Wordfence preventing BuddyBoss photo uploads

I should also mention that in the whitelists, the actions are all:

/wp-admin/admin-ajax.php (URL) and request.body[media][0][thumb] for param, and some of the params have numbers from 1-5, like this: request.body[media][3][thumb]. This is the same for every user. 

There are also URL params as well, like this: /wp-admin/admin-ajax.php, request.body[media][2][url].

It also looks like there are some other behaviors that were whitelisted that I'm concerned may not be after we lift the learning mode, like this: /forums/topic/introduce-yourself-here/	request.body[bbp_media], and /forums/reply/3591/edit/	request.body[bbp_reply_content]

Hi @cowbelly, thanks for getting in touch!

I believe the blocks are being triggered by the Wordfence > All Options > Firewall Options > Advanced Firewall Options > Rules > Malicious File Upload (PHP) rule. You can turn this off, or alternatively if you’re able to update your hosting environment to PHP8 without any knock-on effects such as other plugins on your site breaking, we recently made some improvements to this rule when running PHP8.

Another rule titled “Malicious File Upload (Patterns)” will actually check the file contents rather than just whether a filetype/extension may be misrepresented, so leaving this turned on, even if you had to turn the first off will provide you with a solid level of protection going forward.

Thanks,

Peter.

Peter- thank you so much! Turning off Malicious File Upload (PHP) did the trick!

Question: What’s the difference between Malicious File Upload and Malicious File Upload (PHP) in terms of what they look for?

I’ll take a look at my plugins and see if I think I can safely upgrade from PHP 7.4 to 8.

I really appreciate the help. This is a photography community, so members not being able to upload photos was kind of a problem, lol.

Big relief to know the site is protected and members can upload photos.

Thanks again!!

Hi @cowbelly,

I’m really pleased that worked for you! The (PHP) rule checks for misrepresented file names that contain PHP code, so a *.jpg (image) file that’s actually containing PHP. This is a good first defence but needing to turn this off due to false-positives shouldn’t be a huge issue as the (Patterns) rule checks whether the code itself is dangerous.

If you have any further Wordfence questions in future by all means start a new topic and we’ll always be glad to help out!

Peter.

Ok great, thanks so much for explaining it Peter! I appreciate it! Keep up the great work.

Unfortunately I just discovered that Wordfence is now preventing users from attaching any photos to forum posts in BuddyBoss.

I tried toggling file_upload off, but that didn’t fix it. I tried using an admin account and also a user account and had the same problem. I tried whitelisting it the first time it happened, and that fixed it, but then it occurred again on a different forum thread. So my guess is that the whitelist is for that unique forum thread only.

I also looked in the network panel in Chrome developer tools while performing the action and took a screen shot but I’m not clear on what I’m seeing. There is a red 403 for VM843:1 type:xhr when the Wordfence error pops up.

The path is /forums/topic/topic_name/?bbp-ajax=true, with the ‘topic_name’ being different/unique for every forum post of course.

Thoughts on how we can whitelist this for all forum threads?