Title: jQuery File Upload
Last modified: October 22, 2018

---

# jQuery File Upload

 *  Resolved [Joseph G](https://wordpress.org/support/users/evolutionaryit/)
 * (@evolutionaryit)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/jquery-file-upload/)
 * The recent jQuery File Upload security issue is a bundle of headaches.
 * [https://www.tenable.com/blog/jquery-file-upload-plugin-leaves-web-servers-vulnerable-to-unauthenticated-file-upload-attacks](https://www.tenable.com/blog/jquery-file-upload-plugin-leaves-web-servers-vulnerable-to-unauthenticated-file-upload-attacks)
 * Is there a way to address this with Wordfence?

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [wfdave](https://wordpress.org/support/users/wfdave/)
 * (@wfdave)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/jquery-file-upload/#post-10805415)
 * Hi [@evolutionaryit](https://wordpress.org/support/users/evolutionaryit/),
 * The best way would be to immediately apply the patch to `server/php/index.php`:
 * [https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f#diff-996c857e3951bd17f2fb03545fcae449](https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f#diff-996c857e3951bd17f2fb03545fcae449)
 * However, Wordfence does have an option to disable code execution for uploaded
   files.
 * Navigate to Wordfence -> All Options -> General Wordfence Options -> Disable 
   Code Execution for Uploads directory, and make sure that it is checked.
 * [https://www.wordfence.com/help/dashboard/options/#exec-uploads](https://www.wordfence.com/help/dashboard/options/#exec-uploads)
 * Note that this will still allow users to upload non-image files, but the uploaded
   files cannot be executed as code on the server.
 * I would highly recommend applying the patch the author published on Github.
 * Dave
 *  [wfdave](https://wordpress.org/support/users/wfdave/)
 * (@wfdave)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/jquery-file-upload/#post-10862227)
 * Hi [@evolutionaryit](https://wordpress.org/support/users/evolutionaryit/),
 * We haven’t heard back from you in a while. I’ve gone ahead and marked this thread
   as resolved.
 * if you are still having issues with Wordfence, feel free to open a new thread.
 * Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘jQuery File Upload’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [wfdave](https://wordpress.org/support/users/wfdave/)
 * Last activity: [7 years, 6 months ago](https://wordpress.org/support/topic/jquery-file-upload/#post-10862227)
 * Status: resolved