• Resolved agenziae20

    (@agenziae20)


    Hi,
    I use Fibosearch and everything was ok. I added a snippet to filter Fibosearch results and I think that it is blocked by Wordfence, because if your plugin is disabled the search works, if Wordfence is active the search keeps loading.
    I already tried to put WAF in learning mode and repeat the action but it still doesn’t work.
    Any other tip?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @agenziae20,

    When you speak about adding a snippet, is this from within the Fibosearch plugin’s feature set or adding code elsewhere manually, such as to your functions.php? I would usually expect Learning Mode to be effective when allowing actions you deem to be a false-positive, but without knowing where/how the snippet was added, whether this makes external requests etc. I can’t be sure right now.

    When the firewall blocks take place, do you see corresponding records at that time in your Live Traffic? If you do, clicking the “eye” icon to expand should show you an exact reason why Wordfence thought it was unsafe.

    If you could provide supporting information to me here (using a tool like Snipboard if you want to include screenshots), I might be able to see how we can set your installation of Wordfence to allow this going forward.

    Thanks,

    Peter.

    Thread Starter agenziae20

    (@agenziae20)

    Hi @wfpeter,

    thank you for your reply.

    Code snippet (extra code to filter the Fibosearch results, provided by the Fibosearch author) is manually added via Code Snippet plugin instead of modyfing functions.php.
    When testing on staging website (Wordfence inactive) it works as expected, but when testing on live website it doesn’t work.

    Test results on live website:
    1) Wordfence ON + WAF ON learning mode + Code Snippet ON -> no Fibosearch result is displayed, it keeps searching
    2) Wordfence ON + WAF OFF + Code Snippet ON -> no Fibosearch result is displayed, it keeps searching
    2) Wordfence OFF + Code Snippet ON -> Fibosearch results as expected (with extra filtering added by the code snippet)
    3) Wordfence ON + Code Snippet OFF -> Fibosearch results as plugin default (obviosly without extra filtering option, since the script is off)

    Check on Wordfence> Tools> Live Traffic> no event related to this actions is displayed

    So there is some sort of incompatibility between this extra code and Worfence, but Firewall doesn’t seem to get involved.

    Piece of code which seems to be involved is:

    add_filter( 'dgwt/wcas/scripts/custom_params', function ( $params ) {
    	$author = fibosearch_get_product_author();
    	$params['author'] = $author; 
    	return $params; 
    } ); 

    If I comment this piece of code and keep Wordfence ON I get no issue (but of course I got no extra filtration).

    The fibosearch_get_product_author() function is also called by an add_action but gives no issue.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @agenziae20, thanks for the large amount of detail and testing information you’ve provided there.

    There are some code snippet rules that can be toggled in the WAF but as your testing experiences the problems with this turned off, I don’t think that’s the issue.

    I’d try turning off the Wordfence option Prevent discovery of usernames through ‘/?author=N’ scans, the oEmbed API, the WordPress REST API, and WordPress XML Sitemaps next in Wordfence > All Options, and see if the snippet works then.

    Thanks again,

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘ajax search issue’ is closed to new replies.