Wordfence in root domain prevents certain actions in subdomain

  • Resolved djbaxter

    (@djbaxter)


    7 years ago

    I have a WordPress site at https://www.psychlinks.ca with Wordfence running.

    I have a vBulletin 4.2.5 forum running as a subdomain at https://forum.psychlinks.ca

    From time to time, when doing upgrades on the subdomain, I get an error from Wordfence indicating that “A potentially unsafe operation has been detected in your request to this site.” The only way I have found to remedy that is to disable or deactivate Wordfence in the root domain to complete my modification and then turn Wordfence back on.

    Since your last update, the problem has become worse. Now a trustworthy forum member informs me that he was prevented from posting something fairly innocuous (no attachments or anything) with that same Wordfence error, although when he reposted a shorter version it went through.

    SO how do I restrict the Wordfence protection to just the root domain and ensure that Wordrence leaves my forum in the subdomain alone?

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • wfyann

    (@wfyann)

    Hi @djbaxter,

    Please try and temporarily switch the Firewall Status to “Learning Mode“.

    Once your users have used all of the features of the site while in Learning Mode, you can go to the Firewall Options page on the Wordfence menu and change the Firewall Status to “Enabled and Protecting”.

    Thread Starter djbaxter

    (@djbaxter)

    But neither site is new. The forum has been there in that subdomain for 14 years and the main site was converted from html to WordPress in 2015. This is an ongoing issue.

    But I’ll try your suggestion.

    Will learning mode monitor activities on the two sites and sort of “whitelist” or exclude them?

    wfyann

    (@wfyann)

    Hi @djbaxter,

    It could be that the latest version now considers a specific operation as potentially unsafe when it used not to; or a code change somewhere has introduced that operation.

    What you could do if you wish to force Wordfence to completely ignore what happens in that subdomain is to place a “.user.ini” file with “auto_prepend_file = none” in the said subdomain.

    For information, this topic discusses a similar question.

    Let me know if that helps.

    Thread Starter djbaxter

    (@djbaxter)

    should the filename be .user.ini or user.ini ?

    wfyann

    (@wfyann)

    Hi @djbaxter,

    The filename be .user.ini.

    It can be confirmed by checking the “user_ini.filename” directive on the Wordfence System Info page:

    • Go to the Wordfence Tools page
    • Click the Diagnostics tab
    • In the Other Tests section (bottom of the page), click the link that reads “Click to view your system’s configuration in a new window“
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Wordfence in root domain prevents certain actions in subdomain’ is closed to new replies.