Hello @Kip Kniskern ,
I understand you've a single Azure VM running Ubuntu 22.04 set up to run your WordPress website and when you try to update a WordPress hook including some ad code, you were getting the following error: "rule 934100 - reason Node.js Injection Attack Matched Data: function () { found within args ....".
I've seen such issues in the past when the Azure VM is behind an Application gateway.
However, you mentioned that you are not using an Application Gateway or Front Door or Azure WAF.
But you run your site through Cloudflare, where you have a WAF enabled.
Azure WAF is based on OWASP rulesets (open source). If you look at the OWASP ruleset, you will find this rule 934100.
I did a bit of research and found that Cloudflare also uses OWASP rulesets. And I also found some issues where Cloudflare blocks some requests on WordPress. So, I advised you to check your Cloudflare WAF settings.
You checked your Cloudflare settings and confirmed that you've the Managed Rules OWASP Ruleset turned off and you also checked the server (Ubuntu 22.04) where the firewall is inactive and there's no modsecurity installed.
You found a post regarding Defender for APIs which comes along Microsoft Defender for Cloud and you wanted to know if that is somehow causing issues as Microsoft Defender for Cloud is partially enabled for your subscription and is enabled for the VM.
I read through the Microsoft Defender for APIs documentation and found that Defender for APIs discovers and analyzes REST APIs and shouldn't have any impact on your virtual machines.
Later, you confirmed that you found the issue. It was neither Cloudflare nor Azure. You have WordPress Jetpack installed, and they recently introduced a new feature, a Web Application Firewall. When they introduced it, you enabled it, and this was causing issues. When you turned off the radio button enabling the Jetpack WAF, everything started working again.
Thank you for sharing the resolution.
Kindly let us know if you need further assistance on this issue.
Please don’t forget to close the thread by clicking "Accept the answer", as this can be beneficial to other community members.