CSP

  • Resolved refuge77

    (@refuge77)


    4 months ago

    Hello,

    I am currently dealing with a Content Security Policy (CSP) violation on my WordPress website. The CSP is preventing the evaluation of arbitrary strings as JavaScript, and I have received an error message indicating that certain functions like eval() and new Function() are restricted.

    I have installed security plugins such as WP Content Security Policy, SiteGround Security and Speed Optimizer, and Query Monitor to monitor and address security issues on my site. Despite these measures, I am still encountering CSP violations.

    I wanted to know if this is a issue the Wordfence issue can resolve?

    Thank you in advance for your assistance.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @refuge77,

    Wordfence does not control CSP so the HTTP headers for your site normally dictate the policy rules – maybe through a plugin as you mention above. With some scripts coming from CDNs or hosted on third-party domains, it may be difficult to get right without something going wrong in WordPress or a plugin/theme.

    If you see Wordfence actively blocking something in the?Live Traffic?page?that one of your CSP (or other) plugins is attempting, you should be able to allow them manually on that page or activate Learning Mode. Both methods are explained here: https://www.wordfence.com/help/firewall/learning-mode/

    Otherwise, if you observe rules showing up in your browser console, this site could help as you can drill down into directives to check for why something may be causing an issue on your site: https://content-security-policy.com

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.