Wordfence blocks Git Updater plugin

  • Resolved Alec Rust

    (@alecrust)


    2 years, 10 months ago

    When my Wordfence Firewall is in “Learning Mode”, I am able to use the Git Updater plugin i.e. it fetches from GitHub API and installs a new version of a theme.

    However when Wordfence Firewall is switched to “Enabled and Protecting” I get errors in the Git Updater plugin.

    This repository has not connected to the API or was unable to connect.

    This is quite a popular plugin, are you able to add support for it?

    Failing that, perhaps I can manually allow this somehow? I don’t see it showing in the “Current blocks” list though, and I assumed “Learning Mode” was designed to prevent issues exactly like this.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @alecrust,

    You should be able to allowlist the action from Live Traffic as Learning Mode wouldn’t allowlist it due to a past issue with Freemius, which Git Updater uses. We had written a firewall rule to combat potential problems for our customers running unpatched plugin versions at that time.

    So long as you’ve updated to the latest version of Git Updater on your site (which is now patched), you can disable the Freemius <= 2.4.3 Missing Authorization on AJAX actions rule that appears on Wordfence > All Options > Advanced Firewall Options > Rules. Click “SHOW ALL RULES” to find it.

    That should help you out in this case,

    Peter.

    Thread Starter Alec Rust

    (@alecrust)

    Thanks @wfpeter.

    I’m running the latest version of Git Updater, 11.0.2.

    After switching off the following rule:

    insufficient-auth Freemius <= 2.4.3 Missing Authorization on AJAX actions

    Sadly Git Updater still fails to connect to GitHub to fetch the latest version of a theme.

    I’m unable to see which action to allow via Live Traffic, they all seem to be bot requests for wp-login.php.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @alecrust,

    Sorry to hear that turning off the rule didn’t seem to help. You can filter Live Traffic results by “Blocked” or “Blocked by Firewall” in the dropdown box above the list, which should hopefully show occasions when communications for Git Updater may have been blocked. You can click the “eye” icon to expand the entry and see the reason given for the block. You should be able to “ADD PARAM TO FIREWALL ALLOWLIST” using the button here to take manual action.

    It may be an idea to disable Learning Mode and test some actions from Git Updater again to get further entries in Live Traffic just in case they’re being suppressed but not permanently added to the allowlist automatically.

    Thanks again,

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Wordfence blocks Git Updater plugin’ is closed to new replies.