Bug #25003
openJetpack access blocked
0%
Description
I can no longer access my site via Jetpack.com nor the Jetpack mobile app. I suspect it's the same problem documented in https://redmine.gc.cuny.edu/issues/24987; Jetpack is probably also blocked from the REST API via Cloudflare.
Files
Updated by Raffi Khatchadourian 1 day ago
This might also have an on-site functionality impact. Specifically, my site is using Jetpack powered search (e.g., https://khatchad.commons.gc.cuny.edu/?s=test). While results are still coming up, I wonder if new content is being indexed.
Updated by Boone Gorges about 24 hours ago
- File Screenshot_2026-05-13_10-52-24.png Screenshot_2026-05-13_10-52-24.png added
- Status changed from New to Reporter Feedback
Jetpack's interactions with WP websites take place over multiple channels. Mostly it's through XML-RPC. Back in January 2026, we talked to our webhost about allowing traffic over this protocol from Jetpack IP addresses https://jetpack.com/support/how-to-add-jetpack-ips-allowlist/
I've just reached out to the host to see if they can loosen the WAF rules a bit by whitelisting all traffic from the Jetpack/wordpress.com IP ranges.
If you continue to have problems, please provide precise details on exactly what's not working. It's important because, as mentioned, different parts of the Jetpack-Commons integration take place using different mechanisms. For what it's worth, I was able to use the Jetpack app to connect to and manage posts on a Commons site, but the jetpack.com picker is failing for me via the web (see screenshot - clicking a site results in nothing happening, with a bunch of 500 errors in the console).
Updated by Boone Gorges about 18 hours ago
The host reports "I've made an adjustment that should allow Jetpack to hit /wp-json/ as well. Let me know if that resolves that issue." - Can you let me know whether this resolves the Jetpack problem?
Updated by Raffi Khatchadourian about 13 hours ago
Boone Gorges wrote in #note-3:
The host reports "I've made an adjustment that should allow Jetpack to hit /wp-json/ as well. Let me know if that resolves that issue." - Can you let me know whether this resolves the Jetpack problem?
Still can't fetch pages and posts via JetPack. By the way, it works fine on open lab (City Tech).
Updated by Boone Gorges about 4 hours ago
Hm, thanks for the update. Can you please explain exactly what you're doing, in either the web app or the mobile app, so that I can better understand the problem?
Do you happen to be a paying customer with Jetpack? Instead of guessing, it might be more direct if you were able to go to them, explain the precise nature of your problem, and have them look in their logs to determine whether this is, indeed, a WAF problem - and if so, what endpoint they're getting blocked from.