Forums » Help & Troubleshooting



Clicky script flagged as malicious

Hello, I’ve been trying to add a clicky (clicky.com) script into a pages header, but I’m getting 403 forbidden because wordfence is blocking it as an XSS attempt..(it’s javascript code).

I’ve whitelisted it in the actual firewall alerts, but the problem with this is that the whitelist is too specific and even narrowed to the theme I’m using. Since I’m working with a lot of sites this solution is not effective because each whitelist is different.

I’m looking for a way to whitelist this request so it works on any other website no matter what theme I’m using.. or if theres a way to whitelist the file wp-options.php completely or just something that can help me insert a javascript snippet on the header without wordfence flagging it as an XSS attempt. thank you!

Whitelist I’ve tried:

URL: /wp-admin/options.php
Param: POST Body
Param name: request.body[request.body[schema][mts_header_code]] (too specific schema is the theme I was using on that website)

I’ve also tried obfuscating the JS code with no sucess. I’m very thankful for any insights and suggestions you guys do, thank you very much.

Posted Thu Mar 23 2017 8:45pm by mkhunt



Reply to this discussion

You must be logged in to your account to post!