Support » Plugin: Wordfence Security - Firewall & Malware Scan » Cloudflare CRFL error after Updating.

  • Resolved ragzybwp73

    (@ragzyb)


    Ever since I updated wordfence to 6.3.2 all my sites are getting some “crfl token not found, make sure that another plugin is not altering cloudflare traffic” error whenever I make any change in the cloudflare plugin.

    This is across different websites on different hosts. tested it thoroughly, the moment I updated wordfence this starts happening ?

    any one else facing the same ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author WFMattR

    (@wfmattr)

    Hi,

    I’m pasting the full message I found in the CloudFlare plugin here, to help others find this solution:
    CSRF Token not found. Its possible another plugin is altering requests sent by the Cloudflare plugin.

    It looks like the CloudFlare plugin uses php://input to read posted data, but in older versions of PHP, that can only be used once. Fortunately, there is a method that WordPress and Wordfence both use, which works around the issue, which CloudFlare could use in their plugin too. (More details below.)

    There are a few solutions:

    1.) If your host allows choosing a newer PHP version for your site, choose PHP 5.6 or above.

    2.) We have a constant you can set in your wordfence-waf.php file (or wp-config.php if you have not optimized the firewall), which will disable this check. Note that this will prevent some newer firewall rules from blocking malicious traffic. If you need to use this method, I would only recommend using it temporarily:
    define('WFWAF_DISABLE_RAW_BODY', true);

    If have set up wordfence-waf.php, add this right below the comment line. Otherwise, you could add it to wp-config.php, and make sure to put it above the line that says “That’s all, stop editing!”

    3.) You can post on the CloudfFlare plugin forum asking them to change their getJSONBody() function to use $HTTP_RAW_POST_DATA and fall back to php://input if it’s empty, like WordPress does in their get_raw_data() function here:
    https://core.trac.wordpress.org/browser/tags/4.7.2/src/wp-includes/rest-api/class-wp-rest-server.php#L1261
    This would be a permanent solution for sites with older PHP versions, if they include it in their next plugin update.

    -Matt R

    so i just changed my php version from 5.4 to 5.6 and the problem has gone. thanks for you reply 🙂

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Cloudflare CRFL error after Updating.’ is closed to new replies.