Closed vmanthos closed 2 years ago
We are currently not handling the updating the ip on wordfence whitelist.
I propose:
Use the wordfence config class use wfConfig;
Add a new prop to the wordfence Thirdparty Class -> $old_rucss_ip
which will hold the old ip we are updating from.
We create a new method to handle the update like so:
private function pop_old_ip () {
$whites = wfConfig::get('whitelisted', '');
$arr = explode(',', $whites);
$last_ip_index = array_search($this->old_rucss_ip, $arr);
if(isset($arr[$last_ip])){
unset($arr[$last_ip_index]);
}
wfConfig::set('whitelisted', implode(',', $arr));
}
This method assumes we are only having one rucss ip.
Then we call this new method before this line so we pop out the old ip before updating: https://github.com/wp-media/wp-rocket/blob/c05bb997dd65097f18d2a176a8428fba34f5a756/inc/ThirdParty/Plugins/Security/WordFenceCompatibility.php#L57
[S]
Before submitting an issue please check that you’ve completed the following steps:
3.11.4.2
Describe the bug
We allowlist the RUCSS SaaS IP here: https://github.com/wp-media/wp-rocket/blob/98a11540dc19c3ae598d7361e0b7ecee79045df9/inc/ThirdParty/Plugins/Security/WordFenceCompatibility.php#L17
That's added in Wordfence > All Options > Advanced Firewall Options > Allowlisted IP addresses that bypass all rules.
When:
the IP isn't removed from that text area.
Also, when updating WP Rocket and that IP has changed, the old IP isn't replaced by the new one. Instead both are kept in place.
To Reproduce
Steps to reproduce the behavior:
3.11.5
.Expected behavior
Additional context
This came up while doing QA for #5233.
Backlog Grooming (for WP Media dev team use only)