Learn how to utilize the Cloudflare WAF to protect Jetpack.
Cloudflare and Jetpack for WordPress should require no additional configuration to operate together. However we do have some security features designed to protect your Jetpack installation, read on below to learn more.
Default Jetpack protection from Cloudflare
The Cloudflare WordPress WAF rule WP0007 protects xmlrpc.php file ion all Cloudflare plans to allow only Jetpack to use the xmlrpc.php?for=jetpack query string. Cloudflare does this by only allowing the IP range of Jetpack’s automation systems. As such any attempt to access xmlrpc.php?for=jetpack from an IP that is not a genuine Jetpack IP will be blocked with a HTTP 403 Forbidden message from Cloudflare. This in itself is nothing to worry about and improves the security of your website and does not affect the functionality of Jetpack whatsoever.
For more information about why this was originally implemented take a look at our blog post on the subject: