Support » Plugin: All In One WP Security & Firewall » Bad Query Strings funcrion breaks scripts

  • Resolved Scolpy

    (@xxxyonixxx)


    Hey,

    I found that the function “Bad Query Strings” under “Firewall” breaks scripts in some conditions.
    For example, if you’ll use in the “Visual Composer” plugin you’ll see that the plugin isn’t work at all when this function is enabled(and also cause to the whole WordPress core to not such as the scripts that let you change editors between Visual to Text)

    http://wordpress.org/extend/plugins/all-in-one-wp-security-and-firewall/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor Peter Petreski

    (@peter-petreski)

    Hi,
    I just wanted to clarify exactly what you mean –
    are you saying that when editing a post or page, you cannot change between the “Visual/Text” tabs when “Bad Query Strings” are enabled?

    If possible can you please provide any more info which may help us to reproduce this problem?

    Indeed. but not in normal condition.
    I found this cause to break Visual Composer(premium plugin) and now I found that this also cause to break scripts in Social Stickers plugin, as I explained this issue here:
    http://wordpress.org/support/topic/the-plugin-break-the-widgets-scriptv202?replies=7

    Plugin Author mra13

    (@mra13)

    Those plugins are using query parameters that are in our bad query rules as *bad*. Obviously there is going to be the chance of some false positive, meaning those plugins are not doing anything wrong in this instance. But that doesn’t mean we can just remove those rules because then that compromises the security on another site where the users are not using those plugins.

    If we remove those rules then there is no point of having that feature in the first place anyway. So instead of affecting everyone’s site, it is best if you turn off the bad query rule firewall feature on your site.

    I know that, but my question is if you can add some exclude list to this function?

    I think the solution is the plugin should be working how Wordfence plugin, you only select a protection nivel (low, standard, high protection or atack protection) and the rules are automatically apply by the level of security selection

    Plugin Author mra13

    (@mra13)

    @Scolpy, adding exclude list is a good suggestion. We will keep that in mind.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Bad Query Strings funcrion breaks scripts’ is closed to new replies.