Issues with Version 13.2.9

PhiladelphiaDANCE
(@philadelphiadance)

1 week ago

With Version 13.2.9 the widget is no longer auto updating properly. This is NOT a plugin conflict and it is NOT a caching issue. While the popup trust index feature shows the accurate review count and most recent reviews the widget itself is no longer showing current reviews or count. This worked on previous versions with no issue.

The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter PhiladelphiaDANCE
(@philadelphiadance)

1 week ago
SO HERE IS THE UPDATE ON ALL THIS ..

Plugin v13.x Breaks on Cloudflare Sites — Webhook Architecture Change Not Documented

I want to share a detailed technical finding for anyone experiencing reviews not updating after the v13.x update, particularly on sites running behind Cloudflare.

After extensive debugging I traced the root cause to an undocumented architectural change in v13.x. In previous versions the plugin used WordPress’s WP-Cron system to pull reviews outbound from Trustindex’s servers on a schedule. In v13.x this was removed entirely — there is not a single wp_schedule_event or cron hook anywhere in the plugin source code.

The plugin now operates on a webhook model where Trustindex’s servers push reviews inbound to your WordPress site via wp-admin/admin-ajax.php?action=trustindex_reviews_hook_google. While this is a reasonable architectural decision, it was not documented in the changelog and creates an immediate breaking change for any site running behind Cloudflare.

The problem is that inbound POST requests from Trustindex’s AWS server (52.21.15.185) have no browser fingerprint, cannot execute JavaScript, and carry no cookies — which is exactly the profile Cloudflare’s Bot Fight Mode and Managed Challenge are designed to block. Every webhook push was receiving a cf-mitigated: challenge 403 response before it ever reached WordPress, silently killing all review syncing.

I confirmed this by inspecting the raw response headers:
```
cf-mitigated: challenge
server: cloudflare
cType: managed
```
The fix was to add a Cloudflare WAF Custom Rule with the following expression and action set to Skip:
```
(http.request.uri.path eq "/wp-admin/admin-ajax.php" and http.request.uri.query contains "trustindex")
```
Once that rule was in place reviews synced immediately.

My recommendation to the Trustindex team is to document this change prominently in the changelog and add a notice in the plugin’s troubleshooting tab for sites running behind Cloudflare, as it is an extremely common setup. A note in the setup wizard when the webhook URL is registered would also help — something as simple as “If your site is behind Cloudflare, you will need to whitelist this endpoint” would have saved considerable debugging time.
Plugin Support Laca
(@lacadev)

6 days, 8 hours ago

Hi @philadelphiadance

Based on what you described, it looks like you are using the PRO widget.

The PRO widget is updated approximately every 24 hours by our central system. Your review from 2 days ago is already included in the widget, and the review from yesterday is expected to appear there tomorrow.

If you added the PRO widget via shortcode, the plugin renders the widget on your site, but the plugin itself is not responsible for updating the review data. That update process is handled by our central system.

From what I can see, the widget appears to be working correctly.

For any further questions related to the PRO product, please contact us at support@trustindex.io, as we are not allowed to provide support for PRO features here on the WordPress.org forum.

Kind regards,
Laca from Trustindex

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.