Google Tag manager blocked for XSS

  • Resolved alicat72

    (@alicat72)


    3 years, 4 months ago

    I’m having and issue in one of my sites.

    In my emailed WordFence activity report, I am get the following error:
    Blocked for XSS: Cross Site Scripting in POST body: customized = {“astra-settings[hook-wp-head]”:”<!– Google Tag Manager –>…

    I use GTM implemented using Astra hooks.
    Could you please advise how to correct.
    Thank you.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @alicat72, thanks for reaching out to us.

    I expect the Astra Hooks plugin may be triggering a false-positive somewhere, is accessing a script in the background that it hasn’t before, or has changed sufficiently for Wordfence to consider it suspicious. As long as you’re not getting other scan warnings about your plugin files being changed, try enabling Learning Mode.

    From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions, such as page loads where GTM is due to load, that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly under normal circumstances.

    Let me know how you get on!

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Google Tag manager blocked for XSS’ is closed to new replies.

Tags