Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all 33161 articles
Browse latest View live

Question about Subdomains

July 9, 2018, 8:49 am
$
0
0

Replies: 0

Hey i have Wordfence installed on my Main domain and on a subdomain and also extended Firewall enabled.
FTP is like: w011111c/maindomain
w011111c/subdomain

And on the main domain and subdomain wordfence is installed.

So do i have to enable the firewall first on the subdomain and after on the maindomain? There was something about when i first installed the firewall
What else do i have to watch for when i want to have it installed on my main domain and subdomain?
Thank you

Search

Email From Wordfence initiated Attack

July 9, 2018, 10:57 am
$
0
0

Replies: 0

I received an email alert as the result of a recent scan by Wordfence this morning. see below
__
This email was sent from your website “” by the Wordfence plugin.

Wordfence found the following new issues on “”.

Alert generated at Monday 9th of July 2018 at 03:35:33 AM

See the details of these scan results on your site at: https:// LEFT BLANK /wp-admin/admin.php?page=WordfenceScan

Critical Problems:

* File appears to be malicious: wp-content/plugins/js_composer/include/autoload/vendors/wpml.php

* File appears to be malicious: wp-content/plugins/wordfence/views/onboarding/overlay.php

After I clicked the link as directed in the email I was brought to my websites admin view of the recent results from the scan. There were 7 Critical files listed. I usually never delete files from this location but rather from my server after inspecting them. However in this case one of the Critical Problems clearly stated that it was a known virus so I deleted it from the Wordfence location. My website immediately returned a 500 error. After logging into my server and locating the issue I am left confused because it appears to be an attack from wordfence. see below
_
/?wordfence_syncAttackData=1531141302.45

Any guidance would be greatly appreciated.

Unable to Optimize Firewall v7.1.8

July 9, 2018, 11:02 am
$
0
0

Replies: 0

Hello!

I get the following error:

“The Wordfence Web Application Firewall cannot run. The configuration files are corrupt or inaccessible by the web server, which is preventing the WAF from functioning. Please verify the web server has permission to access the configuration files. You may also try to rebuild the configuration file by clicking here. It will automatically resume normal operation when it is fixed.”

After “clicking here”, I click on “Enable Firewall” and get the following error:

“An error occurred while saving the configuration”

Also, I’ve tried making changes and cannot click on Save Changes button (only Restore Defaults – which doesn’t work either).

I have complete access to WHM & cPanel yet have no idea what’s going on. My host is not Siteground. I took a look at the support docs and willing to make adjustments with your guidance. However, an upgrade to Easy Apache 4 was done last night which may have overridden settings / permissions.

I thought maybe deleting the plugin and reinstalling it might work – but when I put in the IP address for host, it can’t authenticate the FTP connection to complete the deletion process. Everything works just fine when using FileZilla FTP. Please advise.

Thanks in advance for your help.

Different Admin User IP sign in using same credentials

July 3, 2018, 10:21 am
$
0
0

Replies: 2

Hi,

I just wanted to know if let’s say I log into a site with wordfence installed using another IP address as say for example, I am in another country while accessing the site or I am using a VPN, in which case the IP address will be different, will wordfence block the access?

Regards

Email From Wordfence initiated Attack

July 9, 2018, 10:57 am
$
0
0

Replies: 0

I received an email alert as the result of a recent scan by Wordfence this morning. see below
__
This email was sent from your website “” by the Wordfence plugin.

Wordfence found the following new issues on “”.

Alert generated at Monday 9th of July 2018 at 03:35:33 AM

See the details of these scan results on your site at: https:// LEFT BLANK /wp-admin/admin.php?page=WordfenceScan

Critical Problems:

* File appears to be malicious: wp-content/plugins/js_composer/include/autoload/vendors/wpml.php

* File appears to be malicious: wp-content/plugins/wordfence/views/onboarding/overlay.php

After I clicked the link as directed in the email I was brought to my websites admin view of the recent results from the scan. There were 7 Critical files listed. I usually never delete files from this location but rather from my server after inspecting them. However in this case one of the Critical Problems clearly stated that it was a known virus so I deleted it from the Wordfence location. My website immediately returned a 500 error. After logging into my server and locating the issue I am left confused because it appears to be an attack from wordfence. see below
_
/?wordfence_syncAttackData=1531141302.45

Any guidance would be greatly appreciated.

  • This topic was modified 1 hour, 21 minutes ago by 100chips.

Wordfence Premium disappeared from admin panel

July 10, 2018, 12:37 am
$
0
0

Replies: 0

Hello

The Wordfence (premium) plugin simply disappeared from the admin panel.
The reinstall failed with the error “Directory already exist”

I have the automatic update activated for this plugin.

Before removing the target directory, do you have any idea to help investigating what’s going on ?

Thanks a lot in advance.

Best regards,

Jef

Error 500 on Wordfence wfWAFUserIPRange

July 10, 2018, 7:34 am
$
0
0

Replies: 0

Got the following error on one of our many websites with wordfence:

[Tue Jul 10 16:02:39.999829 2018] [:error] [pid 16394] [client xx.xx.xx.xx:58836] PHP Fatal error: Uncaught Error: Call to undefined method wfWAFUserIPRange::_sanitizeIPRange() in /home/xxxxxx/domains/xxxxxx.nl/public_html/wp-content/plugins/wordfence/waf/wfWAFUserIPRange.php:256\nStack trace:\n#0 /home/xxxxxx/domains/xxxxxx.nl/public_html/wp-content/plugins/wordfence/waf/wfWAFUserIPRange.php(17): wfWAFUserIPRange->setIPString(‘172.16.52.116’)\n#1 /home/xxxxxx/domains/xxxxxx.nl/public_html/wp-content/plugins/wordfence/waf/bootstrap.php(210): wfWAFUserIPRange->__construct(‘172.16.52.116’)\n#2 /home/xxxxxx/domains/xxxxxx.nl/public_html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php(1918): wfWAFWordPressObserver->beforeRunRules()\n#3 /home/xxxxxx/domains/xxxxxx.nl/public_html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php(204): wfWAFEventBus->beforeRunRules()\n#4 /home/xxxxxx/domains/xxxxxx.nl/public_html/wp-content/plugins/wordfence/waf/bootstrap.php(607): wfWAF->run()\n#5 /home/xxxxxx/domains/xxxxxx.nl/public_html/wordfence-waf.php(6): include in /home/xxxxxx/domains/xxxxxx.nl/public_html/wp-content/plugins/wordfence/waf/wfWAFUserIPRange.php on line 256

This was resulting in a 500 error.
After disabling wordfence all was good.
Enabled Wordfence after some research about 10 minutes later. All was good again.

Any idea what happened?

Thanks,
Rogier

Wordfence Jquery Plugin Conflict Issue

July 10, 2018, 11:15 am
$
0
0

Replies: 0

There’s a conflict with jQuery 3.3.1 and wordfence.

I get this error in the console whenever I have jQuery 3.3.1 active:

$(…).wfselect2 is not a function.

https://imgur.com/a/VwN43yH

I haven’t tested other versions of jQuery yet. Unsure what my options are?

Search

Import or not wp_wf* tables when migrating data from staging to live db

July 10, 2018, 10:44 pm
$
0
0

Replies: 0

Hi, I need your help.

I want to migrate a WordPress DB in the staging server to the live server.
Here is the procedure I am going to apply.

`
1. export the staging DB to my local
2. download the theme files(which changed) in staging server
3. replace domain text from staging domain to live domain in the dump SQL(made in step 1)
4. display maintenance screen for live site
5. delete the production tables
6. import the staging DB dump to the live DB
7. hide maintenance screen then show live site again
`

So my question is, … do I have to export and replace text wp_wf* tables ?
Both my staging site and live site have Wordfence plugin.

By my understanding, wp_wf* tables does not have dependencies with WordPress post data.So the wp_wf* tables in staging and live database should be separated.

Is this right?

Thanks.

Tables Lock

July 11, 2018, 1:41 am
$
0
0

Replies: 0

I use Cloudways Hosting, and they a take a backup every my server every 14 days. About a week ago this failed (and every day since as it retries). There are a number of domains on the server. All have the free version of Wordfence, some with the firewall enabled, some with it disabled. Deactivating Wordfence enabled the backups to run, so I let the backups run and the activated Wordfence again on all the domains. Then I tried a manual backup and it failed. Cloudways tech support said that the tables are locked. Is this a new Wordfence option, as I don’t see it in the dashboard?

Unable to Optimize

July 11, 2018, 8:08 am
$
0
0

Replies: 0

I am running through the first-time configuration and it is unable to optimize.

I’m getting the error “We were unable to create the wordfence-waf.php file in the root of the WordPress installation. It’s possible WordPress cannot write to the wordfence-waf.php file because of file permissions. Please verify the permissions are correct and retry the installation.”

I know the permissions are correct as other plugins are able to create files in the root directory.

Please let me know what I can try next.

Non-Admin Gutenberg users Getting Blocked

July 11, 2018, 12:45 pm
$
0
0

Replies: 0

As title suggests, when non-admin users attempt to create posts in Gutenberg, wordfence firewall is blocking it. Since Gutenberg will be taking over soon – this should be addressed.

“was blocked by firewall for WordPress 4.7.0-4.7.1 – Authentication Bypass”

Whitelisting only works on a per post basis.

auto_prepend_file incorrect

July 11, 2018, 4:11 pm
$
0
0

Replies: 0

The auto_prepend_file value shown when I try to configure the firewall is incorrect. How do I change it? … hold it … I found out how to configure manually.

  • This topic was modified 3 minutes ago by .

No email alert when IP is blocked

July 11, 2018, 11:03 pm
$
0
0

Replies: 1

I am not receiving any email alert when an IP is blocked even though I have turned on the option: “Alert when an IP address is blocked”.

I have added URL under the option “Immediately block IPs that access these URLs”. I then visited that URL and I was indeed blocked. I then checked and confirmed that my IP is indeed being blocked. However, I did not receive any email alert.

I have Post SMTP plugin installed, the plugin’s email log did not capture any email sent. But strangely all this while and even after writing this, I have no problem receiving Wordfence’s emails regarding admin logins ,deactivating of Wordfence, or warnings about some plugins not up to date. In addition, all these alerts were captured by the plugin’s email log, but I am unable to find any emails’ log regarding IP being blocked being sent.

Hacked site not scanning

July 12, 2018, 4:11 am
$
0
0

Replies: 0

Hi there,

a couple of my sites I’m administering has been hacked, and it would also seem I can’t complete the scan on those sites. Here is the output I get: 

Scan terminated with error: Scan can't continue - stored data not found after a fork.
[Jul 12 22:12:59]  Notice: Undefined index: server in /home/[account]/public_html/wp-content/plugins/wordfence/models/scanner/wfScanner.php on line 623 Notice: Undefined index: started in /home/[account]/public_ht

Thanks.

Search

Wordfence 7.1.9

July 12, 2018, 8:54 am
$
0
0

Replies: 0

Greetings all. We have a point release for Wordfence today, version 7.1.9. Please update as soon as you are able.

  • Improvement: Added an “unsubscribe” link to plugin-generated alerts.
  • Improvement: Added some additional flags.
  • Change: Removed some unnecessary files from the bundled GeoIP library.
  • Change: Updated wording in the Terms of Use/Privacy Policy agreement UI.
  • Change: The minimum “Lock out after how many login failures” is now 2.
  • Change: The diagnostics report now includes the scan issues for easier debugging.
  • Fix: Multiple improvements to automatic updating to avoid broken updates on sites with low resources or slow file systems.
  • Fix: Better text wrapping in the top failed logins widget.
  • Fix: Onboarding CSS/JS is now correctly enqueued for multisite installations.
  • Fix: Fixed a missing asset with the bundled jQueryUI library.
  • Fix: Fixed memory calculation when using PHP’s supported shorthand syntax.
  • Fix: Better wrapping behavior on the reason column in the blocks table.
  • Fix: Fixed an issue with an internal data structure to prevent error log entries when using mbstring functions.
  • Fix: Improved bot detection when no user agent is sent.

Thanks everyone for great comments and suggestions. Send any of those you might have to feedback@wordfence.com and someone will get back to you.

Keep in mind, the feedback address is not a place to request support. Also, no support questions will be answered in this thread. Free support requests can be posted at https://wordpress.org/support/plugin/wordfence. Our premium customers can open a ticket at http://support.wordfence.com.

Received error upon updating to latest version

July 12, 2018, 9:59 am
$
0
0

Replies: 1

Hello, I’m a premium member and upon just this latest update I received this:

The plugin wordfence/wordfence.php has been deactivated due to an error: Plugin file does not exist.

I looked in my ftp and they are correct lol, there’s nothing there! What steps should I take to correct this?

Thank you!

Wordfence blocking new users from logging in

July 12, 2018, 12:22 pm
$
0
0

Replies: 0

Hi,
I’ve had some users complain they can’t register and sign in. Their password doesnt work so they reset it still doesn’t work. They might lock themselves out so I unblock in Wordfence. Now I tried it myself. Create a new account and I cannot login. The password is wrong. So I reset the password. error:”Password is invalid.”. I’ve tried this over and over but the new password doesn’t seem to take even if I reset the password in the WP backend. The account is not getting blocked, I’m not sure what the problem is. Any suggestions?

WordFence not displaying well at Admin side after installation

July 12, 2018, 2:40 pm
$
0
0

Replies: 0

I can’t even continue installation. The page layout appears distorted. See Image
It happens immediately after activating. I had Wordfence without any problems but removed it a few months ago and I currently am installing again.

My wordpress website not installing

July 12, 2018, 10:38 pm
$
0
0

Replies: 0

I have awordpress website. 2 days ago it was hacked. now i recovered it and installed wordfence plugin. Yesterday i sow mismatch in my site. and i have deleted all file as well as database . I want to reinstall. I cleaned public_html it show index of. But the problem is that when i upload wordpress files again. it show “This page isn’t working
dailysomoynews.com is currently unable to handle this request.
HTTP ERROR 500″ I checked error log files and show message ” [13-Jul-2018 05:06:03 UTC] PHP Fatal error: Unknown: Failed opening required ‘/home/dailysomoynews58/public_html/wordfence-waf.php’ (include_path=’.:/opt/cpanel/ea-php56/root/usr/share/pear’) in Unknown on line 0 ”

waht is the problem ? And how can i install wordpress again?
Please help wordfence expart guys .

Viewing all 33161 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>