You were blocked by the Shield. Something in the URL, Form or Cookie data wasn't appropriate.
This is a firewall block message.
The firewall component of the Shield Security plugin is an Application Level Firewall. This means it only acts, and can only act, at the WordPress level.
It's designed to analyse data sent to your WordPress site and block any requests that appear to be malicious.
We don’t write to the core .htaccess files on principle, so we don’t affect how Apache handles web requests. Instead, we examine the data in these requests and then allow or block WordPress from loading depending on the rules you have chosen.
Shield analyses the information contained within the GET and POST data sent to your site. This is explained in more detail here.
When it detects something that it doesn’t like – it’ll kill that web request and prevent WordPress from loading any further. In this way, it prevents WordPress from receiving/using malicious data that’s been sent to it to for the purpose of causing trouble.
When the Shield firewall has been triggered, and you have firewall block response message set to "Die With Message", you'll see the following block message:
"You were blocked by the Shield. Something in the URL, Form or Cookie data wasn't appropriate."
This message is found under the Firewall module of the Shield plugin:
Hint: You can customise this message, if you want.
It can happen that you, as a site owner, get blocked by the firewall. For example, you're getting blocked while you're customising your theme. To stop this block, follow the below steps...
Step 1: Go to your Audit Trail
Review your Audit Trail and find the firewall block entry. It'll tell you what exact firewall rule has been triggered, and the offending parameter.
In this example
- firewall rule (option) triggered is Aggressive Rules
- the offending parameter is "return"
Step 2: Whitelist the offending parameter, or turn off the firewall rule (option)
So, to stop this firewall block, you always have 2 options
- Whitelist the parameter; or
- disable the firewall rule (option).
The parameter to whitelist is
(* (asterisks) refers to all pages)
You can whitelist it manually by going to the Firewall module => Whitelist Parameter:
Note: You may also want to read How to interpret Firewall entries in the Audit Trail and whitelist parameters (examples).
Or, you can whitelist it directly from within your Audit Trail by clicking the Whitelist Param link. The parameter will be whitelisted automatically.
If this doesn't work, or you simply don't want to whitelist the parameter, you'll need to turn off the offending firewall rule (option). In this example, it's Aggressive Rules:
You are locked out as the result of firewall. What should you do?
In this case, follow these steps:
- Go to your FTP for this site and create a "forceoff" file. To do this, follow the steps outlined in this guide here.
This will keep Shield active, allowing you to get back in and change plugin settings.
- Log into your site
- Go to the Manage IPs section and remove your IP from the blacklist.
- Go to your Audit Trail to find the firewall block (explained above)
- Whitelist the parameter, or turn off the firewall offending rule (option) (explained above)
- Remove a "forceoff" file
Note: This is not a recommended option, but if you want to ensure that administrators are never affected (blocked) by the firewall, you can enable Ignore Administrators option: