Wordfence CSS/Javascript inserted in front-end if logged in

Hi,

This is only loaded for admins, and is related to the new firewall — the ajaxWatcher script watches for ajax requests that are blocked by the firewall, so that you can see that something was blocked. Since various plugins use ajax on the front end, this helps if you have a plugin that triggers a false positive in the firewall, so that you can see it was blocked.

I’ve sent this on to the dev team, to possibly add a method to disable this if you don’t want to see if the firewall blocks ajax requests (reference number FB1870).

-Matt R

I actually also as admin don’t want a 7 years old outdated “ColorBox v1.3.19 – jQuery lightbox plugin” included to all front-end pages for some ajaxWatcher script, especially not if all Wordfence firewall settings are disabled.

Related problem: https://www.ads-software.com/support/topic/blank-popup-on-almost-all-the-pages

This was throwing issues on our site and affecting other jQuery.

I simply swapped out the jQuery ColourBox plugin that WordFence is loading for the most recent, using the wp_enqueue_scripts action hook:

// after all other scripts are queued (priority 11), run our own un-queue and re-queue
add_action( 'wp_enqueue_scripts', 'register_own_colorbox_script', 11 );

function register_own_colorbox_script(){
	// deregister WordFence's version
	wp_deregister_script('jquery.wfcolorbox');

	// register the up-to-date 1.6.4 version instead
	wp_enqueue_script('jquery.wfcolorbox', 'https://cdnjs.cloudflare.com/ajax/libs/jquery.colorbox/1.6.4/jquery.colorbox-min.js', array('jquery'), '1.6.4');
}

You might also want to queue the CSS for most recent ColorBox too.

Thanks for your feedback and update solution for Wordfence firewall enabled scenario.

As we don’t have Wordfence firewall enabled, we use the following code at the moment, it reverts Wordfence enqueueAJAXWatcher() function, no more unwanted scripts/styles in frontend:

function myWfDequeueAJAXWatcher() {
	wp_dequeue_script( 'wordfenceAJAXjs' );
	wp_dequeue_script( 'jquery.wfcolorbox' );
	wp_dequeue_style( 'wordfence-colorbox-style' );
}
add_action( 'wp_enqueue_scripts', 'myWfDequeueAJAXWatcher', 11 );

The whole enqueue should actually only happen if the Wordfence firewall feature is enabled, still considering current behaviour as a bug which should be fixed.

Another related problem: https://www.ads-software.com/support/topic/latest-update-broke-w3tc-js-minification-on-all-sites

I’d also consider it a bug.

I’m using another version of Colorbox in my theme and since Wordfence brings its own version, my complete JS breaks resulting in a unfunctional page for admins.

I will dequeue the scripts as well, as I can’t find any possibility to turn off the frontend scripts.

Thanks for the feedback — this will be changed in the next version.

A temporary fix to remove this from the front-end altogether is adding this to your functions.php file:

remove_action('wp_enqueue_scripts', 'wordfence::enqueueAJAXWatcher');

-Matt R

Hi all,

Wordfence 6.1.9 has been released, which includes an option to disable this feature, along with some other changes to prevent conflicts with other themes and plugins when it is enabled.

On the Firewall page, under “Monitor Background Requests for False Positives”, you can choose to disable this for the front end of the site, or the wp-admin section, or both.

-Matt R

Thanks Matt, I can confirm this has fixed colorbox problem for me, I have removed my deregistering of jquery.colorbox v1.3.19, and all is good.

This is with Monitor Background Requests for False Positives enabled for both front-end and admin side.

@wfmattr: As explained, we don’t have Wordfence firewall enabled. As the feature clearly is firewall related, please let us know if the feature will be disabled by default when upgrading to 6.1.9 or doing a fresh install with firewall disabled?

Yes, it is also automatically disabled if the firewall is disabled, now.

-Matt R

How can I remove all the rubbish inserted by Wordfence from the frontend, absolutely “dequeue” everything. Could someone please share the code for that? Thank you.