Firewall Blocking Legitimate RequestsPRO

Is the firewall blocking WooCommerce checkout, payment webhooks, or API integrations? Here's how to identify and fix false positives.

Common Symptoms

WooCommerce checkout failing or showing errors
Payment gateway webhooks not working (Stripe, PayPal, etc.)
Contact forms not submitting
REST API returning 403 errors
Gutenberg/Block editor not loading
Mobile app can't connect to WordPress
Third-party integrations failing
AJAX requests being blocked

Step 1: Check the Firewall Log

First, identify what's being blocked:

Go to Royal Security → Firewall

Access the firewall settings page in your WordPress admin.

View the Traffic Log

Look for recent blocked requests. Note the:

IP address being blocked
URL/endpoint being requested
Block reason (SQL injection, XSS, rate limit, etc.)

Identify the pattern

Is it a specific IP? A specific URL path? A specific rule triggering?

Step 2: Whitelist the Service

Once you've identified what's being blocked, add it to the whitelist.

Whitelist by IP Address

For payment gateways and third-party services that send webhooks from known IPs:

Go to Royal Security → IP Management

This is a dedicated page for managing IP whitelists and blacklists.

Add the service's IP addresses to the whitelist

See the common services section below for IP ranges to whitelist.

Common Services to Whitelist

Here are IP ranges and paths for popular services:

Stripe

Payment webhooks

Path: /wc-api/wc_stripe/

Stripe IP list →

PayPal

IPN notifications

Path: /wc-api/wc_paypal/

PayPal IP list →

WooCommerce

Checkout & AJAX

Paths: /wc-api/, /?wc-ajax=

WordPress REST API

Gutenberg, apps, headless

Path: /wp-json/

Cloudflare

CDN/Proxy traffic

Cloudflare IP ranges →

Mailchimp

Webhook notifications

Path: /wp-json/mailchimp/

Service-Specific IP Lists

Most payment providers publish their webhook IP addresses. Search for "[service name] webhook IP addresses" to find the official list to whitelist.

Step 3: Adjust Firewall Rules

If whitelisting doesn't solve the issue, you may need to adjust firewall sensitivity.

Disable Specific Rules

Rule	May Block	When to Disable
SQL Injection	Search queries, forms with special characters	If legitimate searches are blocked
XSS Protection	Rich text editors, HTML forms	If page builders break
Rate Limiting	Heavy API usage, imports	During bulk operations
Bad Bot Blocking	Legitimate crawlers, monitoring	If uptime monitors are blocked

Don't Disable Everything

Only disable specific rules causing issues. Disabling all firewall rules leaves your site unprotected. Prefer whitelisting over disabling.

Step 4: Test Your Fix

Clear any caching (page cache, CDN cache, browser cache)
Test the functionality that was broken
Check the firewall log again to confirm no new blocks
For webhooks, use the provider's test/ping feature

Still Having Issues?

Enable Learning Mode - Temporarily logs requests without blocking to identify patterns
Check for Cloudflare/CDN - You may need to configure real IP detection
Review other plugins - Another security plugin may be conflicting
Contact support - Submit a ticket with your firewall log