Troubleshooting

How to Whitelist the PayHelm-Import User Agent in WooCommerce / WordPress

Updated 12/4/2025
woocommerce, wordpress, firewall, security, user-agent, whitelist, import, troubleshooting, blocked, WAF, cloudflare

What is the PayHelm-Import User Agent?

When PayHelm connects to your WooCommerce store to import your orders, products, and customer data, our servers identify themselves using a specific user agent string: PayHelm-Import. This is similar to how web browsers identify themselves when visiting websites.

The user agent helps your server recognize that the incoming requests are legitimate data import requests from PayHelm, not malicious traffic.

Why Would I Need to Whitelist It?

Many WordPress sites use security plugins, web application firewalls (WAFs), Cloudflare, or hosting-level firewalls to protect against bots, scrapers, and malicious traffic. While these security measures are essential for protecting your store, they can sometimes block legitimate services like PayHelm.

Your security tools may block the PayHelm-Import user agent because:

  • Security plugins may flag unfamiliar user agents as suspicious bots
  • Cloudflare Bot Management may challenge or block automated requests
  • Web application firewalls may block automated requests that don't match common browser patterns
  • Hosting firewalls may have strict bot protection rules enabled by default
  • Rate limiting may trigger when PayHelm makes multiple API requests during data imports

When You Might See Issues

You may need to whitelist the PayHelm-Import user agent if you experience:

  • Import failures — Orders, products, or customer data fails to sync
  • Timeouts — Import processes start but never complete
  • Blocked requests — Error messages indicating your requests were denied
  • Partial imports — Some data imports successfully while other data is missing
  • 403 or 401 errors — Access denied or unauthorized messages in your PayHelm dashboard
  • Cloudflare challenge pages — Requests being intercepted by Cloudflare's bot protection

How to Whitelist PayHelm-Import

Option 1: Cloudflare

If your site uses Cloudflare, you'll need to create a WAF rule to allow PayHelm requests:

Using Cloudflare Dashboard:

  1. Log in to your Cloudflare dashboard at dash.cloudflare.com
  2. Select your website/domain
  3. Navigate to SecurityWAF (Web Application Firewall)
  4. Click on Custom rules tab
  5. Click Create rule
  6. Give your rule a name like "Allow PayHelm Import"
  7. Under When incoming requests match..., set up the expression:
    8. - Field: User Agent - Operator: contains - Value: PayHelm-Import
  8. Under Then take action..., select Skip or Allow
  9. If using Skip, check the boxes for the security features you want to bypass (WAF rules, Rate limiting, etc.)
  10. Click Deploy to save the rule

Alternative: Using Expression Builder:

You can also use this expression directly: 

(http.user_agent contains "PayHelm-Import")

Cloudflare Bot Management (Enterprise):

If you have Cloudflare Bot Management enabled:

  1. Go to SecurityBots
  2. Navigate to Configure Super Bot Fight Mode or Bot Management
  3. Add PayHelm-Import to your verified bots allowlist, or
  4. Create a custom rule as described above to skip bot challenges for this user agent

Cloudflare Security Level:

If you have a high security level set:

  1. Go to SecuritySettings
  2. Consider creating a Page Rule or WAF exception for your WooCommerce API endpoints (/wp-json/wc/*) that allows the PayHelm-Import user agent

Option 2: WordPress Security Plugins

Most WordPress security plugins allow you to add trusted user agents to an allowlist. Here are general steps:

  1. Log in to your WordPress admin dashboard
  2. Navigate to your security plugin's settings (usually found in the main menu)
  3. Look for Firewall, Bot Protection, or User Agent settings
  4. Find the Allowlist, Whitelist, or Trusted Bots section
  5. Add PayHelm-Import to the list of allowed user agents
  6. Save your changes

Tip: Some plugins may have this setting under "Advanced Settings" or "Firewall Rules."

Option 3: Hosting Dashboard or cPanel

If your hosting provider offers firewall controls:

  1. Log in to your hosting control panel (cPanel, Plesk, or custom dashboard)
  2. Look for Security, ModSecurity, or Firewall settings
  3. Find the user agent or bot management section
  4. Add PayHelm-Import as an allowed or trusted user agent
  5. Save your configuration

Note: Some managed WordPress hosts handle security at the server level. You may need to contact their support team to whitelist the user agent.

Option 4: Other Web Application Firewalls (WAF)

If you use a cloud-based WAF service other than Cloudflare:

  1. Log in to your WAF or CDN dashboard
  2. Navigate to Firewall Rules or Security Settings
  3. Create a new rule to allow requests with user agent containing PayHelm-Import
  4. Set the action to Allow or Bypass
  5. Save and deploy the rule

Option 5: Server-Level Configuration

For advanced users with server access, you can add rules to your .htaccess file (Apache) or server configuration:

Apache (.htaccess example): 

SetEnvIfNoCase User-Agent "PayHelm-Import" allowed_bot

Note: Server-level changes should only be made if you're comfortable with server configuration. Consider consulting with your hosting provider or a developer.

Troubleshooting

Import Still Failing After Whitelisting

  1. Clear caches — Clear any caching plugins, server-side caches, and Cloudflare cache
  2. Check multiple layers — You may have security at multiple levels (Cloudflare + plugin + hosting). Ensure all layers have been updated
  3. Verify the exact user agent — Make sure you entered PayHelm-Import exactly as shown (case-sensitive in some systems)
  4. Disable security temporarily — As a test, temporarily disable your security plugin or pause Cloudflare to confirm it's the source of the block. Re-enable immediately after testing
  5. Check server logs — Look at your WordPress debug logs or server error logs for specific block messages

Cloudflare-Specific Troubleshooting

  1. Check Cloudflare Firewall Events — Go to Security → Events to see if PayHelm requests are being blocked
  2. Review your Security Level — Under Security → Settings, check if your security level is set too high
  3. Check Bot Fight Mode — Ensure Bot Fight Mode isn't blocking the requests (Security → Bots)
  4. Verify rule order — Make sure your allow rule has higher priority than block rules
  5. Check for conflicting Page Rules — Page Rules can override WAF settings

Finding What's Blocking PayHelm

To identify which security layer is blocking requests:

  1. Check your security plugin's activity log or blocked requests section
  2. Review Cloudflare's Firewall Events for blocked or challenged requests
  3. Review your hosting's access logs for denied requests
  4. Look in your WAF dashboard for blocked traffic from PayHelm's IP addresses

Still Need Help?

If you've tried the steps above and are still experiencing issues:

  1. Note the exact error message you see in PayHelm
  2. Identify which security tools are installed on your site (including Cloudflare settings)
  3. Check Cloudflare Firewall Events for any blocked requests
  4. Contact PayHelm support with these details, and we'll help you troubleshoot

Our team can provide additional guidance specific to your setup and help ensure your data imports smoothly.

Related Articles

Resolving Etsy Order Fulfillment Sync Issues with PayHelm

Learn how to resolve Etsy order fulfillment sync issues in PayHelm to ensure accurate shipping and insurance processing.

Troubleshooting Data Visibility Issues and Using Backfill Functionality

Resolve data visibility issues in PayHelm by ensuring proper WooCommerce connection and utilizing the backfill functionality effectively.

Resolving Discrepancies in Shopify Payouts with PayHelm

Learn how to address discrepancies in Shopify payouts using PayHelm's filtering and reporting features for accurate financial reconciliation.

Was this article helpful?

If you still need assistance, don't hesitate to reach out to our support team.