How to whitelist AWS?

June 26, 2018, 1:41 pm

≫ Next: cross contamination

≪ Previous: Whitelisted IP still being blocked from logging in

$

0

0

Replies: 0

I need to connect another service to my WordPress via xmlrpc.php.

However, I have disabled all xmlrpc.php in Wordfence.

Currently, the service is failing to connect with error 503.

The service uses rotating IPs via Amazon Web Services. I need to whitelist all of its us-east-1 IPs. I know these are made available at https://ip-ranges.amazonaws.com/ip-ranges.json

However, when I paste the IPs in to the box “Whitelisted IP addresses that bypass all rules”, still the service is blocked. Heck, even when I find the IP in Live Traffic and unblock it, it still gets blocked next time.

---

cross contamination

June 27, 2018, 4:38 am

≫ Next: WP 0-day

≪ Previous: How to whitelist AWS?

$

0

0

Replies: 1

I have wordfence installed on several sites. Google sent me a warning regarding one with a lot of 500 errors

When I go there, I see an error message that refers to a wordfence install on another site of mine that is hosted with another hosting company!

Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0

Fatal error: Unknown: Failed opening required ‘/home/XXXXX/public_html/wordfence-waf.php’ (include_path=’.:/opt/alt/php56/usr/share/pear:/opt/alt/php56/usr/share/php’) in Unknown on line 0

I uploaded a new copy of WP with no effect, I have deleted .htaccess.

Still no jo

I have not come across this or anything like it before.

The second site is fine and appears to be functioning normally

WP 0-day

June 27, 2018, 5:54 am

≫ Next: Conflict with “Really Simple SSL” plugin??

≪ Previous: cross contamination

$

0

0

Replies: 0

I am curious if wordfence would protect against this?
http://www.hackbusters.com/news/stories/3268636-unpatched-wordpress-flaw-gives-attackers-full-control-over-your-site

Conflict with “Really Simple SSL” plugin??

June 27, 2018, 6:04 am

≫ Next: Wordfence could not register with the Wordfence scanning servers

≪ Previous: WP 0-day

$

0

0

Replies: 0

Yesterday I installed a LetsEncrypt certificate and then ran the “Really Simple SSL” plug-in. And set some 301s from http to https. Everything looked fine–all pages displayed properly including showing “secure.”

This morning my home page was not displaying properly and while the other pages did display correctly, everything was labelled as “insecure.”

While it is entirely possibly I messed up somewhere, I noticed that overnight my site installed Wordfence 7.1.8. When I rolled back to 7.1.7, my site returned to normal, including showing “secure.”

Any thoughts/suggestions?

Thanks

Wordfence could not register with the Wordfence scanning servers

June 27, 2018, 6:06 am

≫ Next: How to see countries

≪ Previous: Conflict with “Really Simple SSL” plugin??

$

0

0

Replies: 0

Hi,

I tried to activate wordfence on the site https://linfotoutcourt.com/, but I still have the “Wordfence could not register with the Wordfence scanning servers when it activated” error.

I deactivated/reactivated the plugin, with and without giving the permission of erase tables in database to wordfence, but the error is still here.

By going in the diagnostic page, here are the errors that are reported :

Checking if web server can read from ~/wp-content/wflogs
File "wafRules.rules" does not exist
Checking if web server can write to ~/wp-content/wflogs
File "wafRules.rules" does not exist

Checking OpenSSL version
OpenSSL 0.9.8o 01 Jun 2010 (0x9080ff)

wp_remote_post() test to noc1.wordfence.com failed! Response was: cURL error 35: Unknown SSL protocol error in connection to noc1.wordfence.com:443
Connecting back to this site
wp_remote_post() test back to this server failed! Response was: 500 Internal Server Error
This additional info may help you diagnose the issue. The response headers we received were:

wp_remote_post() test to noc1.wordfence.com failed! Response was: cURL error 35: Unknown SSL protocol error in connection to noc1.wordfence.com:443
Connecting back to this site
wp_remote_post() test back to this server failed! Response was: 500 Internal Server Error
This additional info may help you diagnose the issue. The response headers we received were:

HTTP/1.1 500 Internal Server Error
Set-Cookie: mailplanD=R3246811367; path=/; expires=Wed, 27-Jun-2018 13:02:13 GMT
Date: Wed, 27 Jun 2018 12:54:50 GMT
Server: Apache
X-Powered-By: PHP/5.6.36
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: private, must-revalidate
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
X-IPLB-Instance: 17302

How can I solve that ?

thanks

• This topic was modified 3 minutes ago by facem Web.
• This topic was modified 2 minutes ago by facem Web.

How to see countries

June 27, 2018, 8:07 am

≫ Next: include_once failed to open stream on line 305

≪ Previous: Wordfence could not register with the Wordfence scanning servers

$

0

0

Replies: 0

Hi

Whilst this forum is for the free version, I just cannot find where on the paid version the countries that are blocked. I know how to block them, but cannot see a log.

Eg I could do with seeing what countries I have blocked and which are trying to access website, say a list of which countries with block counts.

with the free version I used to see a list of blocked countries.

thanks

include_once failed to open stream on line 305

June 27, 2018, 8:48 am

≫ Next: Failure: Custom Scan file contents for backdoors, Trojans and suspicious code

≪ Previous: How to see countries

$

0

0

Replies: 0

If I go to my site using “https://expedraft.com”, it works fine. But if I (or others in my office) try to go to it just using “expedraft.com”, we get a series of warnings:

Warning: include_once(<snip>/wp-content/plugins/wordfence/wordfence.php): failed to open stream: No such file or directory in /home/nbranning/expedraft.com/wp-settings.php on line 305

Warning: include_once(): Failed opening '<snip>/wp-content/plugins/wordfence/wordfence.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in <snip>/wp-settings.php on line 305

Warning: strpos(): Empty needle in <snip>/wp-includes/plugin.php on line 658

The last warning is repeated about 30 times.

I deactivated, deleted, then reinstalled and reactivated Wordfence, but it didn’t solve the problem. Any ideas?

• This topic was modified 31 minutes ago by jayrenn.

Failure: Custom Scan file contents for backdoors, Trojans and suspicious code

June 27, 2018, 9:13 am

≫ Next: Wordfence blocks Vaultpress helper script

≪ Previous: include_once failed to open stream on line 305

$

0

0

Replies: 0

Hello,

I have run into a scan failure. It has happened few times earlier too, only this time I pursued it and was able to isolate the source of the ‘scan fail’ to one particular test i.e. “Scan file contents for backdoors, Trojans and suspicious code”. The failure message says something as ‘Looks like the scan failed’

Here’s how I tested: I kept adding scan option incrementally (except High Sensitivity) and all scans were successful. When I finally added the option to “Scan file contents for backdoors, Trojans and suspicious code” – the scan failed. Next, I deselected all other options but “Scan file contents for backdoors, Trojans and suspicious code”. Yet, the scan failed. The last seen (before failure) scan rate (with only one option selected) was about 13500 files per 13.65 seconds.

My site is on a shared server, with Apache + Fast CGI PHP option (optimized firewall). To fix the problem, I have tried the recommended steps such as increasing the Wordfence Threshold in wp-config file to 600 seconds, selecting the performance option with max time set to 15, etc. I have even manually removed the plugin (per Wordfence guidelines) and reinstalled it afresh. So far, nothing has worked.

Could this be a bug? If not, can someone here please advise how to resolve this? I am happy to provide more information as required.

Thank you,

---

Wordfence blocks Vaultpress helper script

June 28, 2018, 6:46 am

≫ Next: Stolen website with my install of Wordfence still active.

≪ Previous: Failure: Custom Scan file contents for backdoors, Trojans and suspicious code

$

0

0

Replies: 0

I am trying to restore my site from a backup using Vaultpress, but it fails every time. My host says everything is fine. Vaultpress said they get this this message as their connection to the VaultPress helper script on my site is cut off:

‘403 Forbidden

A potentially unsafe operation has been detected in your request to this site.

Generated by Wordfence at Wed, 27 Jun 2018 17:59:14 GMT’

How can I fix this so I can use Vaultpress to restore my site?

Stolen website with my install of Wordfence still active.

June 28, 2018, 8:06 am

≫ Next: OTF Fonts fail scan

≪ Previous: Wordfence blocks Vaultpress helper script

$

0

0

Replies: 0

Hello,
I know this sounds weird.
I was work for hire and upon completed website and launched live to the deadbeat client’s server he refuses to pay final invoice for completed work.
He demanded I remove the website from his server which I did.
His hosting then preformed a restore of a back up and gave him the website locking me out.
This is a big mess.
I am getting flooded with notification emails from Wordfence plugin installed on beachdollar.com.
I have notified his hosting of this with no reply.
I am blocked from this website by the Wordfence I installed.
The license number is 1a01788c64b0d565ba691eee2844fd76ba9eb58c97f32ac554e7d6f1061352e0ac5f3690f69b71bb0e9e90354271dc21a10e0d38bae17b78037f45195304f34a348c1106ac8136a06325cb0c2fa76ca7

Can you help stop the wordfence notifications coming to my email from your plugin inside this website?

It kind of annoying to get spammed from my own stolen website.

Thank you for your help,
Kenny

OTF Fonts fail scan

June 28, 2018, 8:27 am

≫ Next: configure From address for email alerts

≪ Previous: Stolen website with my install of Wordfence still active.

$

0

0

Replies: 0

Wordfence delivered this error message to me yesterday.

Wordfence found the following new issues on “L.W. Schneider”.

Alert generated at Wednesday 27th of June 2018 at 06:51:48 AM

See the details of these scan results on your site at: https://lws.impactpreview.com/wp-admin/admin.php?page=WordfenceScan

Warnings:

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-Black.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-BlackItalic.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-Bold.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-BoldItalic.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-ExtraBold.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-ExtraBoldItalic.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-ExtraLight.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-ExtraLightItalic.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-Light.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-LightItalic.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-Medium.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-MediumItalic.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-Regular.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-RegularItalic.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-SemiBold.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-SemiBoldItalic.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-Thin.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/Metropolis-ThinItalic.otf

* Unknown file in WordPress core: wp-includes/fonts/metropolis/SIL Open Font License.txt

configure From address for email alerts

June 28, 2018, 10:31 am

≫ Next: Scans failing

≪ Previous: OTF Fonts fail scan

$

0

0

Replies: 0

Hi, I’ve just noticed that email notifications (for Wordfence) from my dev WordPress install are being blocked.
They show an odd “from” address, essentially like wordpress@my.dev.server (not the real hostname), instead of using the email configured in the WordPress general settings.
Where does that come from, and how can I fix it?

Scans failing

June 28, 2018, 7:01 pm

≫ Next: Malicious File Warning For Supercache

≪ Previous: configure From address for email alerts

$

0

0

Replies: 0

Are you having issues with scans at the server end today? I’ve run scans on 2 sites on different servers and both have failed with the “Scan Failed – The current scan looks like it has failed” message, even after adding define('WORDFENCE_SCAN_FAILURE_THRESHOLD', 900);
to my wp-config. It’s also been talked about in at least one Facebook group so it’s not just me having problems.

Thanks.

Malicious File Warning For Supercache

June 28, 2018, 9:25 pm

≫ Next: Prevent registering ‘Admin’ doesn’t work

≪ Previous: Scans failing

$

0

0

Replies: 0

Hello all,

During recent scan, a file generated by cache plugin found infected.

File appears to be malicious: wp-content/cache/supercache/www.saklikumanda.com/marvel-sinematik-evrenindeki-kadin-kahraman-sayisi-artacak/index.html
Type: File
Found 29 June 2018 04:41
Critical

File appears to be malicious: wp-content/cache/supercache/www.saklikumanda.com/marvel-sinematik-evrenindeki-kadin-kahraman-sayisi-artacak/index-mobile.html
Type: File
Found 29 June 2018 04:41
Critical.

Are they really infected or just false positive?

Also, I cant delete thess files. It says invalid file was requested for deletion.

Prevent registering ‘Admin’ doesn’t work

June 29, 2018, 3:27 am

≫ Next: ?wordfence_lh=1&hid=

≪ Previous: Malicious File Warning For Supercache

$

0

0

Replies: 0

Hi

As per the title, the option prevent registering Admin doesnt appear to work.

(Running latest wordpress, woocomerce and wordfence)

I noticed a user was able to register the user name Admin. I manually changed their username through the wp database.

I then tried manually adding a user with the username admin and I wasn’t prevented form doing so?

Could you please advise.

Thanks

---

?wordfence_lh=1&hid=

June 29, 2018, 6:12 am

≫ Next: Separate Whitelist for Rate Limiting

≪ Previous: Prevent registering ‘Admin’ doesn’t work

$

0

0

Replies: 0

Over the last few days, Google Search Console has started to report many crawl errors for pages on my site. All of them have URLs in this format:

http://sitename.com/?wordfence_lh=1&hid=38C0A4DF8C7B028EC7512FF653E4858D

There are currently 160, all with a different string at the end.

What are these and how can I suppress them or suppress Google indexing them, please?

Mike

Separate Whitelist for Rate Limiting

June 29, 2018, 7:13 am

≫ Next: Incorrect login attempt produces 502 Bad gateway

≪ Previous: ?wordfence_lh=1&hid=

$

0

0

Replies: 0

Dear Wordfence Team

I’m the developer of a Link Checker and Sitemap Generator plugin for WordPress. Both plugins use an external crawler, operated by me, to do their job.

Sadly the crawler often triggers the Wordfence rate limit and thus cannot do its job.

A workaround for my users would be to whitelist my crawler with the “Whitelisted IP addresses that bypass all rules” option. However, this wouldn’t be a good solution from a security point of view.

It might be better to have a separate whitelist just for rate limiting. Is such a whitelist something you might consider implementing in a future version of Wordfence?

Thank you in advance.

Best regards
Marco

Incorrect login attempt produces 502 Bad gateway

June 29, 2018, 8:54 am

≫ Next: Wordfence Deactivating Automatically?

≪ Previous: Separate Whitelist for Rate Limiting

$

0

0

Replies: 0

Hi,

when I type in an incorrect login (username), the page produces a 502 error. When I deactivate wordfence, the page just redirects to itself informing me about incorrect username.

I tried turning off Immediately lock out invalid usernames”, but no change.

Can you replicate the problem and advise please?

Problem page> https://gabibags.sk/moj-ucet/

thanks,
Lukas

Wordfence Deactivating Automatically?

June 29, 2018, 11:45 am

≫ Next: Site not Displaying again after transferring between hosts

≪ Previous: Incorrect login attempt produces 502 Bad gateway

$

0

0

Replies: 0

Hello,

I have received for the second time the following email, stating the plugin has been deactivated:

This email was sent from your website “Kevin Maschke” by the Wordfence plugin at Friday 29th of June 2018 at 06:23:37 PM
The Wordfence administrative URL for this site is: https://www.kevinmaschke.com/wp-admin/admin.php?page=Wordfence
A user with username “Kevin Maschke” deactivated Wordfence on your WordPress site.
User IP: 192.0.86.188
User hostname: 192.0.86.188
User location: Richardson, United States

I’m from Europe, not from the US and that IP is not part of my network.. When I receive these emails, I login and the plugin is not only deactivated but deleted. I’ve changed my password twice and there’s even a server side password to access the admin page.

Any idea on how to prevent this?

Thanks!

Site not Displaying again after transferring between hosts

June 29, 2018, 1:18 pm

≫ Next: User locked out from signing in

≪ Previous: Wordfence Deactivating Automatically?

$

0

0

Replies: 0

Hello, after transferring my website to another host account, it stopped displaying and contacting my host provider and checking error log, I learnt wordfence triggered the issue and all effect to solve the issue proves abortive. I have deleted the plugin folder from backend but my website won’t come up still.