If your site is protected by Cloudflare, security challenges can sometimes block legitimate requests made by Reviewbird. This most commonly affects the WordPress REST API (/wp-json/*), which Reviewbird uses to communicate with your site.
To prevent these requests from being challenged, create a Cloudflare WAF rule that skips security challenges for the REST API.
Step 1: Open the Cloudflare Dashboard
- Log in to your Cloudflare account.
- Select the website you want to configure.
- Navigate to Security → WAF → Custom Rules.
Step 2: Create a New Rule
- Click Create rule.
- Give the rule a descriptive name, such as Skip Challenge for WP REST API.
Step 3: Configure the Rule
Set the rule to match requests where the URL path starts with:
/wp-json/
Using the expression builder, configure:
- Field: URI Path
- Operator: starts with
- Value:
/wp-json/
Or, if you’re using the expression editor:
http.request.uri.path starts_with "/wp-json/"
Step 4: Choose the Action
Set the rule action to Skip.
When prompted, choose to skip the security feature that’s issuing the challenge (typically Managed Challenge or Custom Rules).
Step 5: Save and Deploy
Save the rule and deploy your changes.
Once the rule is active, requests to /wp-json/* will bypass Cloudflare challenges while the rest of your website continues to benefit from Cloudflare’s security protections.
Why This Is Needed
Reviewbird communicates with your WordPress site through the WordPress REST API. If Cloudflare presents a challenge for these requests, Reviewbird won’t be able to connect successfully.
Excluding only the /wp-json/* endpoint is a safe, targeted approach that allows Reviewbird to function correctly without reducing protection for the rest of your website.