- RSS Channel Showcase 6387076
- RSS Channel Showcase 3193879
- RSS Channel Showcase 8403645
- RSS Channel Showcase 8595777
Articles on this Page
- 08/26/16--03:40: _StanLight on "[Plug...
- 08/26/16--03:57: _webby1973 on "[Plug...
- 08/26/16--04:31: _hughforsyth on "[Pl...
- 08/26/16--04:46: _ldeschenes on "[Plu...
- 08/26/16--04:51: _abdorefky on "[Plug...
- 08/26/16--05:07: _henry265 on "I wond...
- 08/26/16--05:32: _bluebearmedia on "[...
- 08/26/16--06:04: _VKWebmaster on "[Pl...
- 08/26/16--08:22: _wfalaa on "[Plugin:...
- 08/26/16--08:26: _lowthian on "[Plugi...
- 08/26/16--08:35: _wfalaa on "[Plugin:...
- 08/26/16--09:06: _wfalaa on "[Plugin:...
- 08/26/16--09:24: _wfalaa on "[Plugin:...
- 08/26/16--09:34: _wfalaa on "[Plugin:...
- 08/26/16--09:49: _wfalaa on "[Plugin:...
- 08/26/16--10:21: _spacetimepartners o...
- 08/26/16--10:25: _nomadicfrog on "[Pl...
- 08/26/16--11:09: _Ed Gifford on "[Plu...
- 08/26/16--14:07: _WFMattR on "[Plugin...
- 08/26/16--14:12: _yukon4 on "[Plugin:...
- 08/26/16--14:27: _yukon4 on "[Plugin:...
- 08/26/16--15:21: _webado on "[Plugin:...
- 08/26/16--19:00: _zsl on "[Plugin: Wo...
- 08/26/16--19:02: _mountainguy2 on "[P...
- 08/26/16--19:17: _nomadicfrog on "[Pl...
- 08/26/16--22:25: _webado on "[Plugin:...
- 08/26/16--23:49: _sanfordandson on "[...
- 08/27/16--02:44: _Kimbert on "[Plugin...
- 08/27/16--02:50: _fengerzh on "[Plugi...
- 08/27/16--02:52: _Kimbert on "[Plugin...
- 08/26/16--05:07: henry265 on "I wonder if wordfence will work on my vps host"
- 08/26/16--10:25: nomadicfrog on "[Plugin: Wordfence Security] Scan won't complete"
- 08/26/16--19:17: nomadicfrog on "[Plugin: Wordfence Security] Scan won't complete"
- 08/27/16--02:44: Kimbert on "[Plugin: Wordfence Security] login I have never seen"
Ignore the above. After clearing page cache and disabling other plugins and using the update at the dashboard level (rather than on the plugins page), it seems to have worked.
I had the same problem today about hiding the debug.log file, it's working using only the file name.
I'm getting a notification "Your configuration for the Wordfence Firewall needs an update to continue operating optimally:" with options to "Click here to update" or "dismiss".
What does clicking this do (at a high level)? Is it just updating config files or is it going to down load some stuff? Is it going to launch a wizard?
I'm just a bit wary of clicking a button without having a rough idea what it's going to do and I can't see anything in the change log. A "What's this?" link to a blog post or support doc would be nice. It seems a bit odd as I'd expect most things to be done as part of plugin updates so am guessing this may be more involved and might require longer downtime.
I have been complaining about that too for some time. See tread https://wordpress.org/support/topic/readmetxt-warnings
but got no answer from Wordfence support.
I also agree, that they should do something about these annoying false alerts.
WORDFENCE ARE YOU LISTENING.
my blog is totally new. and even i can't access this file.
i am new and editing using wordpress editor which doesn't include upgrade.php
my other files should be at my host who allowed me 1 click install.
is there a way to find what made this change.
I've very impressed by all the work Wordfence has done to their plugin. I'm preparing to use the Premium version of Wordfence but there are a few questions I am not clear:
I have a website running on vps using varnish for frontend cache, nginx + php-fpm for source code processing, ngx_pagespeed for optimization. Besides that, I have a paid version of "WP Fastest Cache" for static html caching, a Redis for db caching. Here are my questions:
1. Can I run Wordfence on my website? If yes, Can I use the Falcon Engine? Will it conflict with the "WP Fastest Cache"?
2. I found this link for nginx config in 2014, Does this still works?: https://www.wordfence.com/blog/2014/05/nginx-wordfence-falcon-engine-php-fpm-fastcgi-fast-cgi/
3. Do I have to do other configuration if I use cloudflare Flexible SSL for my site using Wordfence? My site is just a product catalog web and it does not have any online payment in it.
Thank you very much,
Wordfence is simply flagging a difference for your awareness, you can easily ignore it.
I don't believe the software should presume to necessarily know how significant something is (especially if it has no way to determine it) - it simply reports a difference for you to interpret as you see fit!
In my opinion, you run the software, the software doesn't run you....
I really appreciate your feedback, but its still unclear to me whether the firewall is actually working.
I know from inserting debug code
<div style='display:none;'> MyCheck </div>
that my site is loading wordfence-waf.php via a prepend_file directive in .htaccess/.user.ini.
You indicate that this means I should have extended protection. So does a normally working fire wall have a Protection Level: Extended WordPress Protection?
I never see any entries in 'Blocked by Firewall' category of the live traffic view.
Am I really lucky or is this what one would expect.
You can go to (Wordfence > Live Traffic) and Filter traffic with "Blocked by Firewall" then you should be able to see any request that got blocked by Firwewall there, also you can click on "Whitelist param from Firewall" button to whitelist any specific action.
Another way is to choose "Learning Mode" for "Firewall Status" under (Wordfence > Firewall) then try performing the same action you were doing with Vaultpress and the Firewall will learn to whitelist this action in the future, after that you can revert the Firewall Status back to "Enabled and Protecting".
This is what I heard back last night from Dreamhost:
Our security team has reached out to Wordfence directly to discuss the file and why we've flagged it. Still waiting on a final determination. In the meantime, you can manually set 644 permissions on the file, should you receive another "Security Alert" about it. I will keep you updated as I hear more!
Maybe that will help.
I didn't test that myself, but it should be working fine, knowing that you may need change the code mentioned in this article to suit your WordPress installation location, for instance at: (
There are many articles on the internet talking about benchmark results of well-known caching plugins compared to each others (including Wordfence falcon cache), you maybe interested in using google to search for these articles, however, when it comes to caching plugin, I recommend trying every plugin alone on your server and go through all its features for something like a month so you can make a solid decision about it, because there are many other factors over here, including your server configuration and your hosting provider, etc...
Actually, the Firewall will not block the IP address that attempts SQL injection attack, it will only block this attack request, so you can check all these blocked requests by Firewall from (Wordfence > Live Traffic) then set the filter to "Blocked by Firewall" and you will be able to block the IP address from there.
It would be nice if you turned on Enable debugging mode option under (Wordfence > Diagnostics) and run a new scan after that, keep watching for any error message that might appear in the activity log.
Also, take a look at these common reasons that may cause scan not to finish.
Assuming you are not using the premium version, please go to (Wordfence > Scan schedule) and let me know what you have for "Next scan will start at"?
Also, do you have any problem while trying to initiate a manual scan?
It will be helpful if you can go to (Wordfence > Diagnostics => Cron Jobs) and search for "wordfence_start_scheduled_scan" and let me know what you will get.
Please make sure you have the latest Wordfence version on your website, this issue should be fixed in version 6.1.15 released yesterday, after updating run a new scan and let me know how it goes.
I just updated the Wordfence preferences as the plugin requested in the dashboard. I downloaded the backup htaccess and user.ini files and hit the button. After that, I can't login to the dashboard, I just get a 500 error.
Basically I can still access all of the front-end of the site (public or non-admin registered visitors), but none of the back-end of my WP site (wp-admin or "edit page")
I tried changing the plugin folder's name as suggested in the documentation, but to no avail.
Any clues as to how to solve this?
I wasn't aware that I was bumping - I don't post much in these forums, and I was trying hard to follow the rules. In any event I didn't, apparently, bump for 24 hours after my first inquiry with no responses. Anyhow, sorry that I caused a problem, and thank you for chiming in.
I just deleted 4 inactive plugins and then disabled all (13) plugins other than Wordfence. I ran a scan with debugging turned on.
It still seems to hang on scanning for infections and vulnerabilities and Googles Safe Browsing List. The last log entry was, at the time I'm typing this, about 25 minutes ago (everything in the log for the current scan happened within 3 minutes).
I'm not 100% sure what all are error messages, but here are some things that don't sound good. (I've included a few log file lines before and after the error. Let me know if there is a better way to format them here (code? b-quote?)
[Aug 26 12:10:22:1472227822.227509:4:info] Scanning contents: wp-content/uploads/2008/05/MG_1261.jpg (Size:105506B Mem:34.8M)
[Aug 26 12:10:22:1472227822.215027:4:info] Scan process ended after forking.
[Aug 26 12:10:22:1472227822.107055:4:info] Scanning contents: wp-content/uploads/2008/05/MG_1261-590x393.jpg (Size:58831B Mem:34.8M)
[Aug 26 12:10:05:1472227805.610781:2:info] Starting scan of file contents
[Aug 26 12:10:05:1472227805.225725:4:info] Calling Wordfence API v2.23:https://noc1.wordfence.com/v2.23/?v=4.6&s=http%3A%2F%2Fwww.nomadicfrog.com%2Fjournal&k=c793ee73ae51f1b08d90ba13bb2085eb5759c245db9f153222d3ad57407f6c998051abbf710fd3c3e40d10127e09052a05bc03fc1d10e6a1ccd4cc9d3845e6142f33a0e3474181a1d2168dc3d79e8f90&openssl=9469999&phpv=5.2.17&betaFeed=0&cacheType=0&action=get_patterns
[Aug 26 12:10:05:1472227805.220186:10:info] SUM_START:Scanning files for URLs in Google's Safe Browsing List
[Aug 26 12:10:05:1472227805.217446:10:info] SUM_START:Scanning file contents for infections and vulnerabilities
[Aug 26 12:10:05:1472227805.210819:10:info] SUM_ENDOK:Check for publicly accessible configuration files, backup files and logs
[Aug 26 12:10:05:1472227805.199602:10:info] SUM_START:Check for publicly accessible configuration files, backup files and logs
[Aug 26 12:10:05:1472227805.154319:10:info] SUM_ENDOK:Scanning for known malware files
[Aug 26 12:10:05:1472227805.151715:10:info] SUM_ENDOK:Scanning for unknown files in wp-admin and wp-includes
[Aug 26 12:10:05:1472227805.149285:10:info] SUM_ENDOK:Comparing plugins against WordPress.org originals
[Aug 26 12:10:05:1472227805.146811:10:info] SUM_ENDBAD:Comparing open source themes against WordPress.org originals
[Aug 26 12:10:05:1472227805.143694:10:info] SUM_ENDOK:Comparing core WordPress files against originals in repository
[Aug 26 12:10:05:1472227805.142417:2:info] Analyzed 5438 files containing 340.61 MB of data.
[Aug 26 12:10:05:1472227805.128621:4:info] Scanning: /home/content/t/o/r/torchbone/html/journal/xmlrpc.php (Mem:41.8M)
[Aug 26 12:09:55:1472227795.750540:4:info] Scanning: /home/content/t/o/r/torchbone/html/journal/wp-includes/js/jquery/ui/position.min.js (Mem:41.8M)
[Aug 26 12:09:55:1472227795.745240:4:info] Scan process ended after forking.
[Aug 26 12:09:55:1472227795.738623:4:info] Scanning: /home/content/t/o/r/torchbone/html/journal/wp-includes/js/jquery/ui/mouse.min.js (Mem:41.8M)
[Aug 26 12:09:29:1472227769.502749:4:info] Scanning: /home/content/t/o/r/torchbone/html/journal/wp-content/uploads/2015/03/IMG_0722-310x150.jpg (Mem:41.8M)
[Aug 26 12:09:29:1472227769.495055:4:info] Scan process ended after forking.
[Aug 26 12:09:29:1472227769.275608:4:info] Scanning: /home/content/t/o/r/torchbone/html/journal/wp-content/uploads/2015/02/MG_8618.jpg (Mem:41.8M)
[Aug 26 12:09:02:1472227742.975689:4:info] Scanning: /home/content/t/o/r/torchbone/html/journal/wp-content/uploads/2014/05/neal_parent_003_crop-310x150.jpg (Mem:41.8M)
[Aug 26 12:09:02:1472227742.965567:4:info] Scan process ended after forking.
[Aug 26 12:09:02:1472227742.942900:4:info] Scanning: /home/content/t/o/r/torchbone/html/journal/wp-content/uploads/2014/05/neal_parent_003.jpg (Mem:41.8M)
[Aug 26 12:08:34:1472227714.612388:4:info] Scanning: /home/content/t/o/r/torchbone/html/journal/wp-content/uploads/2013/04/dawson_fractured_002-310x150.jpg (Mem:42.2M)
[Aug 26 12:08:34:1472227714.602776:4:info] Scan process ended after forking.
[Aug 26 12:08:34:1472227714.596034:4:info] Scanning: /home/content/t/o/r/torchbone/html/journal/wp-content/uploads/2013/04/dawson_fractured_002-213x300.jpg (Mem:42.2M)
As for .htaccess file(s) - I am currently trying to delete 6GB of other non-Wordpress stuff from my server, which is taking forever, and when it's done I'll search for all .htaccess files.
Looks like configCache.php was removed in 6.1.15 in favor of some other caching mechanism.
This option will take you to a page similar to the original firewall optimization -- you'll be given a button to download .htaccess as a backup, and then another button for the .htaccess file to be updated. The change should take effect immediately, but we generally prompt for making a backup like this before making .htaccess changes.
The actual change is just removing the suPHP_ConfigPath line that appears inside the "# Wordfence WAF" section of the .htaccess file -- on some hosts, this would override a default value, so it's no longer used by the firewall setup. (This update only occurs on sites using suPHP that were set up with an earlier version of the firewall, a few versions back.)
I'm experiencing a very strange issue - - and it is especially strange because apparently I am the only one having these issues!
We had Wordfence installed on http://trainortri.com
I hadn't worked on the pages in many months. When I attempted to login yesterday, I received an "Access Denied" page, generated by Wordfence. I followed the instructions to get the "Unlock Email". I got the email, followed the instructions, and it made no difference.
I continued with instructions on FAQ page, renaming our copy of Wordfence - - no difference. Today, I DELETED the Wordfence plugin altogether and I STILL receive the Access Denied message "from Wordfence". Per our host, I've rebooted my computer, rebooted my router, all to no avail. The odd thing is, when I try to login from my iPhone using the cellular service (NOT Wi-Fi network) -- I also get the Access Denied on there too.
It makes no sense!? Please - have we been hacked in a really insidious way? The owner of the site reports that customers have not complained and have been able to book appointments successfully, etc. Why just ME? How am I still getting Wordfence notices even after Wordfence has been DELETED?
I hope somebody has some idea!! Thanks a bunch.
When I requested the "Unlock Email" - - this is what I received. It was "from" Wordpress:
Either you or someone else at IP address 188.8.131.52 requested instructions to
regain access to the website Train-or-Tri.
Request was generated at: Thursday 25th of August 2016 at 07:57:02 AM
If you did not request these instructions then you can safely ignore them.
These instructions will be valid for 30 minutes from the time they were sent.
Click here to unlock your ability to sign-in and to access to the site. Do this if you simply need to regain access because you were accidentally locked out.
Click here to unblock all IP addresses. Do this if you still can't regain access using the link above. It causes everyone who is blocked or locked out to be able to access your site again.
Click here to unlock all IP addresses and disable the Wordfence Firewall and Wordfence login security for all users. Do this if you keep getting locked out or blocked and can't access your site.
You can re-enable login security and the firewall once you sign-in to the site by visiting the Wordfence options menu and checking the boxes under advanced options to enable the firewall and login security.
Is the above an authentic letter "from Wordfence" or did I foolishly fall into some hacking scheme? In any event, clicking those links didn't do a thing, and deleting Wordfence didn't do a thing either. We are hosted at 1and1 which I realize is probably a bad idea.
Today I've had a huge number of attempts at logging into my WP site, all blocked by WF, thank goodness.
But I cannot help but worry about the tables of blocked IPs somehow growing huge and maybe overflowing. No idea what the limits may be. I've optimized the database a few times before as the overheads on some tables were huge.
All is completely up-to-date, core WP, plugins and themes.
In the recent past when I've noticed such a huge increase in attacks it has been followed by a flurry of updates, for core WP and certain plugins, so I'm wondering what's brewing. What are the hackers trying ? Are they trying to get my database to stall?
Yes, please fix this.
It's indeed gotten ridiculous. I just noticed a surge in attack volume here on my sites... I wouldn't worry about the size of the tables, but consider doing some blocking in your .htaccess file or even at the server level if you have access or can get your host to help. Country blocking is also a key ingredient if you don't need traffic from China, or Nigeria, or whatever...
If it was a DDOS attack (getting your database to stall) you know it, but if your hosting has limited bandwidth just the sheer volume of bots can have the same effect as a deliberate DDOS. I've had that happen.
The whole situation is incredibly lame. Thanks to Wordfence more people are learning just how bad it is, and also getting help to not be victimized.
At the risk of bumping, here's more info about .htaccess files. I think there are five of them within the Wordpress installation folder (which back then I named "journal")
I don't know much about these files. Can I safely delete them? Do you want the contents of them here to see if there is a problem? I don't know what to do, if anything.
Should I also be checking outside of the Wordpress installation?
I don't like blocking whole countries. I know most of those attempts are through proxies, from disused, abandoned servers. Literally from all over the globe.
At one time I was trying to collect the IPs reported by WF and block them in the .htaccess file but it's gotten way too messy. I have thousands now.
When I tried to updated WordFence to 6.1.15 (from the WordPress Plugins page), the update failed. Using Windows 7. Sites are hosted at WestHost (don't know if it is a Unix server or Windows server). The same failure occurred on TWO different WordPress websites. The error I am getting is:
in my live on Wordfence,
I saw in another thread that it comes when you have been logged out and you log in again
Second this suggestion, and reply here to know when it is implemented.
Thank you WFalaa
I had not programmed the scans, but now I have now,
I was a bit surprised to see that it hadn't scanned since the 5th
on another tangent :
I found that after downloading ecards I got tons of spam and there is a guy from ukraine stalking...at least that is what I feel and observing.
I keep on getting notices to update this plugin that I have deactivated and don't know how to stop their threads from coming up in my email.
They don't show up in my profile threads,
I am also getting emails from prozaic dot org
this is just another path I am on at the moment ! trying to resolve