If some functionality in the Facebook feed or plugin settings is not working properly and you are using the WordFence Security plugin, it is possible that WordFence is blocking requests by the Facebook plugin to communicate with your WordPress server. A common symptom of this problem is clicking the Load More button will show the loading animation continuously without ever loading more posts.
If you see a problem like this, you can open the developer tools in your browser and check the Console or Network tabs for any HTTP 403 errors to admin-ajax.php (see example below). This is a sign that requests are being blocked.
Solution 1:
WordFence has a learning mode that will allow you to train it that these requests should be allowed. You can train it by following these steps:
- Go to the WordPress Dashboard > WordFence > Firewall and click Manage Firewall
- Under Basic Firewall Options > Web Application Firewall Status, change the status to Learning Mode and click Save Changes
- Now go back to your Facebook feed and perform the actions that were being blocked by WordFence. This will help WordFence learn that these are normal actions and should be allowed.
- Go back to WordPress Dashboard > WordFence > Firewall and click Manage Firewall again
- Under Basic Firewall Options > Web Application Firewall Status, change the status back to Enabled and Protecting and click Save Changes
- Test that the actions that WordFence was previously blocking are now being allowed
Please note: WordFence may act differently if you are logged in as an administrator on the site instead of viewing the site as a normal visitor. To ensure you are testing how your site will work for a normal visitor, make sure you are not logged in or you are viewing the page in an Incognito or Private window.
Solution 2:
If Solution 1 does not resolve the problem, please try these steps:
- Go to the WordPress Dashboard >WordFence > Tools > Live Traffic
- In the dropdown box that says Filter Traffic: All Hits, select Blocked by Firewall and then look for the blocked request(s). This will normally be a request to admin-ajax.php
- If you know that the action was something safe (especially if it was from your own visit), click the Add param to firewall allowlist button.