Hi @rabox66, thanks for reaching out to us.
Even though the sites may be near-identical, there’s a chance that false-positives were flagged by Wordfence when the file was uploaded. Learning Mode will usually help this kind of block.
From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the image uploads that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.
If that doesn’t help, try turning off the “Malicious File Upload (PHP)” firewall rule found in Wordfence > All Options > Firewall Options > Advanced Firewall Options > Rules. Click the “SHOW ALL RULES” button once you’re there.
It is not uncommon for image, PDF or XML files to contain code that looks like PHP such as <? when looked at as a string, therefore triggering the above rule as they’re not meant to contain PHP.
Another rule titled “Malicious File Upload (Patterns)” will actually check the file contents rather than just whether a filetype/extension may be misrepresented, so leaving this turned on, even if you had to turn the other off will provide you with a solid level of protection going forward.
Let me know how you get on!
Peter.
Thanks, I will discuss it with the client. If there are any further questions or if it does not work, I will be back.
