WordPress.org

Ready to get started?Download WordPress

Forums

All In One WP Security & Firewall
[resolved] Bad Query Strings funcrion breaks scripts (7 posts)

  1. Scolpy
    Member
    Posted 1 year ago #

    Hey,

    I found that the function "Bad Query Strings" under "Firewall" breaks scripts in some conditions.
    For example, if you'll use in the "Visual Composer" plugin you'll see that the plugin isn't work at all when this function is enabled(and also cause to the whole WordPress core to not such as the scripts that let you change editors between Visual to Text)

    http://wordpress.org/extend/plugins/all-in-one-wp-security-and-firewall/

  2. Peter Petreski
    Member
    Plugin Author

    Posted 1 year ago #

    Hi,
    I just wanted to clarify exactly what you mean -
    are you saying that when editing a post or page, you cannot change between the "Visual/Text" tabs when "Bad Query Strings" are enabled?

    If possible can you please provide any more info which may help us to reproduce this problem?

  3. Scolpy
    Member
    Posted 1 year ago #

    Indeed. but not in normal condition.
    I found this cause to break Visual Composer(premium plugin) and now I found that this also cause to break scripts in Social Stickers plugin, as I explained this issue here:
    http://wordpress.org/support/topic/the-plugin-break-the-widgets-scriptv202?replies=7

  4. mra13
    Member
    Plugin Author

    Posted 1 year ago #

    Those plugins are using query parameters that are in our bad query rules as *bad*. Obviously there is going to be the chance of some false positive, meaning those plugins are not doing anything wrong in this instance. But that doesn't mean we can just remove those rules because then that compromises the security on another site where the users are not using those plugins.

    If we remove those rules then there is no point of having that feature in the first place anyway. So instead of affecting everyone's site, it is best if you turn off the bad query rule firewall feature on your site.

  5. Scolpy
    Member
    Posted 1 year ago #

    I know that, but my question is if you can add some exclude list to this function?

  6. ramonjosegn
    Member
    Posted 1 year ago #

    I think the solution is the plugin should be working how Wordfence plugin, you only select a protection nivel (low, standard, high protection or atack protection) and the rules are automatically apply by the level of security selection

  7. mra13
    Member
    Plugin Author

    Posted 1 year ago #

    @Scolpy, adding exclude list is a good suggestion. We will keep that in mind.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic