Hi, i have a Pro licence, and when i add the code on the website it says
its the first time that this happends to me.
Best,
Andrea
its the first time that this happends to me.
Best,
Andrea
Might be the same issue I’m having. All our validated sites come up with critical errors when I try to open cornerstone - seems like some sort of license validation issue. Everything is fine on the front end thought.
I read the detail, seems that cloudflare requests a challenge on cornerstone side and cannot connect.
I think they should fix on their end…
Fresh clean install, latest Pro package downloaded directly from your site.
Product validation fails, and the server response shows Cloudflare challenge headers instead of a valid API response.
Relevant response details:
cf-mitigated: challengecontent-type: text/htmlserver: cloudflare
This means the validation request is being challenged by Cloudflare instead of returning the expected validation payload.
I am also seeing Cornerstone/RemoteAssets issues across multiple servers, which appears consistent with remote services returning an invalid response.
Please confirm whether your validation or remote asset endpoints are currently being challenged by Cloudflare and how to bypass or fix this for server-to-server validation requests.
Still Cannot activate my pro liscence! is there a workarround or are you working on it?
i tried with previous version [6.7.13] and Latest Version [6.8.5]
The Error i get:
Array
(
[headers] => WpOrg\Requests\Utility\CaseInsensitiveDictionary Object
(
[data:protected] => Array
(
[date] => Mon, 20 Apr 2026 13:05:03 GMT
[content-type] => text/html; charset=UTF-8
[accept-ch] => Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
[cf-mitigated] => challenge
[critical-ch] => Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
[cross-origin-embedder-policy] => require-corp
[cross-origin-opener-policy] => same-origin
[cross-origin-resource-policy] => same-origin
[origin-agent-cluster] => ?1
[permissions-policy] => accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),xr-spatial-tracking=(self)
[referrer-policy] => same-origin
[server-timing] => chlray;desc="9ef45bbc5bfb9f7b"
[x-content-type-options] => nosniff
[x-frame-options] => SAMEORIGIN
[report-to] => {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=oqTFhtH6OpS3e9Ww0Un%2FEQ7YVXLhfU7lPcLABVyj4cf%2BRT533B8W1ewE%2BY9n5X5YxYQfuK5XwOuSHUbAQHriGAlN%2Fv6g6q%2BBYeSazfZPpQJr%2F%2BEK%2BeBvzKm8xg%3D%3D"}]}
[nel] => {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
[content-encoding] => gzip
[server] => cloudflare
[cf-ray] => 9ef45bbc5bfb9f7b-AMS
[alt-svc] => h3=":443"; ma=86400
)
)
[body] =>Try again, we’re trying to update things on our end.
What server host are you using?
It looks like the PHP requests made by the theme to your endpoints are being interpreted by Cloudflare (likely used by your endpoints, such as https://demo.theme.co/designcloud/wp-json/design-cloud/v3/index
as bot traffic. @charlie
I’ve disabled all Cloudflare security for those endpoints already. You might be getting a cache so just keep trying.
If I provide my IP address, could you verify whether it has been temporarily blocked or rate-limited by Cloudflare due to repeated test requests?
I’m consistently experiencing failures where the activation request is blocked by a Cloudflare challenge. @charlie
Contact your host, that IP is apparently being used for fraud.
Hi but my direct IP is not listed, i double checked with OVH and UCEPROTECT is listing the entire Subnet and not my Direct IP
Like this all IP in that Subnet would not work. in my case since i use OVH all my OVH website (6) will not work and will not receive updates.
i am using Themeco for 4 years and i never had that kind of problem they all came out all at once.
Here its an explaination:
" As you should know now: It is not you, it is your complete provider which got UCEPROTECT-Level 3 listed.
Your IP 5.135.23.164 was NOT part of abusive action, but you are the one that has freely chosen your provider.
By tolerating or ignoring that your provider doesn’t care about abusers you are indirectly also supporting the global spam with your money.
Seen from this point of view, you really shouldn’t wonder about the consequences."
can you please correct that? @charlie
thank you
My proivider answered me that this UCEPROTECT is asking for money to be delisted as ransom.
here is the complete link:
Why don’t you try again. Are you sure you are sending us the right server IP?
I just tryed again:
Still have the same issue with:
Array
(
[headers] => WpOrg\Requests\Utility\CaseInsensitiveDictionary Object
(
[data:protected] => Array
(
[date] => Mon, 20 Apr 2026 19:47:34 GMT
[content-type] => text/html; charset=UTF-8
[accept-ch] => Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
[cf-mitigated] => challenge
[critical-ch] => Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
[cross-origin-embedder-policy] => require-corp
[cross-origin-opener-policy] => same-origin
[cross-origin-resource-policy] => same-origin
[origin-agent-cluster] => ?1
[permissions-policy] => accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),xr-spatial-tracking=(self)
[referrer-policy] => same-origin
[server-timing] => chlray;desc="9ef6a95f6fb8d08a"
[x-content-type-options] => nosniff
[x-frame-options] => SAMEORIGIN
[report-to] => {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=yjs4WBIKElc7yo053x6ZKYTmJABfoz%2FyIXettEl8WNmnvEFdJtmGcS5xfpNP5AUO%2Fgor2KRj0XbBFXyLjk5Z8sdhZhUtR3hSVtQ4sprqo44XHtZ%2BHa2JGv8GRA%3D%3D"}]}
[nel] => {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
[content-encoding] => gzip
[server] => cloudflare
[cf-ray] => 9ef6a95f6fb8d08a-CDG
[alt-svc] => h3=":443"; ma=86400
)
)
[body] =>
I also can’t install any for your tools from my other WP sites i’m locked out everywhere.
@charlie Thank you