Wordpress LScache Plugin: LiteSpeed Cache Triggering WAF Rule in Cloudflare
Last Updated on: Wed, 15 Apr 2026 00:00:02 Hello, We recently discover that the plugin LiteSpeed Cache is triggering a false positive WAF Rule in Cloudflare, this would be Rule ID: 100139B (PHP ? XSS, Code Injection ? Data URI) This is affecting Bing search engine. The problem is that for example when Bing process a regular URL it should looks like this: https://mysite.com/crazy-cat/ But instead the URL that Bing is trying to process it looks like this: https://mysite.com/crazy-cat/data:text/javascript base64,kgfkc2j5z29vz2xlpxdpbmrvdy5hzhniewdvb2dszxx8w10plnb1c2goe30p So Cloudflare blocks Bing thinking is a hacking attempt. We tried a few thing on our end and the only thing that worked was disabling the plugin LiteSpeed Cache. This has created a huge problem for us as our home page has been delisted from Yahoo, AOL, Duckduck Go and of course Bing as they all use the Bing engine to index sites. Report number: ZUKVMWBD If you could help us with this it would be great. Best regards Hi, the code in HTML is like
LiteCache Rush: Speed comes from using less, not from doing it faster
Reference