Hi @dubloons,
Thank you for reaching out to us.
It could be a firewall rule making the block, although I would expect these blocks and the reason for them to show in your Live Traffic feed. You could try checking this immediately after attempting another blocked upload, just so that it’s easier to find than previous cases.
I recommend you try Learning Mode first to tell the firewall to see this as a normal action. From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the upload process. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.
If learning mode doesn’t work, you may need to manually take action, there are usually 3 possible rules involved. “Malicious File Upload“, “Malicious File Upload (PHP)“, or “Malicious File Upload (Patterns)”. These rules can be found in Wordfence > All Options > Firewall Options > Advanced Firewall Options > Rules, after expanding the list. There are layers to how uploaded files are checked, so having to turn one of these rules off to fix your issue should still ensure malicious files are caught at a different stage of the checking process. Try disabling/enabling them one-by-one to see which one(s) can be permanently turned off to prevent the upload issue reoccurring for your users.
Let me know how it goes.
Thanks,
Janet.
