- RSS Channel Showcase 4326595
- RSS Channel Showcase 1246881
- RSS Channel Showcase 2419486
- RSS Channel Showcase 4567943
Articles on this Page
- 10/19/16--12:17: _Firewall – Ma...
- 10/19/16--13:10: _slew of worrisome l...
- 10/19/16--14:54: _Unable to Access Wo...
- 10/19/16--22:14: _Firewall stopping f...
- 10/20/16--01:16: _The plugin crashed ...
- 10/20/16--02:40: _Scan stops scanning...
- 10/20/16--04:16: _[Resolved] Preview ...
- 10/20/16--12:23: _do I need shield as...
- 10/20/16--15:04: _Allow custom capabi...
- 10/21/16--02:35: _Clean up Malware
- 10/21/16--02:44: _Codes keep coming back
- 10/21/16--04:16: _Login Blocked
- 10/21/16--04:26: _Base64 Decode Error
- 10/21/16--08:20: _Warning: inet_pton(...
- 10/21/16--15:34: _Change Firewall Sta...
- 10/19/16--13:10: slew of worrisome logins as “”
- This topic was modified 5 hours, 56 minutes ago by Starhorsepax2.
- 10/19/16--14:54: Unable to Access Wordfence in Dashboard
- 10/19/16--22:14: Firewall stopping form submissions with upload
- 10/20/16--01:16: The plugin crashed my site
- 10/20/16--02:40: Scan stops scanning files and keeps checking host keys and comments
- 10/20/16--04:16: [Resolved] Preview for custom post type no longer working
- 10/20/16--12:23: do I need shield as well?
- 10/20/16--15:04: Allow custom capability to access Wordfence
- 10/21/16--02:35: Clean up Malware
- 10/21/16--02:44: Codes keep coming back
- 10/21/16--04:16: Login Blocked
- 10/21/16--04:26: Base64 Decode Error
- 10/21/16--08:20: Warning: inet_pton() only in firefox
- 10/21/16--15:34: Change Firewall Status Manually
I’m in the middle of trying to make my WordPress/BuddyPress site more secure. I have run WordFence for a while with no problems but today I notice that non-admin users cannot upload images to the site anymore. An HTTP error occurs when a non-admin uploads a photo.
I narrowed it down to the last entry in the firewall settings – the Malicious File Upload (PHP) entry. When I deselect this setting the problem is fixed, though this is making the site much more vulnerable to malicious files.
Is there a way to fix this issue so that I can keep the last firewall entry selected?
I can’t tell if its something wrong with wordfence, wordpress or a hacker. I’ve seen it start to come up on other sites and then vanish but this one it just keeps going. I’ve turned off caching in every plugin and its a monster now, every few seconds.
unknown location at IP arrived from and left and tried to access non-existent page visited was at logged in successfully as “”. logged out successfully. requested a password reset. attempted a failed login as “”. attempted a failed login using an invalid username “”. changed their password.
Invalid Date Invalid Date (NaN seconds ago) IP: [unblock] [unblock this range] [block]
How do I make it STOP?
I have been using the free version of Wordfence since January with no issues, however, since yesterday, I have not been able to access it through my admin dashboard. I am using WordPress 4.6.1 and the Wordfence version 6.2.2. I have disabled all my plugins but the issue persists. The Wordfence pages are unresponsive and will not open for me. I had been using the Basic Caching and had not disabled it yet as requested. Not sure if that might be the problem. Has support stopped for the caching?
Other than this, all else is working on my site with no issues with the other plugins. I am still receiving Wordfence alerts about admin logins and WF Blog postings so I hope that my site is still being protected. I do have access to Cpanel through my hosting provider (InMotion Hosting) but don’t have alot of experience! Any advice? Thanks!
Getting several 403 errors triggered by WF Firewall since Oct 19 for a page with an entry form that includes an image upload field, example below
xx.xx.xx.xx - - [19/Oct/2016:00:19:59 +1100] "POST /enter/ HTTP/1.1" 403 226 "http://www.zzz.com/enter/" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Mobile/14A456 Safari/602.1" yy.yy.yy.yy - - [19/Oct/2016:00:20:13 +1100] "POST /?wordfence_syncAttackData=1476796813.81 HTTP/1.1" 200 - "http://www.yourhealthlinkphotocomp.com.au/?wordfence_syncAttackData=1476796813.81" "WordPress/4.6.1; http://www.zzz.com"
I’m seeing several other posts here over the last few days with similar issues around file upload so suspecting your firewall is being overzealous around anything involving uploads from non-admins? Please can you confirm this is likely cause?
Hi, I installed this plugin and now any time I try to do anything in the admin side I just get this error message:
Fatal error: Call to a member function get() on null in /home/timberw1/public_html/timberwoodoffroad.com/wp-content/object-cache.php on line 52
I can’t even get in to uninstall the plugin now, any ideas about what I can do about it?
I suspect there is an infection running amok on a website of a customer: the site is sending a crazy amount of e-mails from the wp-admin folder, over 500/h, and was thus shutdown by the hosting company.
On looking at files I was not able to see anything suspicious myself, so I tried to scan.
Since Monday I have been scanning & scanning, but the scanner keeps stopping at a randomly set limit of 6000-7000 files, on the:
[Oct 20 11:29:13]Scanning for known malware files
[Oct 20 11:29:13]Scanning for unknown files in wp-admin and wp-includes
I have turned off plugin and theme scanning, hoping to scan them separately, but to no avail.
Scans end up just going on and on, kind of like this:
[Oct 20 11:29:07] Contacting Wordfence to initiate scan [Oct 20 11:29:08] Including files that are outside the WordPress installation in the scan. [Oct 20 11:29:08] Getting plugin list from WordPress [Oct 20 11:29:08] Found 20 plugins [Oct 20 11:29:08] Getting theme list from WordPress [Oct 20 11:29:08] Found 4 themes [Oct 20 11:29:13] Scanning comment with Author: dina postolachi Email: firstname.lastname@example.org Source IP: 22.214.171.124 [Oct 20 11:29:13] Checking 1 host keys against Wordfence scanning servers. [Oct 20 11:29:14] Analyzed 100 files containing 1.67 MB of data so far [Oct 20 11:29:14] Analyzed 200 files containing 2.93 MB of data so far [Oct 20 11:29:14] Done host key check. [Oct 20 11:29:14] Scanned comment with Author: dina postolachi Email: email@example.com Source IP: 126.96.36.199 [Oct 20 11:29:15] Analyzed 300 files containing 3.92 MB of data so far [Oct 20 11:29:15] Analyzed 400 files containing 5.86 MB of data so far [Oct 20 11:29:16] Analyzed 500 files containing 6.61 MB of data so far ... [Oct 20 11:29:23] Analyzed 1900 files containing 40.52 MB of data so far [Oct 20 11:29:24] Analyzed 2000 files containing 41.95 MB of data so far ... [Oct 20 11:32:19] Scanning comment with Author Printesa Urbana Email: [edited] Source IP: [edited] [Oct 20 11:32:19] Checking 1 host keys against Wordfence scanning servers. [Oct 20 11:32:20] Done host key check. [Oct 20 11:32:20] Scanning comment with Author Printesa Urbana Email: [edited] Source IP: [edited] [Oct 20 11:23:24] Scanned comment with Author: iheqibaa Email: [edited] Source IP: [edited] [Oct 20 12:28:21] Scanning comment with Author: xyz [edited] Source IP: [edited] [Oct 20 12:28:21] Checking 1 host keys against Wordfence scanning servers. [Oct 20 12:28:22] Done host key check. [Oct 20 12:28:22] Scanned comment with Author: xyz [edited] Source IP: [edited] [Oct 20 12:38:34] Scanning comment with Author: pvhjunqabk [edited] Source IP: [edited] [Oct 20 12:38:34] Checking 6 host keys against Wordfence scanning servers. [Oct 20 12:38:35] Done host key check. [Oct 20 12:38:35] Scanned comment with Author: pvhjunqabk [edited] Source IP: [edited] [Oct 20 12:42:13] Scanning comment with Author: aseyelela [edited] Source IP: [edited] [Oct 20 12:42:13] Checking 4 host keys against Wordfence scanning servers. [Oct 20 12:42:14] Done host key check. [Oct 20 12:42:14] Scanned comment with Author: aseyelela [edited] Source IP: [edited] [Oct 20 12:44:04] Scanning comment with Author: boqvasebic [edited] Source IP: [edited] [Oct 20 12:44:04] Checking 4 host keys against Wordfence scanning servers. [Oct 20 12:44:05] Done host key check.
And so on.
Since Monday I have not had one completed scan.
What can I do?
I am new to Wordfence and am currently evaluating the plugin with the free version, before I commit to purchasing the premium keys.
I installed Wordfence and enabled the WAF as instructed (I am on NGINX + PHP-FPM) — and haven’t really changed any options beyond that. the WAF says it’s in “learning mode” too. Diagnostics page shows no errors.
Things seem to be working fine, except for one thing: post preview for a custom post type has stopped working and returns a 404 error.
The preview link WordPress puts is http://www.atimes.com/?post_type=brief&p=86021&preview=true — but when clicking on it, it redirects to http://www.atimes.com/?post_type=brief&p=86021 (removing preview=true) — and returns a 404 page. So the only way to see the post is AFTER it’s been published.
Just need to understand if Shield and wordfence provide the same solution for WAF.
do I need to install them both on my site?
I have created a custom capability, “manage_wordfence” and I would like to use it to do the following:
1. Allow users with the “manage_wordfence” capability to unblock themselves if they are blocked by one of the defined Wordfence rules.
2. Access all the Wordfence pages, Scan, Live Traffic, ETC.
Thanks for your help and thanks for an awesome plugin for free.
I would like to upgrade to premium version, how ever i would like to know if your software can clean up the redirects to some ads site? every time i clear up cache and try visit my site i get the message checking browser before accessing the site, after clicking a continue button it redirects me to some weird sites sometimes.
i have wordfence and when i scan i see some weird codes that someone hacked to my site. i delete them but after a while they coming back.
what should i do?
I use country blocking and all countries except the USA are blocked. USA is not checked as that’s where I am. When I click on Save I get this
You are about to block your own country. This could lead to you being locked out. Please make sure that your user profile on this machine has a current and valid email address and make sure you know what it is. That way if you are locked out, you can send yourself an unlock email. If you’re sure you want to block your own country, click ‘Confirm’ below, otherwise click ‘Cancel’.
I checked my email and user info and its correct. Why am I getting this and why am I getting blocked out?
I have base64 disabled on my server because of hacker activity. I have wordfence installed on multiple sites on this server, however I only have the problem with 1. On occasion this error shows at the top of the page.
Warning: base64_decode() has been disabled for security reasons in /home/molloy6/public_html/familytireandautoservice.com/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 1353
Warning: base64_decode() has been disabled for security reasons in /home/molloy6/public_html/familytireandautoservice.com/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 1390
And this one when trying to update a post or setting
Warning: Cannot modify header information – headers already sent by (output started at /home/molloy6/public_html/familytireandautoservice.com/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php:1353) in/home/molloy6/public_html/familytireandautoservice.com/wp-admin/post.php on line 197
I have been through the plugin enable/disable routine and have reinstalled Wordfence, but since it only happens seemingly random that is not a viable process.
Can you help please?
I have this error message
Warning: inet_pton(): Unrecognized address in /htdocs/public/www/wp-content/plugins/wordfence/lib/wfUtils.php on line 271
It appears only on certain pages of the web site and in firefox (not in chrome)
A page url is http://www.aitgroup.fr/category/2014/
Do you have any solution ?
Hi, and sorry for my bad english. i’m programing a script for infinitewp for automatize wordfence installations for more 1000 WP in a hosting provider. All work perfect and all is ok, inclusive extendended protection is configured. But i only have a case that cant solve.
If the website have wordfence installed and firewall is in status disabled, i cant find how can i change this status manually. I was looking in wfConfig table but nothing. Htaccess, nothing, .user.ini nothing, wordfence-waf.php nothing
where is stored the firewall status?