Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels

Channel Catalog

    0 0

    Replies: 0


    I’m in the middle of trying to make my WordPress/BuddyPress site more secure. I have run WordFence for a while with no problems but today I notice that non-admin users cannot upload images to the site anymore. An HTTP error occurs when a non-admin uploads a photo.

    I narrowed it down to the last entry in the firewall settings – the Malicious File Upload (PHP) entry. When I deselect this setting the problem is fixed, though this is making the site much more vulnerable to malicious files.

    Is there a way to fix this issue so that I can keep the last firewall entry selected?


    0 0

    Replies: 0

    I can’t tell if its something wrong with wordfence, wordpress or a hacker. I’ve seen it start to come up on other sites and then vanish but this one it just keeps going. I’ve turned off caching in every plugin and its a monster now, every few seconds.

    unknown location at IP arrived from and left and tried to access non-existent page visited was at logged in successfully as “”. logged out successfully. requested a password reset. attempted a failed login as “”. attempted a failed login using an invalid username “”. changed their password.
    Invalid Date Invalid Date (NaN seconds ago) IP: [unblock] [unblock this range] [block]

    How do I make it STOP?

    • This topic was modified 5 hours, 56 minutes ago by  Starhorsepax2.

    0 0

    Replies: 0

    Hello All,

    I have been using the free version of Wordfence since January with no issues, however, since yesterday, I have not been able to access it through my admin dashboard. I am using WordPress 4.6.1 and the Wordfence version 6.2.2. I have disabled all my plugins but the issue persists. The Wordfence pages are unresponsive and will not open for me. I had been using the Basic Caching and had not disabled it yet as requested. Not sure if that might be the problem. Has support stopped for the caching?

    Other than this, all else is working on my site with no issues with the other plugins. I am still receiving Wordfence alerts about admin logins and WF Blog postings so I hope that my site is still being protected. I do have access to Cpanel through my hosting provider (InMotion Hosting) but don’t have alot of experience! Any advice? Thanks!

    0 0

    Replies: 2


    Getting several 403 errors triggered by WF Firewall since Oct 19 for a page with an entry form that includes an image upload field, example below

    xx.xx.xx.xx - - [19/Oct/2016:00:19:59 +1100] "POST /enter/ HTTP/1.1" 403 226 "" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Mobile/14A456 Safari/602.1"
    yy.yy.yy.yy - - [19/Oct/2016:00:20:13 +1100] "POST /?wordfence_syncAttackData=1476796813.81 HTTP/1.1" 200 - "" "WordPress/4.6.1;"

    I’m seeing several other posts here over the last few days with similar issues around file upload so suspecting your firewall is being overzealous around anything involving uploads from non-admins? Please can you confirm this is likely cause?


    0 0
  • 10/20/16--01:16: The plugin crashed my site
  • Replies: 5

    Hi, I installed this plugin and now any time I try to do anything in the admin side I just get this error message:
    Fatal error: Call to a member function get() on null in /home/timberw1/public_html/ on line 52
    I can’t even get in to uninstall the plugin now, any ideas about what I can do about it?

    0 0

    Replies: 0


    I suspect there is an infection running amok on a website of a customer: the site is sending a crazy amount of e-mails from the wp-admin folder, over 500/h, and was thus shutdown by the hosting company.

    On looking at files I was not able to see anything suspicious myself, so I tried to scan.

    Since Monday I have been scanning & scanning, but the scanner keeps stopping at a randomly set limit of 6000-7000 files, on the:

    [Oct 20 11:29:13]Scanning for known malware files
    [Oct 20 11:29:13]Scanning for unknown files in wp-admin and wp-includes


    I have turned off plugin and theme scanning, hoping to scan them separately, but to no avail.

    Scans end up just going on and on, kind of like this:

    [Oct 20 11:29:07] Contacting Wordfence to initiate scan
    [Oct 20 11:29:08] Including files that are outside the WordPress installation in the scan.
    [Oct 20 11:29:08] Getting plugin list from WordPress
    [Oct 20 11:29:08] Found 20 plugins
    [Oct 20 11:29:08] Getting theme list from WordPress
    [Oct 20 11:29:08] Found 4 themes
    [Oct 20 11:29:13] Scanning comment with Author: dina postolachi Email: Source IP:
    [Oct 20 11:29:13] Checking 1 host keys against Wordfence scanning servers.
    [Oct 20 11:29:14] Analyzed 100 files containing 1.67 MB of data so far
    [Oct 20 11:29:14] Analyzed 200 files containing 2.93 MB of data so far
    [Oct 20 11:29:14] Done host key check.
    [Oct 20 11:29:14] Scanned comment with Author: dina postolachi Email: Source IP:
    [Oct 20 11:29:15] Analyzed 300 files containing 3.92 MB of data so far
    [Oct 20 11:29:15] Analyzed 400 files containing 5.86 MB of data so far
    [Oct 20 11:29:16] Analyzed 500 files containing 6.61 MB of data so far
    [Oct 20 11:29:23] Analyzed 1900 files containing 40.52 MB of data so far
    [Oct 20 11:29:24] Analyzed 2000 files containing 41.95 MB of data so far
    [Oct 20 11:32:19] Scanning comment with Author Printesa Urbana Email: [edited] Source IP: [edited]
    [Oct 20 11:32:19] Checking 1 host keys against Wordfence scanning servers.
    [Oct 20 11:32:20] Done host key check.
    [Oct 20 11:32:20] Scanning comment with Author Printesa Urbana Email: [edited] Source IP: [edited]
    [Oct 20 11:23:24] Scanned comment with Author: iheqibaa Email: [edited] Source IP: [edited]
    [Oct 20 12:28:21] Scanning comment with Author: xyz [edited] Source IP: [edited]
    [Oct 20 12:28:21] Checking 1 host keys against Wordfence scanning servers.
    [Oct 20 12:28:22] Done host key check.
    [Oct 20 12:28:22] Scanned comment with Author: xyz [edited] Source IP: [edited]
    [Oct 20 12:38:34] Scanning comment with Author: pvhjunqabk [edited] Source IP: [edited]
    [Oct 20 12:38:34] Checking 6 host keys against Wordfence scanning servers.
    [Oct 20 12:38:35] Done host key check.
    [Oct 20 12:38:35] Scanned comment with Author: pvhjunqabk [edited] Source IP: [edited]
    [Oct 20 12:42:13] Scanning comment with Author: aseyelela [edited] Source IP: [edited]
    [Oct 20 12:42:13] Checking 4 host keys against Wordfence scanning servers.
    [Oct 20 12:42:14] Done host key check.
    [Oct 20 12:42:14] Scanned comment with Author: aseyelela [edited] Source IP: [edited]
    [Oct 20 12:44:04] Scanning comment with Author: boqvasebic [edited] Source IP: [edited]
    [Oct 20 12:44:04] Checking 4 host keys against Wordfence scanning servers.
    [Oct 20 12:44:05] Done host key check.

    And so on.
    Since Monday I have not had one completed scan.

    What can I do?

    Thank you,

    0 0

    Replies: 1


    I am new to Wordfence and am currently evaluating the plugin with the free version, before I commit to purchasing the premium keys.

    I installed Wordfence and enabled the WAF as instructed (I am on NGINX + PHP-FPM) — and haven’t really changed any options beyond that. the WAF says it’s in “learning mode” too. Diagnostics page shows no errors.

    Things seem to be working fine, except for one thing: post preview for a custom post type has stopped working and returns a 404 error.

    The preview link WordPress puts is — but when clicking on it, it redirects to (removing preview=true) — and returns a 404 page. So the only way to see the post is AFTER it’s been published.

    Any suggestions?

    Many thanks,


    0 0
  • 10/20/16--12:23: do I need shield as well?
  • Replies: 0

    Just need to understand if Shield and wordfence provide the same solution for WAF.
    do I need to install them both on my site?

    0 0

    Replies: 0


    I have created a custom capability, “manage_wordfence” and I would like to use it to do the following:

    1. Allow users with the “manage_wordfence” capability to unblock themselves if they are blocked by one of the defined Wordfence rules.
    2. Access all the Wordfence pages, Scan, Live Traffic, ETC.

    Thanks for your help and thanks for an awesome plugin for free.

    0 0
  • 10/21/16--02:35: Clean up Malware
  • Replies: 0

    I would like to upgrade to premium version, how ever i would like to know if your software can clean up the redirects to some ads site? every time i clear up cache and try visit my site i get the message checking browser before accessing the site, after clicking a continue button it redirects me to some weird sites sometimes.

    0 0
  • 10/21/16--02:44: Codes keep coming back
  • Replies: 0

    i have wordfence and when i scan i see some weird codes that someone hacked to my site. i delete them but after a while they coming back.
    what should i do?

    0 0
  • 10/21/16--04:16: Login Blocked
  • Replies: 1

    I use country blocking and all countries except the USA are blocked. USA is not checked as that’s where I am. When I click on Save I get this

    You are about to block your own country. This could lead to you being locked out. Please make sure that your user profile on this machine has a current and valid email address and make sure you know what it is. That way if you are locked out, you can send yourself an unlock email. If you’re sure you want to block your own country, click ‘Confirm’ below, otherwise click ‘Cancel’.

    I checked my email and user info and its correct. Why am I getting this and why am I getting blocked out?

    0 0
  • 10/21/16--04:26: Base64 Decode Error
  • Replies: 2

    I have base64 disabled on my server because of hacker activity. I have wordfence installed on multiple sites on this server, however I only have the problem with 1. On occasion this error shows at the top of the page.

    Warning: base64_decode() has been disabled for security reasons in /home/molloy6/public_html/ on line 1353

    Warning: base64_decode() has been disabled for security reasons in /home/molloy6/public_html/ on line 1390

    And this one when trying to update a post or setting

    Warning: Cannot modify header information – headers already sent by (output started at /home/molloy6/public_html/ in/home/molloy6/public_html/ on line 197

    I have been through the plugin enable/disable routine and have reinstalled Wordfence, but since it only happens seemingly random that is not a viable process.

    Can you help please?

    0 0

    Replies: 0


    I have this error message

    Warning: inet_pton(): Unrecognized address in /htdocs/public/www/wp-content/plugins/wordfence/lib/wfUtils.php on line 271

    It appears only on certain pages of the web site and in firefox (not in chrome)
    A page url is

    Do you have any solution ?


    0 0

    Replies: 0

    Hi, and sorry for my bad english. i’m programing a script for infinitewp for automatize wordfence installations for more 1000 WP in a hosting provider. All work perfect and all is ok, inclusive extendended protection is configured. But i only have a case that cant solve.

    If the website have wordfence installed and firewall is in status disabled, i cant find how can i change this status manually. I was looking in wfConfig table but nothing. Htaccess, nothing, .user.ini nothing, wordfence-waf.php nothing

    where is stored the firewall status?