If you have just put your WooCommerce store behind Cloudflare and Veeqo has immediately stopped syncing, you are in the right place. This is a well-documented problem with a clear fix. The Veeqo channel dashboard typically shows:
- Store activated
- ERROR – Orders syncing failed
- ERROR – Products syncing failed
The store may appear connected and even fetch stock levels successfully, but full order and product sync fails. This partial connectivity is misleading and causes a lot of confusion during diagnosis.
Why You Enabled Cloudflare on WooCommerce in the First Place
Most WooCommerce store owners turn to Cloudflare after being hit by card testing bots. Card testing is a form of fraud where criminals use automated bots to check whether stolen card details are valid by attempting small transactions on e-commerce sites. If a payment goes through, even for a few pence, they know the card is live and can be used for larger fraud elsewhere.
WooCommerce is a particularly attractive target for several reasons:
- It powers a lot of e-commerce sites, making it a known and well-understood target
- Its checkout structure and payment endpoints follow predictable URL patterns, which bots can identify and exploit automatically
- Many WooCommerce stores run with minimal bot protection out of the box, relying on their payment gateway to catch fraud after the fact rather than preventing attempts at the door
- Guest checkout, which is enabled by default, means bots do not need to create accounts or solve login challenges
The result is waves of attempted bot orders, often hundreds in a short period. Even when the payment gateway declines them, the volume causes serious problems: server load spikes, payment gateway flags, potential suspension of merchant accounts, and staff time wasted on declined orders (or even shipping the odd one that slips through to a nonsense address).
Cloudflare acts as a reverse proxy sitting in front of your server, filtering traffic before it reaches WooCommerce. Its Bot Fight Mode is specifically designed to challenge automated traffic. For card testing bots, it works well – until it starts breaking legitimate integrations like Veeqo.
Why Cloudflare Breaks Veeqo
Veeqo connects to WooCommerce via a Bridge2Cart connector – a PHP script installed on your server at:
/bridge2cart/bridge.phpThis connector makes repeated, automated, server-to-server POST requests to your site. From Cloudflare’s perspective, these requests look like bot traffic because they have no browser fingerprint, no cookies, and come from data centre IP addresses on hosting providers such as Hetzner in Germany.
When Bot Fight Mode is enabled in Cloudflare, it intercepts these requests before any of your custom WAF rules can fire. The requests receive a Managed Challenge response, which the Bridge2Cart connector cannot complete. The sync fails silently.
This is a pipeline order issue specific to Cloudflare’s free plan. On the free plan, Bot Fight Mode runs before custom WAF rules, which means IP allowlists and path-based skip rules do not help – the request is challenged before your rules are even evaluated.
How to Confirm the Diagnosis
The quickest way to confirm Cloudflare is the cause is to temporarily switch your DNS records from proxied (orange cloud) to DNS only (grey cloud) in Cloudflare’s DNS settings. If Veeqo immediately reconnects and begins syncing, Cloudflare proxying is definitely the problem.
You can also check Cloudflare’s security event log at Security > Analytics > Events. Look for entries showing:
- Action: Managed Challenge
- Service: Bot fight mode
- Path: /bridge2cart/bridge.php
The source IP will typically be a Hetzner address in Germany – this is the API2Cart infrastructure that Veeqo uses under the hood.
The Fix
The solution on Cloudflare’s free plan is to turn Bot Fight Mode off. Go to:
- Security > Bots
- Toggle Bot Fight Mode off
Once disabled, reconnect the store in Veeqo, and sync should resume immediately.
Important note on custom rules: You may have already tried creating a WAF custom rule to skip Bot Fight Mode for Veeqo’s IP addresses or for the /bridge2cart/ path. On the free plan, these rules do not work for this purpose because Bot Fight Mode runs before custom rules in the processing pipeline. This is a Cloudflare free plan limitation. Upgrading to Cloudflare Pro resolves this by giving access to Super Bot Fight Mode, which does support verified bot exceptions.
Replacing Cloudflare Bot Fight Mode with Better-Targeted Protection
Bot Fight Mode is a broad tool. For WooCommerce stores dealing specifically with card-testing bots, there are more targeted alternatives that do not break integrations.
Cloudflare Turnstile on checkout
Adding Cloudflare Turnstile to your WooCommerce checkout page stops card-testing bots at the point where they cause damage. Turnstile presents an invisible or visible challenge to users on the checkout page. Human customers pass automatically or with one click. Automated bots cannot complete it and cannot place orders.
This is more effective than Bot Fight Mode for card testing because it targets the specific action bots are trying to complete, rather than attempting to identify bots from traffic patterns earlier in the request.
We implement this using the WordPress plugin Simple CAPTCHA Alternative with Cloudflare Turnstile, which integrates cleanly with WooCommerce checkout and requires no coding. Once configured in Cloudflare and connected via the plugin, it works silently in the background for legitimate customers while stopping bots from completing transactions.
Cloudflare’s standard protection
Even without Bot Fight Mode, Cloudflare’s proxy provides substantial protection by default:
- Your real server IP is hidden from the public internet
- DDoS protection is active at the network level
- Browser Integrity Check blocks many known bad actors
- Security Level (Medium by default) blocks requests from IPs with poor reputation scores
For most WooCommerce stores, this combination – Cloudflare proxy plus Turnstile on checkout – provides robust protection without the collateral damage to integrations that Bot Fight Mode causes.
Cloudflare IP Allowlist Rules
Even with Bot Fight Mode off, it is good practice to add a WAF skip rule for Veeqo’s known IP addresses. This ensures that if Bot Fight Mode is ever re-enabled by mistake, Veeqo traffic is explicitly trusted. The expression to use in a custom rule is:
ip.src in {45.91.252.134 54.190.162.246 167.235.89.157 95.217.205.88 5.9.144.242 2a00:e7a0:3:23a:250:56ff:fe94:2df3 2a01:4f8:190:23e3::/64}Set the action to Skip and place the rule first in your rule order. Note again that on the free plan, this rule alone will not override Bot Fight Mode – it is a belt-and-braces measure to use alongside turning Bot Fight Mode off.
Veeqo – WooCommerce – Cloudflare Not Working Summary
- Veeqo uses Bridge2Cart to connect to WooCommerce, making automated POST requests to /bridge2cart/bridge.php
- Cloudflare’s Bot Fight Mode identifies these as bot traffic and issues a Managed Challenge
- On the free plan, Bot Fight Mode runs before custom WAF rules, so IP allowlists and skip rules do not help
- The fix is to turn Bot Fight Mode off
- Replace it with Cloudflare Turnstile on the WooCommerce checkout page for targeted card-testing protection
- Cloudflare’s standard proxy protection remains active and effective without Bot Fight Mode
This issue affects both sites added to Cloudflare for the first time and existing sites where Bot Fight Mode is subsequently enabled. The same fix applies in both cases.
A Note on Veeqo Support
Veeqo is a free service, and its support reflects that. If you raise a ticket about this issue, do not expect a quick resolution. At the time of writing, we are still waiting for a response to a support request submitted four days ago. The fix documented in this article was arrived at through our own diagnosis, not through any help from Veeqo’s support team.
This is not a criticism so much as a practical warning. Veeqo is a capable platform, and the free tier offers genuine value for multichannel sellers, but if you hit a technical problem, you will largely be on your own. Factor that in when deciding how much of your order management workflow to build around it.