[SOLVED] Cloudflare & WordPress: Getting a 403 when saving to POST /wp-json/wp/v2/posts/, Failed to load resource: the server responded with a status of 403
[SOLVED] Cloudflare & WordPress: Getting a 403 when saving to POST /wp-json/wp/v2/posts/, Failed to load resource: the server responded with a status of 403

Cloudflare may block updates to posts & other API dependent content (ie. page builders, etc). If you’re seeing a 403 for /json/wp/v2/posts, here’s why…

[SOLVED] Google Best Practices:
[SOLVED] Google Best Practices: “Includes front-end JavaScript libraries with known security vulnerabilities” ([email protected])

Google Lighthouse Best Practices often flags Wordpress for “Includes front-end JavaScript libraries with known security vulnerabilities”. Why?

How To: Restrict a path for logged-out users

WITH 403: To restrict a path from public access (returning a 403 page), just add this to your nginx configuration (or ask your hosting provider): WITH REDIRECT: To restrict a path from public access (redirecting to another page, like a login form), just add this to your nginx configuration (or ask your hosting provider): NOTE: […]

How To: Force Robots.txt and Sitemap.xml over HTTPS:// on WP Engine

If you’re on WP Engine and are not routing through Cloudflare or a similar proxy that can force static files to HTTPS://, you may notice that a request to https://domain.com/robots.txt or https://domain.com/sitemap.xml won’t redirect to HTTPS:// (or many other static files). They will both still load with HTTPS:// if specifically requested with that protocol – […]

How to: OCSP Stapling on WP Engine

Online Certificate Status Protocol, or OCSP for short, is a standard validating the whether an X.509 certificate has been revoked or not. OCSP Stapling removes the need for clients to query the Certificate Authority (CA) on lookup which improves performance and security at the SSL level. If you’re already routing through Cloudflare and are using […]

Are Google Fonts Illegal? (GDPR)
Are Google Fonts Illegal? (GDPR)

You may have heard that serving Google Fonts on your website can constitute a GDPR violation, and may be flat out illegal. But is that really true?

How To: HIPAA Compliant Uploads in WordPress

Most hosting providers by default aren’t HIPAA Compliant. If you run a WordPress site where you need to process personal healthcare information (ie. accept uploads of healthcare documentation), this can be a major problem. Thankfully, there’s a simple enough workaround: Dropbox Integrating Dropbox with your sites’ submission form(s) will allow uploads to become HIPAA compliant […]

How To: Syncing Dropbox to SFTP with Microsoft Flow on WP Engine

Login to your Microsoft Flow account and click My Flows, then click New and select Create from Template: Search for dropbox sftp and you’ll see Sync files from a folder in Dropbox to folder on SFTP server: You’ll see the option to Sign in to your Dropbox account at the bottom of the page: Click […]

GDPR and IP Address Logging

Ever since GDPR was announced, there has been a lot of speculation and disinformation propagated throughout the web. One of the more common myths that has caused the most confusion is that the logging of IP addresses on a server violates this new legal framework. The thinking is that an IP address is “personal data” […]

Copyright © 2019 Nodeflame