I have a static Gatsby site that uses WordPress for it's back end. I also have the WordFence plugin installed to prevent hackers from causing havoc. I started out without WordFence installed, the site got hacked, and we had to scrap the whole back end and start over with a new database.
When trying to deploy my Gatsby website using Netlify I recieve this error message:
If you are using a security plugin like WordFence or a server firewall you may need to whitelist your IP address or adjust your firewall settings for your GraphQL endpoint.
I have the NetlifyPress WordPress plugin installed. It doesn't help prevent the issue.
I was able to fix this error locally by whitelisting my IP address in the Wordfence firewall settings.
It's not as simple whitelisting the Netlify automated build processes on the website though.
Does anyone know how to stop Wordfence from from blocking Netlify?
I figured it out!
Some caveats:
Be super careful that you don't accidentally whitelist a hacker!
WordFence is constantly blocking attacks. Most attacks aren't trying to access "/graphql" though, so that is a pretty good indicator of which rows are services you want to white list and which rows are hackers that need to stay blocked.
The above method seems to give access to anyone that is trying to access the "/graphql" endpoint. That might be considered a security issue for you. On the plus side, it meant that it also fixed my BitBucket pipeline issue.
An alternative method is to copy the IP Address in the "IP Address" column then add it to your IP Address whitelist.
That could turn into quite a long list though as Netlify has a lot of servers all with different IP addresses. You will have to be constantly whitelisting new IP Addresses. It is admittedly a much more secure method than the first option though. This method ensures that only Netlify will have access to the "/graphql" end point.