Jamie

Unfortunately I just discovered that Wordfence is now preventing users from attaching any photos to forum posts in BuddyBoss.

I tried toggling file_upload off, but that didn’t fix it. I tried using an admin account and also a user account and had the same problem. I tried whitelisting it the first time it happened, and that fixed it, but then it occurred again on a different forum thread. So my guess is that the whitelist is for that unique forum thread only.

I also looked in the network panel in Chrome developer tools while performing the action and took a screen shot but I’m not clear on what I’m seeing. There is a red 403 for VM843:1 type:xhr when the Wordfence error pops up.

The path is /forums/topic/topic_name/?bbp-ajax=true, with the ‘topic_name’ being different/unique for every forum post of course.

Thoughts on how we can whitelist this for all forum threads?

Ok great, thanks so much for explaining it Peter! I appreciate it! Keep up the great work.

Peter- thank you so much! Turning off Malicious File Upload (PHP) did the trick!

Question: What’s the difference between Malicious File Upload and Malicious File Upload (PHP) in terms of what they look for?

I’ll take a look at my plugins and see if I think I can safely upgrade from PHP 7.4 to 8.

I really appreciate the help. This is a photography community, so members not being able to upload photos was kind of a problem, lol.

Big relief to know the site is protected and members can upload photos.

Thanks again!!

I should also mention that in the whitelists, the actions are all:

/wp-admin/admin-ajax.php (URL) and request.body[media][0][thumb] for param, and some of the params have numbers from 1-5, like this: request.body[media][3][thumb]. This is the same for every user. 

There are also URL params as well, like this: /wp-admin/admin-ajax.php, request.body[media][2][url].

It also looks like there are some other behaviors that were whitelisted that I'm concerned may not be after we lift the learning mode, like this: /forums/topic/introduce-yourself-here/	request.body[bbp_media], and /forums/reply/3591/edit/	request.body[bbp_reply_content]

Thanks Erica.

Unfortunately the temporary fix you suggested did not work for me.

I also see that today’s update didn’t include a fix, despite this being an issue for over 4 months.

It looks like a really great plugin, but I’ll need to explore other options at this point as we promised our paying users events over a month ago.

Best wishes on ultimately finding a fix.

Also wanted to mention that with the plugin enabled it slowed both the admin and frontend way down. Even with the google maps integration unchecked. Feeling very relieved to see my gtmetrix score come back up, ha ha.

The Events Calendar looks like a fantastic plugin, and I hope you guys are able to sort out a fix that works with these servers!

Following.

I have the same issue. The site is hosted at cloudways / vultr hf. Also have Redis and Varnish installed and running, along with the Breeze plugin.

I removed that piece of code that Erica mentioned and the site immediately threw a critical error whitepage at me.

Disabling the plugin and removing links to event pages from the menu until it plays nicely with vultr hf.

Ah, I see that now! Thank you.

I just installed the regular gamipress plugin on that subdomain and all is good. (I was doing too much switching back and forth between domain and subdomains, lol.)

It would be great if this would create an error message telling the user that the parent plugin is not installed on the domain and needs to be installed first. Something to add to the future roadmap perhaps?

Thanks for your speedy help! Appreciate it!

What’s your preferred SEO plugin?

We use RankMath, and after reading your comment I’m so hoping they are the developers you are talking about.

Same exact issue. 500+ errors in Google Search Console using the custom license setting. Google doesn’t like this inserted into the licensing field of every photo on the site: “https://custom”.

This plugin seems to only be valid for creative commons images/licenses. It’s so close, yet so far. Oh how I would love for this to work. Even if it was a premium plugin, I would pay for it if it worked!

I just discovered the same issue. 400+ errors in console for our photography website. Did you find a solution?

My guess is there isn’t anything we can do about it, because the plugin doesn’t allow us any way to *define* the custom license, or point it to a separate page. So therefore Google has no idea what we are trying to tell it.

Ok thank you, message sent.

I had the exact same experience!

I learned the hard way that this plugin will double or even triple the images in size! Doesn’t matter if it’s a jpg or png, if it’s already optimized off WordPress, the Normal setting will make it *bigger*.

Boggles my mind how this would even be possible with an image ‘compression’ plugin.

Something is definitely wrong with this plugin. Makes me wonder if the people leaving good reviews are even looking at whether or not it’s even working.

I had the same paltry performance results when trying to optimize images with this plugin.

I have 160+ mbs download speeds and 20mb+ upload speeds, so absolutely no reason why it should take this long. Just compressing a single image took minutes.

Totally inexcusable for any modern image compression plugin.

We are having the same problem on all of our sites. The warning is there even though the sites are all running 5.3.