Woocommerce PDF Product Voucher query

  • Resolved gvnet

    (@gvnet)


    3 months, 2 weeks ago

    Hi,

    Looking at the docs here: https://woocommerce.com/document/woocommerce-pdf-product-vouchers/#section-22, it says:

    Security plugins: PDF Product Vouchers must access the HTML generated for each voucher to convert it to a PDF. Some security plugins, like WordFence or iThemes Security, can block this and should be disabled or reconfigured to permit this access.

    As I am considering purchasing the Woocommerce PDF Product Vouchers plugin and I use Wordfence already, is there a Wordfence setting that can be changed that would allow PDF vouchers to be generated?

    Many thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfmargaret

    (@wfmargaret)

    Hi @gvnet,

    Wordfence can sometimes see legitimate plugin requests as being potentially malicious and block them. ?You can either add these requests to the allowlist via the?Learning Mode?feature or from the?Tools?>?Live Traffic?tool page. ?Both allowlisting methods are described in our instructions in the link below:

    https://www.wordfence.com/help/firewall/learning-mode/

    Once the action is allowlisted, it will no longer be blocked by Wordfence in the future.

    Thanks,
    Margaret

    Plugin Support wfmargaret

    (@wfmargaret)

    Hi @gvnet,

    I want to add a bit more context. With paid plugins or paid extensions for plugins, they may be untested internally unless we’ve specifically been given access to a copy. So with that said I can’t absolutely guarantee compatibility, but we have noticed some details in the documentation you provided.

    It mentions “Loopback connects – required to generate voucher PDFs, as the plugin must retrieve the HTML for each voucher on that page”. Wordfence also requires a loopback connection so if Wordfence > Tools > Diagnostics > Connecting back to this site is reporting a green “OK“, the server isn’t going to be stopped from doing this.

    Retrieving HTML” shouldn’t normally be blocked, unless the browser sends HTML that includes scripts or styles and looks like an XSS request. In a case such as that, you may need to use Live Traffic or Learning Mode to allowlist the action inside Wordfence.

    Please let me know if you have any other questions or concerns!

    Thanks,
    Margaret

    Thread Starter gvnet

    (@gvnet)

    Hi Margaret,

    Thank you for your excellent responses; very comprehensive and useful.

    Many thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.