Hi @chengfucius, thanks for reaching out to us.
It sounds to me like a false-positive is catching the transaction where the form data is being passed to the payment gateway so Learning Mode could possibly help you out.
From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. If you’re able to replicate real transactions with test data on your payment gateway, run through the process with this enabled to teach Wordfence what’s happening is normal and should be allowed in future. After you have finished, switch the WAF from Learning Mode back to Enabled and Protecting.
If that doesn’t work, you can confirm that they’re caused by a Wordfence block by taking a look at your Live Traffic. Do timestamps of the payment transactions match blocked actions? You should be able to see which rule is causing the block by clicking that line (or “eye” icon) to expand it. Sometimes you are presented with a “ADD PARAM TO FIREWALL ALLOWLIST” button here that could solve any problems going forward. This button automatically inserts the URL and its required params to the Allowlisted URLs section of the plugin.
Let me know how you get on!
Peter.
Thread Starter
Cee
(@chengfucius)
Thank you for promptly replying. I have tried both above. And none of them worked. But once I deactivate Wordfence, it works again. But keeping Wordfence deactivated is a threat to the website. I hope this can be resolved soon. Thanks.
Hi @chengfucius, thanks for the extra information and sorry to see that’s not worked for you.
Would it be possible to see a screenshot of an expanded Live Traffic entry where a block has occurred? You can obscure any sensitive information like IPs and include images on the forums by clicking the “+” in a new paragraph block and selecting “Image“, then Upload once you’ve picked a file.
This should show whether a rule is catching it as a false-positive or because of another setting we can change in Wordfence.
Thanks,
Peter.
Thread Starter
Cee
(@chengfucius)
Hi. Sorry for the delay on replying to your email. The below is a truncated version of what I was able to capture after trying and failing again.
Seconds since last hit:1.7932URL:https://www.kravmaga.com.hk/?wc-ajax=ppc-create-order(opens in new tab)Type:Normal requestReferrer:https://www.kravmaga.com.hk/checkout/(opens in new tab)Seconds since last hit:1.0210URL:https://www.kravmaga.com.hk/favicon.ico(opens in new tab)Type:Normal requestReferrer:https://www.kravmaga.com.hk/checkout/(opens in new tab)Seconds since last hit:2.7799URL:https://www.kravmaga.com.hk/?wc-ajax=update_order_review(opens in new tab)Type:Normal requestReferrer:https://www.kravmaga.com.hk/checkout/(opens in new tab)
I am sure you can tell from this that it is showing nothing wrong. However, the validation continues to tell me that billing information is not filled out. I have to deactivate wordfence for it to work still. Please help. Thank you.