Wordfence and CiviCRM

  • Resolved Ben

    (@benrfairless)


    2 years, 7 months ago

    While using CiviCRM, we have been noticing weird error messages, mostly when it comes to auto-saving emails and doing things with HTML.

    When I look in the Developer tools, I notice that the request CiviCRM is sending in the background is getting a 403 error, which is Wordfence saying that a request is potentially high risk.

    Is there a way to whitelist CiviCRM in Wordfence or at least update the definitions to prevent these sort of issues? I have put the WAF into learning mode but we get so many alerts from Wordfence I’m nervous about the website security as a result of this change.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @benrfairless,

    Learning Mode is usually turned on by default for the first seven days after Wordfence is installed so that it can learn normal operations on your site without coming up with too many false-positives. Therefore, if you wish to undergo a period of testing where you enable Learning Mode and click through normal operations on the CiviCRM plugin to teach Wordfence editing HTML etc. is normal, you can certainly do so. Just make sure to change it back to “Enabled and Protecting” afterwards.

    You will still be protected by our extensive IP blocklists, brute force and rate-limiting protection during this time in Learning Mode but naturally we don’t recommend that it’s turned on indefinitely. If you have recently upgraded to PHP8, we have noticed an increase in sensitivity to false-positives, so as PHP7.4 will still be fully security supported until November 2022 it is safe to roll back for now if you’re experiencing too many issues that didn’t occur before. Also make sure all of your plugin versions are fully up-to-date.

    https://www.wordfence.com/help/firewall/learning-mode/ is an amazing resource for learning more about the WAF and learning mode.

    Let me know how you get on!

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Wordfence and CiviCRM’ is closed to new replies.