Wordfence Malicious File Upload FALSE POSITIVE

  • Resolved claudioelbrites

    (@claudioelbrites)


    3 years, 9 months ago

    Hi, all of a sudden, Wordfence doesn’t allow me to upload images as a Shop Manager, only as an Admin. Disabling Wordfence, or just it’s “Malicious File Upload (PHP)” rule, makes it all ok… but that is a dangerous move. Is there a solution?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @claudioelbrites, thanks for your question and I’m sorry to see you’re having problems with this.

    It sounds to me like a possible case for Learning Mode to show that the upload is available for a user with a lower-level user account on your site.

    From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now sign in as a Shop Manager and perform the upload action(s) that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, sign in as an admin again and switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions as Shop Managers work correctly.

    WordPress itself can have the ability to restrict uploads to certain user levels, so if the above doesn’t work, let me know and we may be looking at a general WordPress permission that needs to be changed.

    Thanks,

    Peter.

    Thread Starter claudioelbrites

    (@claudioelbrites)

    That should work fine, but I ended up doing something similar by going on Live Traffic, search for that specific Blocked Activity and then “add param to firewall whitelist”. Everything is fine now. Thank you so much for your fast support!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Wordfence Malicious File Upload FALSE POSITIVE’ is closed to new replies.