Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all 33255 articles
Browse latest View live

Unlock email not bring received

$
0
0

Replies: 2

I have been locked out due to the my failed login settings. But I am not receiving the unlock email to my registered email, entered on the locked out page. However, I am receiving the user locked out emails to the same email id.

Kindly resolve.


new installation/malware

$
0
0

Replies: 0

I am developing a new WordPress site that is not public yet. Yesterday afternoon I installed Wordfence, and moments later received a notification from my host that the following file contained malware and had been sequestered:
/upgrade/wordfence.7.3.2-lHsf8Q/wordfence/fonts/robotoKFOkCnqEu92Fr1Mu51xGIzQXKMnyrYk.woff

I don’t know what to make of this. Does this mean that the malware was part of Wordfence in the first place?

Wordfence itself did not pick up any malware. This notification came from my webhost’s surveillance system.

Thanks for any information and guidance.

Helen

2FA Keeps resetting itself

$
0
0

Replies: 0

Hey everyone,

I set up 2fa successfully as soon as i change page it resets the settings (back to a new qr code).

Similarly if I change the 2fa settings as soon as i press save it resets them.

Has anyone else had this problem?

Locked out of Wordfence

$
0
0

Replies: 0

I just recently subscribed to premium in Wordfence but now it no longer considers my email as valid. I can’t open a ticket because it requires I log in and I’m currently locked out.

What can I do to get my account back?

Renewal Licence

$
0
0

Replies: 0

Hi Billing Team,

I’m trying to renew an expired licence but unable to do from the dashboard. The licence is da5f12807e19d883a4a5ab57dc3dc63a86269b9bd20b5fd9c6069dd27bc494c8

Can you please renew on my behalf and bill me for the list price of $35.12.

I’m going on holidays tomorrow and would really appreciate it if this can be sorted today so everything is in place before I go.

I’ve sent an email to billing@ also.

Warm Regards,

Mark

False positive on file modification date

$
0
0

Replies: 0

Hi. On the WordFence activity report I receive, it says that a number of my image files were modified on May 26, but when I look at the filesystem the modification date was earlier, on May 20. How can I prevent these false positives? Let me know what additional info you may need… Thank you.

Translate

$
0
0

Replies: 0

Hi guys!

I would like to help translate the plugin to Portuguese (Brazil).

How can I help?

Tks! =)

WF critical nobodycrew backdoor

$
0
0

Replies: 0

Hi,

On a clients website I’ve had the following critical warning however other security checks have cleared the website and I can’t find anything on a google search

Filename: wp-content/uploads/bbpowerpack/index.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: function_exists(‘exec’)){ @exec($code,$res);

The issue type is: Backdoor:PHP/nobodycrew.3414
Description: A backdoor known as nobodycrew

Please can you confirm that is NOT a false positive.

I have already raised a support ticket with the plugin developers. Even a new version of the plugin seems to give the same error.

Thanks for your help,
Karen


Wordfence blocking me?

$
0
0

Replies: 0

Lately I’ve noticed in the WF’s weekly report email that it has blocked my IP repeatedly (pasted below). The information in the details suggests it is associated with an academic reference plugin I’m using, Academic Blogger’s Toolkit (ABT). And lately I’ve been getting some odd behavior in that plugin.

Strange thing is, I’m never actually blocked from logging in. In fact I don’t really know what WF means by “blocked” in this context. Much of WF is a mystery to me.

Q: Why/what is it blocking? How can I get it to stop?

From my last report. The first two are likely legitimate blocks (China); the rest are my IP address:

Recently Blocked Attacks
Time IP / Action
May 25, 2019
4:44am
112.3.24.100 (China)
Blocked for Directory Traversal in query string: template=tag_(){};@unlink(FILE);eval($_POST[qazw]);print(md5(999));{//../rss
May 24, 2019
7:38pm
120.92.102.182 (China)
Blocked for Directory Traversal in query string: template=tag_(){};@unlink(FILE);eval($_POST[qazw]);print(md5(999));{//../rss
May 24, 2019
9:51am
<*** my IP ***> (United States)
Blocked for XSS: Cross Site Scripting in POST body: state={“references”:[{“type”:”article-journal”,”title”:”Treefall in a mixed oak-pine coastal plain forest:\xea
May 24, 2019
9:14am
<*** my IP ***> (United States)
Blocked for XSS: Cross Site Scripting in POST body: state={“references”:[{“publisher”:”Wiley”,”DOI”:”10.2307/1940083″,”type”:”article-journal”,”page”:”1559-15\xea
May 24, 2019
9:14am
<*** my IP ***> (United States)
Blocked for XSS: Cross Site Scripting in POST body: state={“references”:[{“publisher”:”Wiley”,”DOI”:”10.2307/1940083″,”type”:”article-journal”,”page”:”1559-15\xea
May 24, 2019
9:12am
<*** my IP ***> (United States)
Blocked for XSS: Cross Site Scripting in POST body: state={“references”:[{“type”:”article-journal”,”title”:”Treefall in a mixed oak-pine coastal plain forest:\xea
May 24, 2019
9:10am
<*** my IP ***> (United States)
Blocked for XSS: Cross Site Scripting in POST body: state={“references”:[{“type”:”article-journal”,”title”:”Treefall in a mixed oak-pine coastal plain forest:\xea
May 24, 2019
9:07am
<*** my IP ***> (United States)
Blocked for XSS: Cross Site Scripting in POST body: state={“references”:[{“type”:”article-journal”,”title”:”Treefall in a mixed oak-pine coastal plain forest:\xea
May 24, 2019
9:07am
<*** my IP ***> (United States)
Blocked for XSS: Cross Site Scripting in POST body: state={“references”:[{“type”:”article-journal”,”title”:”Treefall in a mixed oak-pine coastal plain forest:\xea
May 24, 2019
9:05am
<*** my IP ***> (United States)
Blocked for XSS: Cross Site Scripting in POST body: state={“references”:[{“type”:”article-journal”,”title”:”Treefall in a mixed oak-pine coastal plain forest:\xea
and 20 additional attacks

Blocking activity but not IP addresses?

$
0
0

Replies: 0

I am confused about how the firewall works when someone breaks a rule. I have a site setup with “How long is an IP address blocked when it breaks a rule” set to 5 days. This seems to work correctly for accessing restricted pages, etc.

However, I continue to see users from the same IP be able to perform actual malicious attacks over and over, yet the IP is not blocked. Why are they even able to attempt the 2nd attack? What am I misunderstanding?

I have a screenshot that I can provide which illustrates my issue if that helps.

Thanks in advance.

Wordfence High Severity Unknown file problems

$
0
0

Replies: 0

Hi there.

My hosted site recently automatically updated WordPress. My current version is 5.2.1.

My Wordfence plugin (up to date 7.3.2) is now saying I have 141 high severity problems, all looking like these examples below.

High Severity Problems:
* Unknown file in WordPress core: wp-admin/css/colors/blue/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/coffee/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/ectoplasm/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/light/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/midnight/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/ocean/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/sunrise/php.ini
* Unknown file in WordPress core: wp-admin/css/php.ini
* Unknown file in WordPress core: wp-admin/images/php.ini
* Unknown file in WordPress core: wp-admin/includes/php.ini
* Unknown file in WordPress core: wp-admin/js/php.ini

What can I do about these errors please? Do they pose a threat?

Many thanks for any advice and assistance.

I changed website and getting error

$
0
0

Replies: 0

Dear team
Thanks for this amazing plugin
I am getting some issue with the plugin
I always do the website on my subdomain and when it’s ready, then I take it’s backup and restore on client’s domain. Last time, I installed your plugin on my subdomain and when I restored the whole backup on client’s website, Then your plugin kept the same key and giving error while scanning. Is there any option to reset your plugin? Or any other solution?
Waiting for your reply
Thanks

HElp – Wordfence Firewall blocked a background request

$
0
0

Replies: 1

Hello I’m having trouble with the plugin, I saw that there are some people who had the same problem, but if I activate the learning mode my site will not be completely safe, which can be done, because I installed the pq plugin already suffered attack.

The following message is being displayed, making it impossible to update pages and posts. Currently I use the DIVI Theme.

`Wordfence Firewall blocked a background request to WordPress for the URL https://www.gabster.com.br/wp-admin/admin-ajax.php. If this occurred as a result of an intentional action, you may consider whitelisting the request to allow it in the future.

Domain Name Fails with WordFence Installed!

$
0
0

Replies: 0

I’ve made this change (I’m sure) with wordfence installed before. It seems you have a rats nest of hard coded domains in various config files that automatic domain changers would miss. I’ve tried just renaming the plugin directory but the hard coded dev domain is still buried in enough places the whole site will not load.

This is so common to have dev domains I would think you would create a system that can change domains. At the very least have a post that can be found by google telling where all of these spots are.

Actually…..its the directory that’s hard coded. UGGG!!!!! Who does this?!

database error Deadlock found query UPDATE `wp_wfBlocks7` ..

$
0
0

Replies: 1

spotted in logs:

[28-May-2019 18:58:33 UTC] WordPress database error Deadlock found when trying to get lock; try restarting transaction for query UPDATE wp_wfBlocks7 SET reason = ‘Blocked by login security setting’, expiration = 1559077113 WHERE expiration > UNIX_TIMESTAMP() AND type = 8 AND IP = ‘\0\0\0\0\0\0\0\0\0\0��2W�’ made by wp_xmlrpc_server->serve_request, IXR_Server->IXR_Server, IXR_Server->__construct, IXR_Server->serve, IXR_Server->call, wp_xmlrpc_server->wp_getProfile, wp_xmlrpc_server->login, wp_authenticate, apply_filters(‘authenticate’), WP_Hook->apply_filters, wordfence::authenticateFilter, wordfence::processBruteForceAttempt, wfBlock::createIP


I’ve Never Seen Anything Like This In 20 Years

$
0
0

Replies: 0

I have two websites that are being visited every few seconds over and over without fail for days and days. The visitor IPs are random. The browser UA’s are different. The countries are random. Sometimes they are referred to the website by random URL’s but sometimes they are direct. They are almost impossible to stop.

Is anyone else having this problem? How can I combat this?

Logout Idle Users

$
0
0

Replies: 1

Hi,

Anyone help me how to logout idle users with Wordfence plugin?

Thanks.

increased attacks

$
0
0

Replies: 2

Hi, I’ve had a notification to say I’ve had an increased number of attacks on my site (102 attacks in 10 mins). Is there any way I can see where these are coming from, or if it’s related to a certain plugin?

PHP Fatal Error

$
0
0

Replies: 0

Hi everyone!

We had an issue with a WP Multisite yesterday, that caused all the sites to go down. Error message below:

Uncaught Error: Call to undefined method wfWAFStorageFile::_open() in /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:422\nStack trace:\n#0 /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(601): wfWAFStorageFile->open(”)\n#1 /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(555): wfWAFStorageFile->fetchConfigData(”)\n#2 /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/utils.php(847): wfWAFStorageFile->getConfig(‘avoid_php_input’, false)\n#3 /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/request.php(266): wfWAFUtils::rawPOSTBody()\n#4 /var/www/html/wp-content/plugins/wordfence/waf/bootstrap.php(30): wfWAFRequest::createFromGlobals(Object(wfWAFWordPressRequest))\n#5 /var/www/html/wp-content/plugins/wordfence/waf/bootstrap.php(678): wfWAFWordPressRequest::createFromGlobals()\n#6 /var/www/html/wordfence-waf.php(6): include_once(‘/var/www/h in /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 422

We managed to stop this recurring error by deactivating the plugin (through FTP), but would really like a solution to this, so we can get WordFence back up and running again.

We’re running WordFence 7.3.2 on a Linux instance.

[ReCaptcha] Site not sending out verification email

$
0
0

Replies: 0

Hello,
I tried searching for similar posts, but could not find one, hopefully this has not been answered before.

I recently enabled the new Wordfence ReCaptcha option for login and user registration. It works! I had a huge amount of fake users registering before. However, just yesterday, one of my legitimate users tried signing in to his account, and was not able to do so. When I tried signing in to his account, I got the following message: “VERIFICATION REQUIRED: Additional verification is required for login, please check the email address associated with the account for a verification link.”
The problem is, my website never sends out an email. My user has no email in his inbox (or spam), and I can see that no email has been sent out. My site is sending out other emails, such as order confirmations from our store, so I know that it can.
I never noticed the problem for my own account, because I have 2FA enabled, which makes you skip ReCaptcha.

Please help!

Sincerely,
Nermit

  • This topic was modified 8 hours, 40 minutes ago by nermit.
Viewing all 33255 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>