Hi @jgold723, thanks for explaining the issue.
As it’s a small number of times in relation to the overall applications, it is possible that they may be trying to upload a filetype that isn’t accepted by your site believing it to be the jpg, pdf, or docx. If Wordfence is involved rather than the accepted filetype settings for your WordPress site, their attempts will be logged in?Live Traffic?around the time they contacted you. If there is a block, check the red block reason after expanding the entry with the eye icon in the corner.
You can filter Live Traffic by “Blocked” so it’s easier to find. You may find a specific firewall rule named after expanding the entry as the reason is shown in red text.
If the block?was?caused by a firewall rule and they were trying to upload an accepted file, there?have?been cases when customers needed to disable one related to uploads. There are usually 3 possible rules involved. “Malicious File Upload“, “Malicious File Upload (PHP)“, or “Malicious File Upload (Patterns)”. These rules can be found in?Wordfence > All Options > Firewall Options > Advanced Firewall Options > Rules, after expanding the list.
There are layers to how uploaded files are checked, so having to turn one of these rules off to fix your issue should still ensure malicious files are caught at a different stage of the checking process. Disabling/enabling them one-by-one can reveal exactly which one(s) can be permanently turned off to prevent the upload issue reoccurring for your users. If you have a copy of the files they were trying to upload it may make this testing more straightforward.
If you’re given another reason in Live Traffic for the blocks and aren’t sure how to rectify it, by all means paste the text here and we can try to help you out.
Thanks,
Peter.
