Support » Plugin: Wordfence Security - Firewall & Malware Scan » Gutenberg blocked by WordFence

  • Resolved raboodesign


    I get the following warning when trying to safe a page using gutenberg version 3.4 on WordPress 4.9.8:

    403 Forbidden
    A potentially unsafe operation has been detected in your request to this site.

    The WordPress team via github says that the REST API is blocked by the security plugin (in this case wordfence) and that these measures are exagerated.
    See thread:
    I’m using WF Version 7.1.10. How can I get access to gutenberg while keeping the site safe?
    Thank you.

Viewing 14 replies - 1 through 14 (of 14 total)
  • I just tried Gutenberg on one of my lesser traffic website. What a joke. I just get a blank white screen when I try to edit or create a post. Last thing I have time for is to trouble shoot a “feature” I don’t even need. Doing so would take me hours, perhaps days. If Gutenberg is anything like the WordPress intro page for the “feature,” run don’t walk away from it. The intro page has so much white space I got a wrist condition trying to scroll through it all. And then there are the weird “blocks.” Apparently this is more of the WordPress development community ignoring important issues such as security, and coming up with things we don’t need. The arrogant name should be a clue. Gutenberg? Shmutenberg. Hello Dolly! MTN

    @mountainguy2, although I fully understand your feelings, this is not the place to vent them. I just want to test gutenberg to see whether my plugin works on it or not, but for some reason WordFence blocks saving.

    Sorry about that. Well, in a more practical sense, indeed, you’re running up against the problem of plugin priority. Stating the obvious I know, but worth repeating that sometimes one has to choose between plugins and features, they don’t all work together, and sometimes take excessive time to debug. MTN

    Yes, that is why I’m here asking support. 🙂
    I think your problem with gutenberg has to do with the theme not being compatible (which is logical because gutenberg isn’t even officially out yet.
    Anyway, I tested gutenberg on another server just now and it works fine, but on shared hosting with a number of add-on domains it doesn’t work. The WF plugin blocks other websites from performing certain actions, even with “Scan content outside WordPress” disabled.
    As this sort of setup is common with shared hosting, I think WordFence needs to clear this up. Unless they want me to move to another security plugin, of course. 🙂

    Yeah, I use a stripped down bandwidth optimized custom theme. It probably needs something in there specifically for Gutenberg. But I’d probably test for a plugin conflict first, by doing the old routine of disabling all plugins then adding back one by one. As always, if Gutenberg has something essential, I’ll put in the time… but I doubt it. MTN

    There is nothing essential about gutenberg, no. It is meant for non-technical people but count on it that many folks are going to use it because it’s hyped all over the place, even by people who should know better.
    Sigh… the burden of being dependent on a system controlled by somebody else.

    Hi @raboodesign

    I’ve tried to reproduce this issue with the most recent Gutenberg plugin version 3.5.0 installed along with Wordfence version 7.1.10 but I couldn’t. The Gutenberg editor is saving just fine “auto-saving and save as a draft”, may I know what is the user role you can reproduce this issue with? is it an editor user role? also, do you have any user/membership related plugin installed?

    Did you try switching the firewall into “Learning Mode” then recheck this issue?


    I’m the super user. Setting it to learning mode solved the problem.
    Thanks @wfalaa

    I closed the issue.


    Thanks!!!!!!!!!!! Round of applause from me that was the answer!
    If your curious I post and link to here in this post for those who seem to be having the same troubles. Hope it helps them too!

    Gutenberg github page

    This continues to be a wordfence issue – non-admin roles continue to have this issue – wordfence will have to stay in learning mode until they figure this out. Wordfence is really dropping the ball.

    Learning mode does not provide firewall security.

    @makhay, indeed the firewall is not optimal when in learning mode, but it goes quick.
    You set it into learning mode, you immediately save a post in gutenberg mode and then you turn learning mode off. To be be on the safe side, create a test version first, and do it there.
    A nuisance? Yes, but it is WordPress that imposes a page builder, not WordFence and it isn’t that well built either.


    We uninstalled wordfence – deleted all its data – installed fresh – then placed it in learning mode for 2 weeks – had all our people that have unique roles create posts, delete posts, edit posts, save drafts, etc. Then took it out of learning mode – wordfence continues to block all the actions.

    Wordfence is a wordpress plugin and Gutenberg will soon be a part of core – so it is expected that wordfence should work properly.

    Quick question.. Are you using shared hosting? Multiple domains from one account. Your public html folder main contains other websites that your using? If so enable learning mode one the main account, edit post & save. May work. Let me know & I’ll try to help.

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Gutenberg blocked by WordFence’ is closed to new replies.