CSRF Token not found After Updating Wordfence

  • Resolved ragzybwp73

    (@ragzyb)


    7 years, 9 months ago

    Ever since I updated wordfence to 6.3.2 all my sites are getting

    CSRF Token not found. Its possible another plugin is altering requests sent by the Cloudflare plugin.

    Whenever I make any change in the cloudflare plugin.

    I posted in the Wordfence forum and got this response from their team –

    3.) You can post on the CloudfFlare plugin forum asking them to change their getJSONBody() function to use $HTTP_RAW_POST_DATA and fall back to php://input if it’s empty, like WordPress does in their get_raw_data() function here:
    https://core.trac.www.ads-software.com/browser/tags/4.7.2/src/wp-includes/rest-api/class-wp-rest-server.php#L1261
    This would be a permanent solution for sites with older PHP versions, if they include it in their next plugin update.

    any chance you ppl can implement what they’re saying ? since a ton of people use this plugin along with wordfence. Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi,

    Unfortunately we can’t use $HTTP_RAW_POST_DATA because it was deprecated in PHP 5.6 and removed in PHP 7. It would break comparability with users running modern versions of PHP.

    The root issue is you have another plugin which is reading the POST data from php://input but not rewinding the buffer. Since requests made from our plugin should only be read by our plugin whatever plugin is doing this is behaving incorrectly. To determine which plugin is doing this you can deactivate them and re-enable them, trying the Cloudflare plugin each time. When the Cloudflare plugin stops working you know which plugin is causing the issue.

    We’ve also seen this with the Infinite WP plugin and are working with them on a fix.

    Thanks,
    John

    Thread Starter ragzybwp73

    (@ragzyb)

    so i just changed my php version from 5.4 to 5.6 and the problem has gone. thanks for you reply ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘CSRF Token not found After Updating Wordfence’ is closed to new replies.