iCaspar
commented
3 years ago Grooming Notes:
Reproduce the Issue
Issue has been reproduced on multiple sites in various contexts.
Root Cause
WordFence Firewall blocks unknown requests that it considers risky, except when in "Learning Mode" during which time such requests are added to an allow list for later review by site admins. If WPRocket's background requests are not added during a Learning Mode period, the firewall blocks them.
Scope for Solution
The WordFence API includes (starting WF version 5.3.2 a wordfence::whitelistIP() method to programatically whitelist IPs used by themes and plugins. @see WordFence API Documentation.
We need a new compatibility class Engine\ThirdParty\Plugins\Security\WordFence that implements Subscriber_Interface.
In this class, we need a const with our IPs to be whitelisted, and a method whitelist_wordfence_firewall_ips() that will call wordfence::whitelistIP() with each of our IPs. The class's get_subscribed_events() will hook whitelist_wordfence_firewall_ips() to all Rocket background processes needing one of the whitelisted IPs.
Will need relevant Unit and Integration tests for the new class.
Note, since this is an IP-dependent solution, we will need to update the IPs in the class constant (requiring a release) whenever our IPs are changed. It may be indicated that we should provide a filter in whitelist_wordfence_firewall_ips() in case there is a need to substitute other IPs on a temporary basis or if we have an IP change and expect a delay in releasing.
Estimted Effort
[M]
or128
vmanthos
mehedihasanziku
piotrbak
Describe the bug We have seen cases where WordFence is preventing our background processes from running correctly.
WordFence has a learning mode that can be used to allow the background processes. But It seems to be possible to programatically enable them by using some compatibility code. We need to explore this option to simplify our users experience.
Backlog Grooming (for WP Media dev team use only)