Many BrandWell users have website security. In some cases, security plugins' settings can block or limit plugin access for the BrandWell<>WordPress Integration (plugin) to your WordPress site, especially if the plugin requests are mistaken for potentially harmful traffic.
Since our plugin uses JSON for its plugin requests, you can adjust your security plugin's settings to allow our BrandWell<>WordPress integration to perform as expected.
How do I make sure my security plugin is allowing BrandWell access to my website?
Here's how to accomplish this for three different popular security plugins:
Cloudflare:
-
Log in to your Cloudflare Account: Visit the official Cloudflare website and enter your credentials to log in.
-
Select your Site: Once you're logged in, you'll see a list of websites associated with your account. Select the WordPress website you want to configure.
-
Navigate to the Firewall tab: After selecting your website, you'll be taken to your dashboard. From there, click on the Firewall tab.
-
Set up a Firewall Rule: Within the Firewall section, click on "Firewall Rules". Click on "Create a Firewall rule". In the rule settings, you can add your own conditions. For example, you can set the "Field" to "URI Full", "Operator" to "contains", and "Value" to "/wp-json/" (which is the default prefix for WordPress REST API requests) or ".json" if your plugin sends requests to specific JSON files. Then choose an action like "Allow".
-
Save and Deploy: After setting up your desired rule, click on "Deploy" to activate the rule.
Wordfence Security:
-
Log into WordPress: Visit your WordPress website and log into your WordPress Dashboard.
-
Go to Wordfence Settings: In your Dashboard, navigate to "Wordfence" on the left-hand side, then select "All Options".
-
Check Firewall Rules: Under the "Firewall Options", there's a section called "Whitelisted URLs". This is where you can allow access to certain URLs.
-
Whitelist API Access: Click "Add" to add a new whitelisted URL. Set "URL" to your API's URL (e.g., "/wp-json/") and set "Param Type" to "URL". Set "Param Name" to the parameter the plugin uses, if any. Leave "Allow Reason" blank or enter a note for your own reference. Then click "Add" to save the URL.
-
Save Changes: Scroll down and click "Save Changes" to apply your new settings.
Sucuri Security:
-
Log into WordPress: Visit your WordPress website and log into your WordPress Dashboard.
-
Go to Sucuri Settings: In your Dashboard, navigate to "Sucuri Security" on the left-hand side, then select "Firewall (WAF)".
-
Whitelist API URL: On the WAF page, find the "Whitelisted URLs" section. Click "Add Whitelisted URL". Set the "Path" to your API's URL (e.g., "/wp-json/"), and set "Permitted Methods" to "POST, GET" or whatever methods your plugin uses.
-
Save Changes: Click "Add Whitelisted URL" to save the URL.
This should allow BrandWell's JSON API requests through the firewall.
Remember to be careful when configuring these settings, as overly permissive rules can potentially expose your website to security threats. It's recommended to only allow the specific paths and methods needed for the plugin to function.
These steps are generalized, you may need to modify them based on the specifics of the plugin and how it interacts with the API.