Hi @thriallis,
I took a look at your sites and found the cause of the Error 500 when activating Jetpack.
The Issue
Your site has a security feature that’s putting a Cloudflare Turnstile human verification
challenge in front of your XML-RPC endpoint. When Jetpack (or WordPress.com) tries to connect to
https://candlemaker.gr/xmlrpc.php, instead of getting the expected XML-RPC response, it receives
an HTML page asking for human verification.
Since Jetpack relies on server-to-server communication that cannot complete a CAPTCHA challenge,
the connection fails.
How to Fix This
You need to allowlist XML-RPC from this bot protection. Depending on where it’s configured:
- Check with your hosting provider – Many hosts add security rules that protect XML-RPC. Contact
your host and ask them to whitelist WordPress.com/Jetpack from any bot protection on /xmlrpc.php.
- Check any security plugins – If you’re using a security plugin (Wordfence, Sucuri, iThemes
Security, etc.), look for settings related to XML-RPC protection or bot challenges and disable
them or whitelist Jetpack.
- If using Cloudflare directly – Create a firewall rule to skip challenges for requests to
/xmlrpc.php from Jetpack IPs. You can find the list of Jetpack IP addresses to whitelist here:
https://jetpack.com/support/how-to-add-jetpack-ips-allowlist/
Once XML-RPC is accessible without the human verification challenge, you should be able to
activate and connect Jetpack normally. Let us know if you need further assistance!
Hi there, @thriallis,
Do you have updates about that, do you still need help? We usually close inactive threads after one week of no movement, but we want to make sure we’re all set before marking it as solved. Thanks!