Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all 33152 articles
Browse latest View live

php code injected

June 25, 2019, 11:01 am
$
0
0

Replies: 0

Hello
I am a hsoting provider, and today I found that most of my wordpress hosted accounts have some php code injected all over (mostly) Wordfence scripts.
Code is
< ? php exit(‘Access denied’); __halt_compiler(); ? >
(added some extra spaces on purpose)
This is the list of scripts where this code appeared:

wp-content/plugins/wordfence/lib/wordfenceClass.php
wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php
wp-content/wflogs/template.php
wp-content/wflogs/config.php
wp-content/wflogs/ips.php
wp-content/wflogs/config-synced.php
wp-content/wflogs/config-transient.php

I manually removed those lines, but Wordfence now throws some PHP warnings. I think the best move is to reinstall it.

So the question is: how was this injected?

Thanks

Search

Multisite?

June 25, 2019, 11:41 am
$
0
0

Replies: 0

Hello,

I can use her plugin for multipages?
on your site i cant find info to multisite.

thanks
claudia

  • This topic was modified 9 minutes ago by fratzi.

Unistall these files crash mi site blank page

June 25, 2019, 1:15 pm
$
0
0

Replies: 0

hello admin

I want to completely uninstall your plugin but I can not?
delete these files leaves my page unusable

/home/mywebsite/public_html
.user.ini
wordfence-waf.php

What can I do to get it completely uninstalled?

Manage Godday has connection issue

June 25, 2019, 2:28 pm
$
0
0

Replies: 0

I have some sites to manage I am using GoDaddy

I have a freee version of this plugin on my sites

There was a connection issue on https://reviewbathbombs.com/ when I uninstalled this plugin connection was made.

Tools Tab

June 25, 2019, 3:46 pm
$
0
0

Replies: 0

When I check user activity through the ‘Tools’ section of wordfence it shows me the pages the user left or was on. Sometimes it shows my admin page under that users activity for example it will say:

“FakeUser in LA, California logged out successfully at examplewebsite.com/logout.
examplewebsite.com/wp-admin”

Sometimes instead of wp-admin it will say the custom url I made to keep hackers away. I want to know if this is something to worry about because I run a paid website and I just deleted so many users because of this and I dont want to run into financial issues if I am wrong on my end. It doesn’t show up for all users only a few, so I figured they were some type of hacker.

class-wp-site-health-auto-updates.php

June 25, 2019, 4:40 pm
$
0
0

Replies: 0

Wordfence flagged this as a High Severity Problem:
* WordPress core file modified: wp-admin/includes/class-wp-site-health-auto-updates.php
I googled that php file and it didn’t come up as a virus anywhere, I don’t think. Does anyone know why it was flagged this way? Thank you for any suggestions.

Live traffic filter

June 26, 2019, 2:59 am
$
0
0

Replies: 0

Hi

Live traffic: Is it possible to filter for ip range? or search-filter for hostname?
If no no, where is all these info stored in the database?

Site Health not working when Wordfence active

June 26, 2019, 3:38 am
$
0
0

Replies: 0

I have the same problem as in this thread on a site I’m managing: https://wordpress.org/support/topic/wordfence-and-wp-5-2/. Accessing Tools > Site Health only shows the date and time.

If I deactivate Wordfence, Site Health is accessible.

I’ve looked at the blocked IPs in Wordfence -> Tools -> Live Traffic. There is only one, and it doesn’t match the server IP. I’ve whitelisted the server IP in the Advanced Firewall Options, but the problem remains.

What else could you suggest to resolve this problem?

The site is running WP 5.2.2 and Wordfence 7.3.4.

Search

Wordfence is blockin a admin-ajax call.

June 26, 2019, 8:27 am
$
0
0

Replies: 0

On my website, I have a admin-ajax call with parameters for a query in it. When the wordfence firewall is active the ajax call returns an error 500. This happens regardless of being in learning mode or active, and I’ve tried adding the /wp-admin/admin-ajax to the whitelisted URLs to no avail. Furthermore, this error only occurs if the parameter search is being used, which is the only parameter sent that comes from an input text field, a query using only other filters works just fine with or without the firewall active.

Site won’t display inside iframe

June 26, 2019, 10:12 am
$
0
0

Replies: 0

I usually test and check how a site displays on different screen sizes using an app that puts a webpage inside an iframe of various sizes. However, I can’t get a client’s site to display in the app. It always redirects away from the app to the native home page. In other words, there’s something breaking out of iframes in the site’s code. I don’t have this problem with any other sites.

So, I’m wondering if there is some setting in Wordfence that automatically breaks out of an external iframe? If so, where can I find the option so I can disable it for testing purposes? Thanks.

Files inserted into the exclusion list for advanced scan

June 26, 2019, 12:15 pm
$
0
0

Replies: 0

Hi

I just found some filenames listed under the
Advanced Scan Options
Exclude files from scan that match these wildcard patterns (one per line)

I don’t know why these files are there, I didn’t put them there, I am the only admin and only user on the site, the site is basically static (hasn’t had new content in years) and is left online as it is (though it uses an autoupdate plugin to ensure it does all WordPress updates).

On this old support thread (more than 3 years old), it suggests

For the first question with the “Exclude files from scan…” option, usually that box is blank, but if Wordfence scans get stuck, files can be added to the list automatically, to be skipped in the next scan. Usually these are extremely large files that cause problems, but in your case, you can probably just remove these from the list. It may mean that your host is having intermittent problems completing scans. On the Wordfence options page, if you change “Maximum execution time for each scan stage” to 15 or 12 seconds, this may help the scans complete more reliably.

https://wordpress.org/support/topic/wordfence-hacked-1/https://wordpress.org/support/topic/wordfence-hacked-1/https://wordpress.org/support/topic/wordfence-hacked-1/

Is the above still true or need I be concerned one of these files was hacked and this was added to cover their tracks?

thank you
– Eric

These are the files that are excluded on my site. I can see no rhyme or reason for them to be excluded:

wp-content/plugins/worker/src/Google/Service/Drive.php
wp-includes/class.wp-dependencies.php
wp-content/plugins/jetpack/images/customize-theme.svg
wp-content/themes/twentynineteen/classes/class-twentynineteen-walker-comment.php

Live Traffic: No requests to report yet

June 26, 2019, 4:12 pm
$
0
0

Replies: 0

Hi, my live traffic worked until about a week ago, but now does not show any data. Wordfence appears to be thinking for a few seconds (this is when hits usually show up), but then says “No requests to report yet”. Any idea why?

Can’t log in once Recaptcha is enabled

June 27, 2019, 4:19 am
$
0
0

Replies: 0

Hi there,

When I enable login form recaptcha on my site, ALL login attempts are met with:

“VERIFICATION REQUIRED: Additional verification is required for login. Please check the email address associated with the account for a verification link.”

Following the link does allow entry but this happens for EVERY user on EVERY login. Which is obviously not usable. Works fine on my other sites, just not this one.

Can you please advise what I’m doing wrong?

Thanks,
Dave

  • This topic was modified 2 hours, 1 minute ago by orchard800.

LIVE TRAFFIC

June 27, 2019, 5:00 am
$
0
0

Replies: 0

HI,

Just a suggestion which you may have already considered as its been something I have been meaning to ask for years.

In LIVE TRAFFIC, I have a ton of IPs picking up various page URLs

Of those URLs, some pickup / attempt to look at wp-login and all sorts of files/pages which I do not want them to see/access.

There are three buttons :

BLOCK | RUN WHOIS | SEE RECENT TRAFFIC

How about another button which is a single action ‘BLOCK THIS’; which will block access to a particular URL i.e wp-admin, wp-login, etc.

However, that same IP can still look / access other urls such as pages and posts but NOT WP files.

And of the many being BOTS, I block one IP and the same search is being created again but under another IP. So suspecting this may be a malicious probe, if I keep blocking such IPs; I fear I may end up blocking the plant 🙂

Also, I have tried to stop WF showing admin login /access and have tried to hide it in OPTIONS to no avail?

Does that make sense?

Maybe I have missed something

Fab plugin! 😉

Disable “Login Security”?

June 27, 2019, 8:04 am
$
0
0

Replies: 1

Is there any possibility to completely disable “Login Security” for my site? It seems that i have compatibility issues with another login plugins. So only administrator is able to login.

Search

WF blocks pasting Google Map iframe code in Divi

June 27, 2019, 10:31 am
$
0
0

Replies: 2

I have a site built with Elegant Themes Divi. When I paste one simple block of iframe code to display a Google Map on the contact us page, I litterally get thrown out of the page and a new browser tab opens that is blank. If I go back to the original tab the iframe code is there and when I save the page I am then presented with an error saying that the page failed to save. I have already contacted Elegant Themes and they stated there is nothing in et Divi that blocks google maps iframe code. I disabled all plugins and found that it is the wordfence plugin that won’t allow the iframe code. I can include it and save the page just fine without wordfence activated. However, I really want to have wordfence active. How do I tell wordfence to allow this google map code?

wp-cron.php?doing_wp_cron=1561669232.9309959411621093750000

June 27, 2019, 2:26 pm
$
0
0

Replies: 0

Hi, thank you for Wordfence. I think it’s brilliant.

I’ve been getting blocked for accessing banned url messages on of my sites for nearly 48 hours now:

Type: Blocked
United Kingdom left https://(domain name)/wp-cron.php?doing_wp_cron=1561669232.9309959411621093750000 and was blocked for Accessed a banned URL at https://(domain name)/wp-cron.php?doing_wp_cron=1561669232.9309959411621093750000
‎27‎/‎06‎/‎2019 ‎22‎:‎00‎:‎34 (7 minutes ago)
IP: 91.208.99.2 Hostname: outgoing2.gridhost.co.uk
Human/Bot: Bot
Browser: undefined

Gridhost.do.uk is also my hosting provider. So I’ve been thinking this is a false positive. But I feel wary of unblocking the ip address. I see that it currently has a high history of abuse – see https://www.abuseipdb.com/check/91.208.99.2

Help and opinions much appreciated.

Thaanks, H

Admin Login Alert Emails (Issue)

June 27, 2019, 2:38 pm
$
0
0

Replies: 0

Hi Team,

I run Wordfence on a bunch of sites. On one site in particular, I receive an admin login email alert every time a specific user logs into WP admin.

The issue is, this user is set as a Shop Manager (WooCommerce) rather than a site admin.

None of the other Wordfence sites alert me when their Shop Manager logs in.

Is there a way to fix this up? It’s a little annoying.

Quick background: there was a time (months ago) when I bumped this user up to admin level for an unrelated reason, then when I brought her back down to shop manager I still receive emails whenever she logs in.

Thanks so much for your time!

Scan Failed to Start (I tried everything with no luck)

June 27, 2019, 6:56 pm
$
0
0

Replies: 0

Hello,

I need help because my scans fail to start and I’ve tried everything on the troubleshooting page.
1.) I’ve tried to start the scans remotely. My wp-admin page is not password protected.
2.) My hosting company confirmed that they don’t have the IPs blocked.
3.) My AJAX handler page is a blank page with a “0” in the top right.
4.) There are no errors in the “Connectivity” section of the Diagnostics tab.
5.) The activity log simply says “Scan stop request received”.
6.) In my wp_wfStatus table, it says “SUM_KILLED: A request was received to stop the previous scan.”

Thank you very much for any help (I’m very much a beginner, please include as much detail as possible in responses.)

All stopped

June 27, 2019, 7:38 pm
$
0
0

Replies: 0

For the first time in a few years – all stopped working today (could’ve been last night).
Current blocks
Live Traffic
And, all the past ones are missing. No reports to show.

Viewing all 33152 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>