Support » Plugin: Wordfence Security - Firewall & Malware Scan » where is the proper place to report SQL Injection that WF WAF failed to block?

  • Resolved Paul Biron


    Yesterday I had a particularly nasty bot hit a site I manage.

    The WordFence WAF blocked many SQL Injection attempts from this bot (thank you!). However there were some it did not.

    Where is the proper place to report the query strings for those attempts the WAF failed to block, so that you can improve the WAF so that it would block such attempts in the future?

    I don’t think it is safe to post them here, in a public forum.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Forgot to mention: I’m a free customer.

    Have you discovered a new malware variant or a new kind of infection that you’d like to share with us?
    Email: samples AT

    Plugin Author WFSupport


    Thanks @barnez!

    @pbiron – Emailing the samples to samples []at wordfence [dot] com will get it in the right hands. Make sure and include any pertinent details (file paths, etc) and our samples team will begin their analysis, which is the first step in developing a new firewall rule.

    If you have any other questions about the process you can include them there.


    thanx. I emailed them yesterday (and got the confirmation response).

    Meant to add a comment here saying I did so but got caught up in other matters and forgot about it.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.