Thank you! That helps a lot! For anyone interested, I use the following code:
$meta_desc = strip_tags(do_shortcode($meta_desc, false));
After i turned off cloudflare from cloudflare DNS setting, I reversed all of the following:
Note that I have used the site_option_active_sitewide_plugins hook to disable wp defender for the affected site. I don't know if this is effective as wp defender is a network only plugin.
I have also disabled "Ban admin user logins" temporarily because clients are reporting they're being blocked from everywhere.
We ended up making this work. We removed the following IP addresses from the IP black list and the website works from our IP address again. These IP addresses appear to be CloudFlare's IP addresses. Does this mean Defender is not compatible with Cloudflare?