Plugin Author
Yani
(@yaniiliev)
Hi Xemao,
I hope you are well.
Under Attack Mode presents a JavaScript challenge to every request, and our plugin’s scheduled backups run through loopback requests (your server calling itself) which can’t solve that challenge.
To fix this, you can keep Under Attack Mode on while allowing two URLs to bypass it:
1. yourdomain.com/wp-cron.php
2. yourdomain.com/wp-admin/admin-ajax.php
In your Cloudflare dashboard, go to Security > WAF > Custom Rules, create a rule matching either of those URI paths, and set the action to Skip (selecting all security features to bypass). For tighter security, you can also restrict the bypass to your server’s own outgoing IP, since these are loopback requests.
