EarlySEO Docs

Cloudflare Troubleshooting

Fix 403s caused by Cloudflare Bot Fight Mode (WordPress plugin integration).

Open .mdx

Symptom

You see 403 Forbidden errors when the WordPress plugin tries to communicate, often after enabling Cloudflare Bot Fight Mode or aggressive security/WAF settings.

Fix strategy (allowlist)

The reliable fix is to allowlist the relevant request source in Cloudflare so the integration traffic isn’t treated as bot traffic.

You may need EarlySEO's current IP(s) or request signature info. If you don't have it, pull it from logs or ask support.

Step 1 — Get your Zone ID

In Cloudflare dashboard:

  • Select your domain
  • Find Zone ID in the right sidebar (Overview)

Step 2 — Create a Cloudflare API token

Create an API token with permissions needed to manage access/firewall rules for your zone.

Step 3 — Create an IP access rule (example via API)

Replace placeholders:

  • <ZONE_ID>
  • <EARLYSEO_IP_OR_RANGE>
  • <API_TOKEN>
curl -X POST "https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/firewall/access_rules/rules"     -H "Authorization: Bearer <API_TOKEN>"     -H "Content-Type: application/json"     --data '{
    "mode": "whitelist",
    "configuration": {
      "target": "ip",
      "value": "<EARLYSEO_IP_OR_RANGE>"
    },
    "notes": "Allowlist EarlySEO WordPress plugin integration"
  }'

Alternative checks

  • Temporarily disable Bot Fight Mode to confirm this is the root cause.
  • Check if you also need a WAF custom rule for specific paths (e.g. /wp-json/*).

Cloudflare Worker Setup

Host EarlySEO "Free Tools" on a subfolder of your main domain using Cloudflare Workers.

On this page

Symptom
Fix strategy (allowlist)
Step 1 — Get your Zone ID
Step 2 — Create a Cloudflare API token
Step 3 — Create an IP access rule (example via API)
Alternative checks