Support » Plugin: Wordfence Security - Firewall & Malware Scan » Recent update and image uploads

  • Earl_D

    (@earl_d)


    Thanks for this great plugin. Been a godsend. Ran into a problem recently. Was there anything in the recent update that would have blocked image uploads? I started getting a forbidden operation message some on file uploads and others just failed. When I deactivate wordfence images are uploaded as expected.

    Or is there something I might have changed in the options settings that would have done that if you could point to to that it would be great. Thanks

Viewing 8 replies - 1 through 8 (of 8 total)
  • wfasa

    (@wfasa)

    Hi Earl,
    I have seen a few reports like this in the past days and I have asked our developers to look at it. I am currently gathering info in the issue to make it as quick as possible to solve. Would you consider sending me a diagnostics report?

    Go to Wordfence “Diagnostics” page and at the bottom click the button that says “Send Report by Email”. Change the prefilled address to asa@wordfence.com and please provide your username so I know who the mail is coming from. Please make a reply here in the forum when you have sent it so I can go grab it and file it in the correct location. Thanks in advance.

    winterstreet

    (@winterstreet)

    Not sure if this is exactly the same problem, but I’m getting 403 errors for non-admin users trying to upload images using a gravity form. I’ll send you my Wordfence report.

    wfasa

    (@wfasa)

    Hello both of you,
    I have some more information on this issue now. If you are getting http errors on upload of large files you are likely affected by a bug in one of our Firewall rules. The rule in question is “Malicious File Upload (Patterns)”. Possible solutions for now:

    1. Keep the offending Firewall rule “Malicious File Upload (Patterns)” deactivated until fix is released
    2. You could also theoretically increase your PHP memory limit a bit if you wanted. What is happening is that the Firewall runs out of time when it’s trying to check if the upload is safe or not.

    Thanks to those who sent diagnostics. I do not need any more at this point.

    wfasa

    (@wfasa)

    Sorry, I need to make a correction here. I meant to increase PHP timeout limit not memory limit! Apologies for the confusion.

    winterstreet

    (@winterstreet)

    I opted to deactivate the rule. Will the change log mention this issue so that I know when to turn it back on? Thanks.

    Earl_D

    (@earl_d)

    Thanks for the update and work around. Look forward to the fix. I actually got things working again by putting the firewall into learning mode. That caused it to accept photo uploads again and whitelist. Just another bit of info for your knowledge base.

    Earl_D

    (@earl_d)

    Also deactivating the Malicious File Upload (PHP) rule was what worked for me. That rule had kicked in again and was blocking uploads in spite of having pop memory limit set to 512M. Uploads work again once that is deactivated. The Malicious File Upload (Patterns) had no effect on the uploads.

    wfasa

    (@wfasa)

    Thanks for the updates. winterstreet, look out for mentions of the particular rules but also any change log entry of optimizing the firewall rules. This particular bug involves a time out issue so fixing it is a matter of performance improvement.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Recent update and image uploads’ is closed to new replies.