Support » Plugin: Wordfence Security - Firewall & Malware Scan » Non-Admin Gutenberg users Getting Blocked

  • Resolved makhay

    (@makhay)


    As title suggests, when non-admin users attempt to create posts in Gutenberg, wordfence firewall is blocking it. Since Gutenberg will be taking over soon – this should be addressed.

    “was blocked by firewall for WordPress 4.7.0-4.7.1 – Authentication Bypass”

    Whitelisting only works on a per post basis.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Support wfscott

    (@wfscott)

    Hello @makhay,

    Thanks for reporting this. We are aware of the issue and will be finding a fix to this as soon as we can.

    -Scott

    Thread Starter makhay

    (@makhay)

    Hi @wfscott , do you have any updates on this?

    USER in LOCATION left https://examplewebsite.com/wp-admin/post.php?post=2166&action=edit and was blocked by firewall for WordPress 4.7.0-4.7.1 – Authentication Bypass at https://examplewebsite.com/wp-json/wp/v2/posts/2166/autosaves

    Thread Starter makhay

    (@makhay)

    @wfscott – this was marked as resolved – but its not resolved.

    Plugin Support wfscott

    (@wfscott)

    @makhay

    Sorry for the inconvenience — I was not notified of your reply until I saw it now.

    I am currently unable to recreate any blocking issues with Gutenberg.

    Have you tried setting the Firewall to Learning Mode and having your author/contributor submit a few posts so the action is whitelisted?

    To do this, navigate to Wordfence > Firewall > All Firewall Options and change the Web Application Firewall Status option from Enabled and Protecting to Learning Mode. After you do this, try submitting a few posts with non-admin users and if they go through, head back and change the firewall back to Enabled and Protecting.

    Please let me know if this works for you.

    Thread Starter makhay

    (@makhay)

    We uninstalled wordfence – deleted all its data – installed fresh – then placed it in learning mode for 2 weeks – had all our people that have unique roles create posts, delete posts, edit posts, save drafts, etc. Then took it out of learning mode – wordfence continues to block all the actions.

    To clarify – these are custom roles created by the Members plugin.

    Admin role has no issue.

    Plugin Support wfscott

    (@wfscott)

    Thanks for the update. Can you please send over an image of the block you’re seeing which is giving you the option to whitelist the action?

    Thread Starter makhay

    (@makhay)

    Here you go… via imgur

    Plugin Support wfscott

    (@wfscott)

    Thanks for the image. Are you on an up to date version of WordPress?

    If you navigate to Wordfence > Firewall > All Firewall Options > Advanced Firewall Options and expand the Rules section, look for

    auth-bypass WordPress 4.7.0-4.7.1 – Authentication Bypass: Page/Post Content Modification via REST API

    auth-bypass WordPress 4.7.0-4.7.1 – Authentication Bypass

    You can disable those. Try again and see if you are able to make posts/changes.

    Thread Starter makhay

    (@makhay)

    @wfscott

    That did it – less protection, but it will have to do for now.

    Thank you!

    • This reply was modified 4 years, 3 months ago by makhay.
    Plugin Support wfscott

    (@wfscott)

    You’re welcome @makhay

    Feel free to let us know if you have any other questions. For the time being, I will mark this specific thread as resolved.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Non-Admin Gutenberg users Getting Blocked’ is closed to new replies.