Wordpress Multisite Under Attack Mode

On our site, subdomain.domain.com, we have a WordPress Multisite with different domains for each site. We are attempting to activate the “Under Attack Mode” for the subdomain subdomain.domain.com. However, on the other sites with distinct domains, our frontend resources are being blocked, and we are encountering the following error: Screenshot on 2023-07-25 at 15-30-54.png - Droplr. These resources are uploaded to an AWS server through a plugin.

What could be causing this error?

When you apply I’m Under Attack mode, all requests to the domain are challenged. If installations on other domains depend on resources on the IUA domain, they will receive initially a 403. You should turn off IUA and replace it with a Custom Rule to challenge all requests to that domain, but with exceptions for the legitimate requests from other websites of your network.

For instance, assuming all static resources (JS, CSS, image files, etc.) which are requested by other domains have a path starting with “/wp-content/”, you could have a WAF Custom Rule like this::

When incoming requests match
Hostname equals "sub.example.com"
URI Path does not contain "/wp-content/"
Managed Challenge

This is just a suggestion; you’ll need to test it and adapt to your website actual conditions.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.