[WooCommerce] Will my Security Plugin or Firewall work with Autoship Cloud?

If your WooCommerce site is using plugins to manage security and permissions, you may need to update your security plugin settings to ensure that your Autoship Cloud's hosted service, QPilot (https://QPilot.cloud), will be able to successfully connect with your site's WooCommerce REST API.

In this doc, we'll review some of the most popular security plugins used by WooCommerce merchants, and how to configure them to ensure that your site can connect and integrate with your QPilot Account successfully.

  • Wordfence
  • iThemes Security
  • Cloudflare
  • Sucuri

Already updated your security settings? Test your API Health Connection right from the WordPress Admin:

After updating your security plugin, you can test your API Health Connection by selecting "Test Integration" in the Autoship Cloud plugin's Settings page by logging into your WordPress Admin (  WP-Admin > Autoship Cloud > Setting ). 

How QPilot uses User Agents:

QPilot sends a User-Agent to help "authenticate" the request made is from QPilot. This information is located in the request header on QPilot's requests to sites.

Example QPilot User-Agent

  • QPilot/2.6.1 (Merchant Center 1.5.17; Web Components 0.9.9)

Wordfence (wordfence.com)

The Wordfence security plugin enables you to block unwanted traffic using Firewall Options.

Updating the Wordfence plugin's "Advanced Firewall Options" will enable you to Whitelist QPilot's IP Addresses by following these steps:

  1. In your WordPress Admin, navigate to WP-Admin > Wordfence > Firewall
  2. Choose "Advanced Firewall Options"
  3. Add QPilot's IP Addresses to the "Allowlisted IP addresses that bypass all rules" field (see screenshot below)

You can learn more about Wordfence's Firewall and options here: https://www.wordfence.com/help/firewall/options/

iThemes Security Pro (ithemes.com/security)

The iThemes Security Pro plugin uses multiple methods to block unwanted traffic, including a "Lockout Whitelist" feature that blocks specific IP Addresses from visiting and making requests with your site, and also a  "Ban Users" feature that blocks User-Agents from accessing your site.

Whitelisting QPilot's IP Addresses with iThemes Security

Updating the "Lockout Whitelist" feature in the iThemes Security plugin will enable you to Whitelist QPilot's IP Addresses by following these steps:

  1. From your WordPress dashboard, you need to go to your WP-Admin > iThemes Security Settings > Global Settings > Configure Settings (as demonstrated in the screenshot below).e0ac5a932d8c4b57c4c9d4913602bacf.png
  2. Scroll down to the "Lockout Whitelist" section to enter the IP Addresses that need to be whitelisted for Autoship Cloud powered by QPilot. 
    1. You can find a list of all IP Addresses that QPilot uses here.
  3. Once done, click on "save settings" to complete the process.

Unblocking QPilot from iThemes Security's "Ban Users" Settings

In addition to adding QPilot's IP Addresses to iThemes Security's "Lockout Whitelist", it may also be necessary to update the iThemes Security plugin's "Ban Users" options to ensure that your site does not block the connection between your WooCommerce REST API and your QPilot Account by following these steps:

Cloudflare (cloudflare.com)

Cloudflare uses a combination of Firewall settings that include IP Access Rules and other permission blocking settings to prevent unwanted traffic or requests with your WordPress site.

Whitelisting QPilot's IP Addresses with Cloudflare

Cloudflare provides specific steps on how to whitelist IP Addresses using the Cloudflare Firewall App here.

Unblocking QPilot from Cloudflare's User-Agent Blocking

In addition to whitelisting QPilot's IP Addresses, you may also need to update Cloudflare's settings for User-Agent Blocking.  This may be necessary if your site is blocking any requests that have an "Empty User-Agent" (see screenshot below to see what this setting looks like in Cloudflare).

Cloudflare provides specific steps for managing User Agent Blocking here.

Sucuri (sucuri.com)

Sucuri uses a Firewall to enable you to block unwanted traffic using IP Address Whitelisting and Blacklisting.

Updating the Sucuri's "Whitelist IP Addresses" list will enable you to Whitelist QPilot's IP Addresses by following these steps:

  1. Follow the steps provided by Sucuri for Whitelisting IP Addresses using the Sucuri Dashboard
  2. Add QPilot's IP Addresses under the Whitelist IP Addresses section (Dashboard method)
  • Select the "Whitelist" action to whitelist each IP address once you have typed it into the box