False positive: Wordfence blocking legitimate customers from uploading files

  • Resolved Lukejmg

    (@lukejmg)


    1 year, 5 months ago

    Hello

    Wordfence is often blocking legitimate file uploads on our customer contact form. I’ve managed to replicate the problem myself.

    To try to fix it, I’ve enabled learning mode, uploaded some files, submitted the test contact form, then reverted to Enabled and Protecting.

    What else should I do, to allow legitimate customers to upload files (usually photos of trees), but block malicious file upload attempts? Are all files separately scanned by default for viruses/malware/etc, either by Wordfence, or some other protection?

    In the Live Feed, I can see the files that were ‘blocked by firewall for Malicious File Upload (PHP)?at?https://lgtrees.co.uk/wp-admin/admin-ajax.php?action=nf_fu_upload‘. Should I click the ‘add param to firewall allow list’ button? Or will that leave my site vulnerable to malicious file upload?

    Thanks

    Luke

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @lukejmg, thanks for reaching out!

    I would certainly recommend first trying the “Add Param…” button as this can sometimes be successful at permanently allowing uploads with specific POST/GET parameters from a specific script.

    However, because the block was caused by a firewall rule, there have been occasions when customers needed to disable one related to uploads to see results. There are usually 3 possible rules involved. “Malicious File Upload“, “Malicious File Upload (PHP)“, or “Malicious File Upload (Patterns)”. These rules can be found in Wordfence > All Options > Firewall Options > Advanced Firewall Options > Rules, after expanding the list.

    There are layers to how uploaded files are checked, so having to turn one of these rules off to fix your issue should still ensure malicious files are caught at a different stage of the checking process. I would try “Malicious File Upload (PHP)” first as you’ve seen it in your Live Traffic. However, disabling/enabling them one-by-one can reveal exactly which one(s) can be permanently turned off to prevent the upload issue reoccurring for your users.

    Thanks,
    Peter.

    Thread Starter Lukejmg

    (@lukejmg)

    Hello

    Thank you. I’ve disabled “Malicious File Upload (PHP)” as suggested and will monitor…

    Luke

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘False positive: Wordfence blocking legitimate customers from uploading files’ is closed to new replies.