Back to Community
Home / Community / PluginWordfence security

Fixing Cloudflare Blocking Errors in Wordfence Central

23 threads Sep 7, 2025 PluginWordfence security

Content

Many WordPress administrators using the Wordfence Security plugin encounter a frustrating error when trying to connect their sites to Wordfence Central: "We’ve detected Cloudflare blocking our requests to your site." This connection is vital for managing security across multiple sites from a single dashboard. Based on community reports and solutions, this guide explains why this happens and provides the most effective troubleshooting steps to resolve it.

Why Cloudflare Blocks Wordfence Central

Wordfence Central communicates with your WordPress site by sending requests from its known servers. When you have Cloudflare enabled, its security features—like the Web Application Firewall (WAF) or IP Access Rules—can mistakenly identify these legitimate requests as a threat and block them. This is a common configuration conflict, not a bug in either service.

Common Solutions to Resolve the Block

1. Whitelist Wordfence IP Addresses in Cloudflare

The primary solution is to ensure Cloudflare allows traffic from Wordfence's servers. You must add their IP addresses to an allowlist within your Cloudflare settings.

  • Find the current list of IP addresses on the Wordfence help page.
  • In your Cloudflare dashboard, navigate to Security > WAF or Security > Security Rules.
  • Create a new rule or access list that allows traffic from the provided Wordfence IPs. The exact location of these settings may change as Cloudflare updates its interface.

2. Clear Connection Data on Both Sides

Often, simply allowing the IPs is not enough if a failed connection attempt is cached. You must clear the connection state completely.

  1. In your Wordfence Central dashboard at wordfence.com, go to the Connection Issues tab. Use the trash can icon to remove any listed sites.
  2. On your WordPress site, go to Wordfence > Tools > Diagnostics.
  3. Scroll to the Other Tests section and click the "Clear all Wordfence Central connection data" button.
  4. Finally, re-initiate the connection from your site's Wordfence dashboard by clicking "Connect this site" in the Central widget.

3. Clear Your Hosting or Server Cache

If your site is on a host with its own caching mechanism (e.g., WPEngine), changes to Cloudflare settings might not take effect immediately. After whitelisting the IPs, clear your host's server-level cache and then attempt the connection again.

4. Check for Other Conflicts

Other factors can interfere with the connection. Temporarily disable plugins that:

  • Change or hide the default WordPress login URL (/wp-admin).
  • Act as an additional firewall on your server.

Also, ensure that the WordPress REST API is accessible, as Wordfence Central uses it to communicate instead of XML-RPC.

When to Investigate Further

If the problem persists after trying all steps, the issue might be more specific to your server configuration. In such cases, generating a diagnostic report from Wordfence > Tools > Diagnostics can provide deeper insight into any connection failures.

By methodically working through these steps, most users can successfully resolve Cloudflare blocking issues and enjoy the centralized management features of Wordfence Central.

Related Support Threads Support