Hi @sgtjd2, thanks for dropping us a message.
If it’s been more than 7 days since Wordfence was installed, Learning Mode may not have caught this, so it’s worth trying first. From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.
If you want non-administrators to upload files as part of this plugin or you’re still having problems, try turning off the “Malicious File Upload“, “Malicious File Upload (PHP)“, or “Malicious File Upload (Patterns)” firewall rules one-by-one found in Wordfence > All Options > Firewall Options > Advanced Firewall Options > Rules. There are layers to how uploaded files are checked, so having to turn one of these rules off to fix your issue should still ensure malicious files are caught at a different stage of the checking process.
It is not uncommon for image, video, PDF or XML files to contain code that looks like PHP such as <? when looked at as a string, therefore triggering the above rule as they’re not meant to contain PHP.
Let me know how you get on!
Peter.
