TranslatePress blocked?

  • Resolved Starhorsepax2

    (@starhorsepax2)


    6 months ago

    I am seeing this lots of times in the log: blocked by firewall for XSS: Cross Site Scripting in POST body: originals=%5B%22Cancel%22%2C%22Close%22%2C%22Next%22%2C%22Previous%22%2C%22javascript%3A%3B%22%2C%22javascript

    I can’t even go to the selected page MYSELF and whitelisting does nothing. I shall ask that plugin too but this apparently just started, though they have had it in the past. I do think its slowing down the site and these seem to be legitimate requests (some are coming direct from google) and the plugin does rely on their API.

    Any suggestions?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @starhorsepax2, thanks for reaching out about this.

    I don’t see any recent cases internally of specific issues or general incompatibility with TranslatePress, so would recommend at this point trying to trigger this page/script with Learning Mode enabled or by allowlisting from the Live Traffic log entries you’re seeing directly.

    https://www.wordfence.com/help/firewall/learning-mode/ will assist you in the first part and also includes the method for allowing blocked action(s) from your Live Traffic page manually.

    Let us know if those don’t seem to help,
    Peter.

    Thread Starter Starhorsepax2

    (@starhorsepax2)

    I did allow whitelisting and it didn’t seem to DO anything. Is there anywhere I can see the whitelist parameters? Do you mean from the front end? It didn’t do anything from the backend list.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @starhorsepax2,

    The learned rules can be seen in the table at Wordfence > All Options > Allowlisted URLs. They can be enabled/disabled or deleted, but not modified once added. We have noticed some issues can arise if plugins are sending unique parameters with each request.

    You can add your own rules manually here too from the POST body (or querystring etc.) you’re seeing when inspecting the payload sent from a plugin/action, but this does require getting the precise value(s) correct.

    Let us know if you find anything out about what the plugin has been allowlisting and how this may differ from what you need,
    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘TranslatePress blocked?’ is closed to new replies.