Hi @alexd123, thanks for dropping us a message about this.
This doesn’t occur in all cases of PayPal being used on sites running Wordfence, but it does sound like something about the communication potentially caused a block due to a false-positive or the user may have been blocked for another reason.
If your Live Traffic logs go back to the date of their order, you can filter the results by “Blocked” or “Blocked by Firewall” in the dropdown box above the list, which should hopefully show occasions when communications for PayPal may have been blocked. You can click the “eye” icon to expand the entry and see the reason given for the block. You should be able to “ADD PARAM TO FIREWALL ALLOWLIST” using the button here to take manual action.
However, if the user was blocked for another reason such as brute force or rate limiting settings you may see evidence of this instead. If it seems likely that another user may get caught out by this again in future during the order process as it may cause them to hit your site a number of times in quick succession, then you could make the settings more lenient in Wordfence > All Options. Follow the links I’ve provided for more information on rate limiting and brute force settings.
Alternatively, if you can run a test transaction using PayPal’s dummy credit card numbers, you could put your site into Learning Mode.
From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform a purchase and checkout process through your site to mimic the action blocked for your customer. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test the process again to see if these actions work correctly.
I hope this helps you out!
Peter.
