# Cloudflare Troubleshooting (/docs/wordpress-plugin/cloudflare-troubleshooting)



Symptom [#symptom]

You see `403 Forbidden` errors when the WordPress plugin tries to communicate, often after enabling Cloudflare Bot Fight Mode
or aggressive security/WAF settings.

Fix strategy (allowlist) [#fix-strategy-allowlist]

The reliable fix is to **allowlist** the relevant request source in Cloudflare so the integration traffic isn’t treated as bot traffic.

> You may need EarlySEO's current IP(s) or request signature info. If you don't have it, pull it from logs or ask support.

Step 1 — Get your Zone ID [#step-1--get-your-zone-id]

In Cloudflare dashboard:

* Select your domain
* Find **Zone ID** in the right sidebar (Overview)

Step 2 — Create a Cloudflare API token [#step-2--create-a-cloudflare-api-token]

Create an API token with permissions needed to manage access/firewall rules for your zone.

Step 3 — Create an IP access rule (example via API) [#step-3--create-an-ip-access-rule-example-via-api]

Replace placeholders:

* `<ZONE_ID>`
* `<EARLYSEO_IP_OR_RANGE>`
* `<API_TOKEN>`

```bash
curl -X POST "https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/firewall/access_rules/rules"     -H "Authorization: Bearer <API_TOKEN>"     -H "Content-Type: application/json"     --data '{
    "mode": "whitelist",
    "configuration": {
      "target": "ip",
      "value": "<EARLYSEO_IP_OR_RANGE>"
    },
    "notes": "Allowlist EarlySEO WordPress plugin integration"
  }'
```

Alternative checks [#alternative-checks]

* Temporarily disable Bot Fight Mode to confirm this is the root cause.
* Check if you also need a WAF custom rule for specific paths (e.g. `/wp-json/*`).