RUCSS allowlisted IP isn't removed from Wordfence's options

[vmanthos]

Before submitting an issue please check that you’ve completed the following steps:

• Made sure you’re on the latest version ✅3.11.4.2
• Used the search feature to ensure that the bug hasn’t been reported before ✅

Describe the bug

We allowlist the RUCSS SaaS IP here: https://github.com/wp-media/wp-rocket/blob/98a11540dc19c3ae598d7361e0b7ecee79045df9/inc/ThirdParty/Plugins/Security/WordFenceCompatibility.php#L17

That's added in Wordfence > All Options > Advanced Firewall Options > Allowlisted IP addresses that bypass all rules.

When:

• deactivating
• uninstalling WP Rocket

the IP isn't removed from that text area.

Also, when updating WP Rocket and that IP has changed, the old IP isn't replaced by the new one. Instead both are kept in place.

To Reproduce

Steps to reproduce the behavior:

1. Install Wordfence.
2. Check Wordfence > All Options > Advanced Firewall Options > Allowlisted IP addresses that bypass all rules. The current IP will be added there.
3. Deactivate/uninstall WP Rocket and check the field again. The IP will still be there.
4. Install WP Rocket again (3.11.4.2) and update it to a version with a different IP, e.g. 3.11.5.
5. Repeat step 4. Both IPs will be in place.

Expected behavior

1. When deactivating/uninstalling WP Rocket the IP should be removed from Wordfence's settings.
2. When updating WP Rocket and the IP has changed, only the new one should be preserved.

Additional context

This came up while doing QA for #5233.

Backlog Grooming (for WP Media dev team use only)

• [ ] Reproduce the problem
• [ ] Identify the root cause
• [ ] Scope a solution
• [ ] Estimate the effort

[jeawhanlee]

Identify the root cause ✅

We are currently not handling the updating the ip on wordfence whitelist.

Scope a solution ✅

I propose:

• Use the wordfence config class use wfConfig;

• Add a new prop to the wordfence Thirdparty Class -> $old_rucss_ip which will hold the old ip we are updating from.

• We create a new method to handle the update like so:

  private function pop_old_ip () {
  $whites = wfConfig::get('whitelisted', '');
  $arr = explode(',', $whites);
  $last_ip_index = array_search($this->old_rucss_ip, $arr);
  if(isset($arr[$last_ip])){
  unset($arr[$last_ip_index]);
  }
  wfConfig::set('whitelisted', implode(',', $arr));
  }

  This method assumes we are only having one rucss ip.

• Then we call this new method before this line so we pop out the old ip before updating: https://github.com/wp-media/wp-rocket/blob/c05bb997dd65097f18d2a176a8428fba34f5a756/inc/ThirdParty/Plugins/Security/WordFenceCompatibility.php#L57

Estimate the effort ✅

[S]