Blocked Plugin (Fancy Product Designer): “A potentially unsafe operation…”

  • Resolved seangruenboeck

    (@seangruenboeck)


    4 years, 1 month ago

    Hi.

    I’m using “Fancy Product Designer” a Plugin with which you can create your own designed products. When I create a product with that (upload images etc.) and then add it to the cart, I get the error “A potentially unsafe operation has been detected in your request to this site” from WordFence.

    In the “Live Traffic” screen the request doesn’t show up as blocked, but as a normal/allowed “human” request – so I can’t unblock it.

    In the Allowlisted URLs section I see one of my products whitelisted (from learning mode) with three different requests to the same URL… I tried adding my product manually, creating the same requests / params … but I can’t add the “server.empty” param.
    And also I would have to add every product URL, which is a drag, since there are many.
    Is there some way to whitelist that one plugin, without doing all the URLs?
    Or are there better settings for that in the paid version of WordFence?


    The Whitelisted URLs from Learning mode have the params:
    request.body[fpd_product]
    server.empty
    request.body[fpd_print_order]

    Thanks,
    Sean.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @seangruenboeck, thanks for getting in touch with us.

    When a request to a potentially unsafe script or background request is blocked, you should be presented with an, “Add action to allowlist” button where you can manually insert the params to the allowlist based on the request currently being disallowed. It will then appear in the section you mention (Wordfence > All Options > Allowlisted URLs)

    The previous requests that were allowed through Learning Mode may have been during the initial 7 days after Wordfence is installed when Learning Mode is turned on by default. After this time, it does need to be turned on manually in Basic Firewall Options > Web Application Firewall Status and then turned off once you have tried to perform the actions currently causing trouble. Can I confirm if you have been doing this without success?

    Failing either of the above, the server.empty param you have added may not be in the correct format if it appears in the query string rather than the request body, for example. Do you have a copy of the message where you obtained this information so that I can see if your manual allowlist entry needs to be changed?

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Blocked Plugin (Fancy Product Designer): “A potentially unsafe operation…”’ is closed to new replies.