Hi @ventio
Thanks for reaching out!
Can you please send us the screenshot from Wordfence Live traffic of this word being blocked?
Thanks,
Joshua
Thread Starter
ventio
(@ventio)
Hi @ventio
It looks like its actually getting blocked for being an alleged Cross Site Scripting attack.
Are these users uploading any files?
Please let me know!
Thanks,
Joshua
Thread Starter
ventio
(@ventio)
they can upload files but that only happens when they use the “Data” text.
“Data” in Polish means date, so it’s a pretty common word.
How can I fix the problem?
Hi @ventio
You can disable XSS (Cross-Site Scripting) and this will stop this from being blocked!
I hope this helps!
Thanks,
Joshua
Thread Starter
ventio
(@ventio)
yes it helps. However, I’m afraid that disabling this feature will make my site vulnerable to other XSS attacks. Is there any other solution? Is it possible to enter an exclusion for this particular case?
Hi @ventio
Due to how form submission plugins work, and how we check for XSS attacks, its not possible to keep it enabled and not have this happen.
You can only allowlist IP addresses and not phrases.
I hope this helps to clarify.
Thanks,
Joshua