Hi @sohaibwoof, thanks for your question.
It sounds like non-administrative users uploading files are being blocked by a firewall rule designed to protect your site from malicious files coming through this route. It is possible to check your Live Traffic page, filter by “Blocked” or “Blocked by Firewall” and see which rule caused the block on an attempted upload by clicking the entry (or “eye” icon) to expand it. Sometimes you are presented with a “ADD PARAM TO FIREWALL ALLOWLIST” button here that could solve the problem going forward.
To help you out if you need to manually take action, there are usually 3 possible rules involved, “Malicious File Upload“, “Malicious File Upload (PHP)“, or “Malicious File Upload (Patterns)”. These rules can be found in Wordfence > All Options > Firewall Options > Advanced Firewall Options > Rules. There are layers to how uploaded files are checked, so having to turn one of these rules off to fix your issue should still ensure malicious files are caught at a different stage of the checking process. Try disabling/enabling them one-by-one to see which one(s) can be permanently turned off to prevent the upload issue reoccurring for your users.
It is not uncommon for image, video, PDF or XML files to contain code that looks like PHP such as <? when looked at as a string, therefore triggering the above rule as they’re not meant to contain PHP.
I hope that helps you out!
Peter.
