Replies: 0
Hello,
On my site (miuipolska.pl) I have a directory called /forum. Unfortunately Wordfence scans that directory and causes multiple false positives.
When I create a topic on the forum (Invision) and I add link to another topic on the forum or YouTube, and then try to add that topic, it automatically triggers Wordfence with HTTP 403 error. I can of course flag it as false positive, but my users can’t do that.
Example from panel:
- URL: /forum/forum/51-rozmowy-og%C3%B3lne/
- Parameter: request.body[topic_content]
- 10.12.2024, 13:31:56, Allowlisted via false positive dialog
- Blocked parameter: XSS: Cross Site Scripting w nagłówku POST: topic_content=%3Ciframe%20allowfullscreen%3D%22%22%20class%3D%22ipsEmbed_finishedLoading%22%20data-controller%3D%2…
It happens as well in private messages and other places where you can add any embed on Invision platform.
I want to pass all requests from /forum/ or do another solution which allows to avoid these false positives from this specific directory keeping WordPress files scanned/secured.
Any advice?
Thanks!
