Wordpress Question posted in
The official Wordpress documentation can be found here.

MailChimp RSS campaign validation fails with Cloudflare, Wordfence and WordPress

I’ve been using a MailChimp RSS campaign for several years but not posted for some time until yesterday. The campaign didn’t send and I’ve paused it to check the config.

It’s failing at the "RSS feed and send timing" step with the error "Connecting to url failed". The URL is using https.

I can access that URL from inside my network and it passes validation with https://validator.w3.org/feed. My environment is WordPress with Wordfence and Cloudflare. All WordPress plugins are current as is WordPress and my theme. I reviewed Cloudflare/Security/Events and see nothing matching the timestamps when I’ve tried validating the feed URL via Mailchimp. I have set Cloudflare to development mode and also tried pausing Cloudflare. At the same time I’ve set Wordfence to learning mode and also reviewed the Wordfence security log with nothing showing up at this time. I’ve also disabled all plugins that affect content (cache and content optimisation etc) and disabling http redirects in Cloudflare. I’ve also checked Cloudflare trace to see if anything is being modified by a page rule.

It feels like it’s failing before even connecting to my host – I am using Full (strict) SSL/TLS encryption mode and also tested with Off and Flexible modes.

What else can I do at my end?

Thank you for your advice.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Resolved: I had "minimum TLS version" set to TLS 1.3 instead of the default 1.0 in Cloudflare/SSL-TLS/Edge certificates. Setting it to 1.0, 1.1 or 1.2 allows MailChimp to access the RSS URL.

    Interesting that the MailChimp RSS feed check routine didn't work with 1.3 when https://mailchimp.com/developer/release-notes/retiring-legacy-versions-of-transport-layer-security-tls-protocol/ says

    As of July 18, 2023, Mailchimp Transactional no longer supports Transport Layer Security protocol (TLS) v1.0 and v1.1. We already support TLS v.1.2 and above. If you're not using TLS v1.2 or above, this may require coding changes.

    TLS v1.0 and v.1.1 have been sunsetted so we are making the corresponding changes.

    I guess "1.2 and above" isn't accurate as 1.3 doesn't work with their RSS feed check routine.


  2. 0

    I appreciate you posting your question and answer because it helped me figure out the solution for my situation. I was not using WordFence but was using Cloudflare and WordPress.

    My site had TLS 1.0 as the default in Cloudflare so that didn’t resolve it.

    Thanks to this post and some other digging, I was able to get the feed to validate by creating a custom rule for the RSS feed path and allowing two User Agents (MailChimp and FeedValidator) that I found in the Events log. You may want to extra conditions (like IP etc) for more security.

    cloudflare screenshot with settings for URI path and user agents

    One other related issue I ran into was that WebP images can’t be added to RSS feeds as the feed won’t validate. So if your feature image is in WebP format, the RSS validation will fail.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search