannot connect

Common Causes

Super Bot Fight Mode blocks loopback

Cloudflare treats internal requests as bots and challenges them

Missing API whitelist

Wordfence endpoints are not listed in the Cloudflare or plugin whitelist

Custom WAF rule flags requests

A firewall rule flags the REST paths as malicious traffic

Need this fixed right now?

Don't waste your day debugging. Our experts can Fix your issues in under 2 hours.*

Success Rate

100% Guaranteed

Starting from

$35 /hour

99+

Trusted by Business Owners

“I spent 3 days trying to fix the Elementor loading loop. These guys fixed it in 20 minutes. Lifesavers!”

— Sarah J., Web Designer

Related Issues

contact_mail

Contact Form 7: REST API request failed: 503 Service Unavailable

A 503 Service Unavailable response stops Contact Form 7 from sending data...

apiREST APIerror503descriptioncontact-form-7

contact_mail

Contact Form 7: REST API request failed: 429 Too Many Requests

The form tries to send data through the WordPress REST API. The...

apiREST APIerrorerrorsecurityfirewalldescriptioncontact-form-7settingsserver_configuration

contact_mail

Contact Form 7: REST API request failed: 401 Unauthorized

The form tries to send data via the WordPress REST API. The...

apiREST APIadmin_panel_settingspermissionsdescriptioncontact-form-7lock401

contact_mail

Contact Form 7: File upload error: temporary directory missing

The error appears when Contact Form 7 cannot locate a writable temporary...

codePHPcloud_offupload erroradmin_panel_settingspermissionsdescriptiontemporary filedescriptioncontact-form-7

contact_mail

Contact Form 7: Mail (2) sending failed: PHP mail() function disabled

Contact Form 7 reports a failure for Mail (2) when the PHP...

codePHPerrorerrordescriptioncontact-form-7mailMailsettingsserver_configuration

contact_mail

Contact Form 7: Mail (2) sending failed: SSL certificate verification failed

Contact Form 7 reports a failure when trying to send the secondary...

errorerrorlocksslcodecURLdescriptioncontact-form-7