Support » Plugin: WordPress Firewall 2 » [Plugin: WordPress Firewall2] How to whitelist a parameter on a page

  • I am wondering how to whitelist a parameter on a page.
    My version is Firewall 2 on my WP 3.1.2 installation.

    The emailwarning:
    WordPress Firewall has detected and blocked a potential attack!
    Web Page:
    Warning: URL may contain dangerous content!
    Offending IP: [ Get IP location ]
    Offending Parameter: _wp_http_referer = /medlem/mina-sidor/?updated=true&wp_http_referer

    This may be a “WordPress-Specific SQL Injection Attack.

    Click here to whitelist this variable.

    I know that this is not an Attack and I click on the link above to whitelist this variable but the page I reach says I donĀ“t have enough rights to do this. I am administrator and I have my IP in the whitelisting.

    How do I manually whitelist this? What to put where.

    Thanks in advance!

Viewing 8 replies - 1 through 8 (of 8 total)
  • This seems to be due to a bug which produces an email link missing parts of the address. It misses out wordpress-firewall-2/ from the url e.g. it produces –

    instead of –

    something to do with basename(__FILE__) in its code not firing up properly.

    In the meantime just add the missing bit to the url to get it to work. It should then automatically add the exception to the whitelist if you look down the page.

    I can vouch that this does fix the problem, thanks for posting.

    Just wondering when we can expect a fix for this. Thanks for a great plugin.

    I just tried it as I was receiving the same message, and I can vouch the solution offered by maduro-blanco WORKS.

    I did this and initially got an error message* in the ‘white listed pages’ box on WordPress Firewall settings page.

    When I left that page to upgrade the plugin (Slick Social Share Buttons) which was the one flagging a (false) Attack in the first place I now can, and no longer get a warning, also the error message on WF setting page has disappeared, so in that sense it works.

    Would be great if the developer could release an upgrade to WF so we don’t need to do this manual workaround in the future.

    *I would’ve pasted it here, but I lost it; remember it mentioned line 606/7 though


    I think what you meant is:

    Warning: unserialize() expects parameter 1 to be string, array given in /home/xxxxxxx/public_html/ on line 606

    Warning: unserialize() expects parameter 1 to be string, array given in /home/xxxxxxx/public_html/ on line 607

    I’m getting the same error when trying to whitelist a variable. Would be great if that would get fixed.

    For now I have to vote plug-in “not working”

    This isn’t working for me. It just sends me to my login page. How do I whitelist false positives? Thank you!

    The developer, Pavy, reported eight months ago:

    I understand everyone’s frustration with this issue. Please understand that my full-time job must come before this, as well as many other things.

    I do fully intend to update WordPress Firewall 2 as soon as possible. I’ve had some fixes and a few new features already done, literally for months now. I know I said it would be much, much sooner; I know a lot of time has gone by. Regardless of how much I can get done in the next 1-2 weeks, I will release an update, so you all can see at least some progress.

    Please continue to report issues – I do check this forum, I am aware of the most annoying problems, and I do intend to have at least the serialize/unserialize issue fixed in this update.

    A final note, the serialize/unserialize errors are not fatal errors. WF2 will continue to operate, even when encountering these errors. If you have WF2 installed, even if you get these errors, the plugin is still protecting your site.


    To fix the warning you can modify the wordpress-firewall-2.php and replace unserialize() with maybe_unserialize(). I recently fixed this issue.

    Refer the below link for more details.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘[Plugin: WordPress Firewall2] How to whitelist a parameter on a page’ is closed to new replies.