Wordfence is blocking submissions on Gravity Forms

Hello @f_vincent and thanks for reaching out to us!

When someone clicks the submit button on the form, are you seeing a block in Tools > Live Traffic? If so, you can click the block directly from Live Traffic and whitelist the action. If not, you could try Learning Mode as well.

From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.

https://www.wordfence.com/help/firewall/learning-mode/ is an amazing resource for learning more about the WAF and learning mode.

Let me know if this helps!

Thanks!

We had this happen today as well (gravity form), and WF blocked it as potential XSS. Like I suspected, we cleaned up the text by transferring to notepad++ and back to the form and it submitted with no problem. Glad to see that we can track the problem down to a specific form field.

Are there particular characters added by Word (and maybe others) that you find trigger WF blocks or warnings? esp. XSS?

Thank you for your clarification. It is very helpful.
I tried doing as Thomasakirk did, copying from notepad, but it didn′t help. I am wondering if it may be due to the amount of text being submitted on a given field? The field that triggered it has the most text.
This is what I get from wordfence live traffic logs:
“blocked by firewall for SQL Injection in POST body: input_55=My%20life%20has%20been%20a%20path%20of%20healing%20and%20growth%2C%20a%20spiritual%20adventure.%20%2…

Hello @f_vincent and @thomasakirk

I usually see a SQL injection block in a form when it contains a special character like < > @ $ %. When you see this block, are these characters often involved in the form? If you need to, you should be able to whitelist these actions.

Let me know if this helps!

Thanks!

I don’t see these specific characters on the logs for this block. But this is good helpful info to have. Thank you.

If you want to @f_vincent you can send the logs over to wftest @ wordfence . com and I will review them. Just make sure to put your forum user name in the subject line so I can find it.

I have seen this before with form posts though since it’s giving the user an option to insert possible code. If Wordfence sees something that could possibly be malicious in the form, it will block it. You can set whitelist parameters to force this not to happen in the future, but I don’t recommend it.

Thanks!