jQuery File Upload

Hi @evolutionaryit,

The best way would be to immediately apply the patch to server/php/index.php:

https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f#diff-996c857e3951bd17f2fb03545fcae449

However, Wordfence does have an option to disable code execution for uploaded files.

Navigate to Wordfence -> All Options -> General Wordfence Options -> Disable Code Execution for Uploads directory, and make sure that it is checked.

https://www.wordfence.com/help/dashboard/options/#exec-uploads

Note that this will still allow users to upload non-image files, but the uploaded files cannot be executed as code on the server.

I would highly recommend applying the patch the author published on Github.

Dave

Hi @evolutionaryit,

We haven’t heard back from you in a while. I’ve gone ahead and marked this thread as resolved.

if you are still having issues with Wordfence, feel free to open a new thread.

Thanks!