Bug #25003
openJetpack access blocked
0%
Description
I can no longer access my site via Jetpack.com nor the Jetpack mobile app. I suspect it's the same problem documented in https://redmine.gc.cuny.edu/issues/24987; Jetpack is probably also blocked from the REST API via Cloudflare.
Files
Updated by Raffi Khatchadourian 23 days ago
This might also have an on-site functionality impact. Specifically, my site is using Jetpack powered search (e.g., https://khatchad.commons.gc.cuny.edu/?s=test). While results are still coming up, I wonder if new content is being indexed.
Updated by Boone Gorges 22 days ago
- File Screenshot_2026-05-13_10-52-24.png Screenshot_2026-05-13_10-52-24.png added
- Status changed from New to Reporter Feedback
Jetpack's interactions with WP websites take place over multiple channels. Mostly it's through XML-RPC. Back in January 2026, we talked to our webhost about allowing traffic over this protocol from Jetpack IP addresses https://jetpack.com/support/how-to-add-jetpack-ips-allowlist/
I've just reached out to the host to see if they can loosen the WAF rules a bit by whitelisting all traffic from the Jetpack/wordpress.com IP ranges.
If you continue to have problems, please provide precise details on exactly what's not working. It's important because, as mentioned, different parts of the Jetpack-Commons integration take place using different mechanisms. For what it's worth, I was able to use the Jetpack app to connect to and manage posts on a Commons site, but the jetpack.com picker is failing for me via the web (see screenshot - clicking a site results in nothing happening, with a bunch of 500 errors in the console).
Updated by Boone Gorges 22 days ago
The host reports "I've made an adjustment that should allow Jetpack to hit /wp-json/ as well. Let me know if that resolves that issue." - Can you let me know whether this resolves the Jetpack problem?
Updated by Raffi Khatchadourian 22 days ago
Boone Gorges wrote in #note-3:
The host reports "I've made an adjustment that should allow Jetpack to hit /wp-json/ as well. Let me know if that resolves that issue." - Can you let me know whether this resolves the Jetpack problem?
Still can't fetch pages and posts via JetPack. By the way, it works fine on open lab (City Tech).
Updated by Boone Gorges 22 days ago
Hm, thanks for the update. Can you please explain exactly what you're doing, in either the web app or the mobile app, so that I can better understand the problem?
Do you happen to be a paying customer with Jetpack? Instead of guessing, it might be more direct if you were able to go to them, explain the precise nature of your problem, and have them look in their logs to determine whether this is, indeed, a WAF problem - and if so, what endpoint they're getting blocked from.
Updated by Raffi Khatchadourian 21 days ago
Boone Gorges wrote in #note-5:
Hm, thanks for the update. Can you please explain exactly what you're doing, in either the web app or the mobile app, so that I can better understand the problem?
Besides using the JetPack search on my site, I sometimes edit and post from the mobile app (especially photos since it's convenient). And, sometimes I use wordpress.com (jetpack.com now) to manage multiple sites.
Do you happen to be a paying customer with Jetpack?
No.
Instead of guessing, it might be more direct if you were able to go to them, explain the precise nature of your problem, and have them look in their logs to determine whether this is, indeed, a WAF problem - and if so, what endpoint they're getting blocked from.
Sure!
Updated by Boone Gorges 21 days ago
Besides using the JetPack search on my site, I sometimes edit and post from the mobile app (especially photos since it's convenient). And, sometimes I use wordpress.com (jetpack.com now) to manage multiple sites.
Thanks. Can you please specify at least one UI path that you take, and exactly what you see? For example:
1. Open the Jetpack app
2. From the site selector dropdown at the top of the app window, select the site in question
3. Click 'Posts' from the site-specific panel
4. The next screen says 'Posts' at the top, and has a submenu 'Published', 'Drafts', 'Scheduled', etc. I see a list of posts as expected on this page.
You say that you're unable to access your sites. But at what point are you blocked? Are you not seeing it in the selector? Or when you pick it, does it simply hang? Or does it arrive at the landing page but there's no content? Or do you click 'Posts' but see nothing, or see an error message? Jetpack support will want this information, and I would also like to have it so that I can try to understand the precise kind of failure you're experiencing.
If you don't mind reaching out to Jetpack support, I'd be grateful - they are likely to be more directly responsive to you since you're the site/content owner.
Updated by Raffi Khatchadourian 17 days ago
When I choose any site on the selector, it just redirects to the current page. I reached out to Jetpack support. This is what I sent:
I'm having trouble accessing my site through cloud.jetpack.com and wordpress.com/sites. The site is khatchad.commons.gc.cuny.edu.
Symptoms:
- https://cloud.jetpack.com/landing — clicking my site flickers and drops me back to the picker.
- https://wordpress.com/sites — every feature except Stats redirects me back to wp-admin on my own site.
- Jetpack debug tool (https://jetpack.com/support/debug/?url=khatchad.commons.gc.cuny.edu) returns "Unknown error."
What I've ruled out:
- The site itself is reachable. https://khatchad.commons.gc.cuny.edu/wp-json/ returns normal JSON, so the WordPress REST API isn't blocked at the basic level.
- A fresh reconnect from my wp-admin (Jetpack > My Jetpack > Connection) did not resolve the issue.
- Jetpack's multisite feature limits (Backup/Scan/WAF/WordAds aren't supported on multisite) don't explain the symptoms I'm seeing.
Context: this site needed a Jetpack reconnect handled by the Commons team once before (#10125, related to HTTPS redirect handling). The Commons migrated to Reclaim Hosting in January 2025, which may have left stale or broken connection state for my subsite.
Updated by Boone Gorges 17 days ago
Thanks, Raffi - this looks like a super report to Jetpack. Please let me know what you hear back.
Updated by Boone Gorges 16 days ago
I heard back from our hosting contact that he's done more loosening of Cloudflare rules regarding Jetpack's ASN. If you feel like giving it another try while you wait for Jetpack's support response, please feel free.
Updated by Boone Gorges 16 days ago
Circling back - Raffi confirmed that at least some parts of the wordpress.com connection started working again after Reclaim's changes to the WAF rules. We'll leave this ticket open to allow Raffi to report any more issues, or to report back on any response he might get from Jetpack support.
Updated by Raffi Khatchadourian 3 days ago
Update from Jetpack support (req #11241425):
They confirm the site's Jetpack connection is valid and healthy, with no stale/orphaned entry from the January 2025 hosting migration, and their internal debugger now passes all tests—the earlier "Unknown error" no longer reproduces. They reproduced the cloud.jetpack.com site-picker bounce on their end and suggested direct deep-link URLs as a workaround.
Testing those deep links here:
activity-log/khatchad.commons.gc.cuny.edu—loads finesubscribers/khatchad.commons.gc.cuny.edu—loads finestats/day/khatchad.commons.gc.cuny.edu—returns HTTP 404 even from a clean browser session
Separately, both Calypso entry points (wordpress.com/sites and cloud.jetpack.com/landing) redirect straight to wp-admin and never load the Calypso UI.
Since the connection itself checks out, the wp-admin redirect and the stats 404 may be a remaining Cloudflare/edge interception of the Calypso REST handshake rather than a Jetpack connection problem—flagging in case another WAF-rule adjustment is worth a try. I'll report back once I hear more from Jetpack.