Support » Plugin: Wordfence Security - Firewall, Malware Scan, and Login Security » REST API requests blocked with Firewall off

  • Resolved lprostick

    (@lprostick)


    I am attempting to fire REST API requests to a site using Wordfence, but the requests are getting a 401 error. In Wordfence I have the firewall OFF, and the requests are still being denied. If I completely de-activate Wordfence the requests go thru with no problem. So it would appear that something in Wordfence other than the firewall is blocking the requests. I have tried tweaking every setting in Wordfence that I can, but nothing helps. I tried putting the firewall into Learning Mode, and even whitelisting my IP address, but the requests were still denied. Anyone have any ideas?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @lprostick, thanks for your message.

    That does sound unusual as Wordfence would most likely return a 403 or 503 block, which it would log on your Live Traffic page if it had any part in denying a request. In fact, our Wordfence Central product requires access to the REST API, so we don’t deny access to it by design.

    I’m wondering if there may be a plugin conflict of some kind happening, which is why turning Wordfence off appears to be the solution. Are you able to suppress the errors when Wordfence is the only plugin enabled? If so, try re-enabling your others one-by-one afterwards until the problem returns.

    Let me know what you find out!
    Peter.

    Thread Starter lprostick

    (@lprostick)

    Hi Peter – Found the problem! I am using Application Passwords to create authentication credentials for the REST API requests. There is a WordFence setting buried waaaay in the annals of the settings page (All Options -> Firewall Options -> Brute Force Protection -> Additional Options) that says ‘Disable application passwords’. I simply unchecked this box and the API requests were no longer blocked. I also found that if Wordfence is set to block application passwords, if you go to the Application Passwords section of the user account where the credentials are set up, there will be a message saying that Wordfence is blocking application passwords, and a button that will take you to the place in Wordfence settings where you can uncheck this box. Thanks very much for your help!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘REST API requests blocked with Firewall off’ is closed to new replies.