Wordfence is preventing us from saving theme changes.

  • Resolved Microsmith

    (@microsmith)


    5 years, 7 months ago

    Hi Guys.
    We are using Nicepage to generate our theme. whenever we save the changes, it errors out. i noticed that Wordfence is picking it up and blocking something somewhere. as a test i whitelisted our Ip in the firewall options. When whitelisted, everything works ok. so i headed to live traffic to see what was getting blocked. i found the following…

    https://hidden.hidden/edit.php?post_type=page&ver=1563827210136&page=np_app and was blocked by firewall for XSS: Cross Site Scripting in POST body: data=%3Clink%20id%3D%22u-google-font%22%20rel%3D%22stylesheet%22%20href%3D%22https%3A%2F%2Ffonts.googleap… at https://hidden.hidden/admin-ajax.php?action=np_save_page”

    As a test again, i removed my Ip from the whitelist and attempted to save the theme changes, and the exact same error above came up.

    I’ve clicked ‘whitelist param from firewall’ the rules goes into Whitelisted URLs list, Ive then attempt to save the theme changes again, but it still errors out. the only change is that live traffic wont log the block, unless i remove the param from the firewalls whitelist.

    Can you help?

    Mike.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)

  • Hi @microsmith,

    Do you have any caching plugins such as WP Super Cache?

    Can you try these steps?

    1. Click on Whitelist param from firewall again
    2. Clear any cache you have (within your caching plugin)
    3. Try saving the theme again

    Dave

    Thread Starter Microsmith

    (@microsmith)

    Hi Dave.
    Thanks for your advice. we dont use WP Super Cache, but i have just installed it so i could try your steps. unfortunately, it hasn’t made any difference. We do run our site through Cloudflare, so i have just headed over then and purged the cache and retested. i also put Cloudflare into Dev. Mode to see if that helped, but sadly, still the same.

    Appreciate your help on this

    Mike.

    What’s interesting is that the live traffic is reporting that you’re not being blocked (after you whitelist the URL).

    Can you try this?

    1. Go into Wordfence -> Firewall -> All Firewall Options
    2. Change Web Application Firewall Status to Learning Mode
    3. Save Changes, and try changing the theme again

    Dave

    Thread Starter Microsmith

    (@microsmith)

    That worked a treat! Thanks Dave. ??

    To confirm, i put it into learning mode, made changes to my theme, saved, (it did) reloaded the page, deleted the changes i just made, saved again, and it did.

    I checked the whitelisted URl list before i did this, and checked again after.. the following were added during learning mode..

    admin-ajax.php request.body[data][publishHtml] whitelisted while in Learning Mode.
    admin-ajax.php request.body[data][head] Whitelisted while in Learning Mode.
    admin-ajax.php request.body[data][publishNicePageCss] Whitelisted while in Learning Mode.
    admin-ajax.php request.body[settings] Whitelisted while in Learning Mode.
    admin-ajax.php request.body[description] Whitelisted while in Learning Mode.

    Many thanks for your help Dave ??

    It looks good!

    Afterwards, make sure you re-enable your firewall (this will disable Learning Mode).

    Dave

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Wordfence is preventing us from saving theme changes.’ is closed to new replies.