Cloudflare Docs
Visit Bots on GitHub
Set theme to dark (⇧+D)

WordPress Loopback error

Cloudflare has observed that when users attempt to run diagnostics in the Site Status page for WordPress installations, loopback issues arise when our bot detection services block them.

In WordPress 6.0.1 with no additional plugins or themes, the page generated the following 3 requests:

The REST API encountered an unexpected resultGET/wp-json/wp/v2/types/postWordPress/6.0.1 < site-hostname >
Your site could not complete a loopback requestGET/WordPress/6.0.1 < site-hostname >
Your site could not complete a loopback requestPOST/wp-cron.phpWordPress/6.0.1 < site-hostname >

These requests all come from the origin IP and not a Cloud service. As a result, Cloudflare does not have an easy way to add these types of requests to verified bots.

When these requests are blocked, WordPress’s block editor screen, Cron events, and automated tests that third-party themes and plugins use cannot function.

Many different WordPress components perform different loopback tests beyond the original one, making it a complex problem to create exceptions for.

​​ Resolution

Enterprise customers can write an allow rule for their origin IP to fix the issue.

Self-serve customers can turn off Super Bot Fight Mode or edit /etc/hosts file to have loopback requests resolve locally. Refer to this guide on how to fix WordPress Loopback errors.