Hi.
I am developing a WordPress plugin for spam-protection, that is blocking post-requests, which have not solved a respective proof-of-state-challenge.
GDPR-compliant ReCaptcha for all forms and logins – WordPress plugin | WordPress.org
Thus the option “Connecting back to this site” of the Diagnostics-page of Wordfence runs into an error, as it gets blocked by my plugin. I found that the page is calling “wordfence_testAjax” for testing-purpose and white-listed this ajax-action respectively at my plugin and the test succeeds.
But I am pretty sure, that for updates, scans and alike you may use other ajax-calls which would be blocked again.
My question: Which ajax-calls do I need to whitelist in order to stop my plugin from blocking wordfence? Is there a better way to whitelist wordfence (i.e. whitelist a specific IP address or something else)?
Hint: In order to test “Connecting back to this site” it might be helpful to call those actions that you really use, maybe passing a parameter that says “no processing required as it is just a test”.
Cheers, Matthias
The page I need help with: [log in to see the link]