Replies: 0
It appears that after the last update to Wordfence 7.3.4 our sites English homepage started giving a 404 error. We didn’t pickup on this for a while as it works fine when logged in to admin. All other pages on the site are fine both the French homepage and any sub pages and posts.
I’ve tried disabling Wordfence but the problem remains. If I replace index.php with an index.html it resolves correctly.
Using WPML for the multilingual part of the site
Has anyone else had these issues?
Replies: 0
Hello, I checked my db and I see that wp_wfknownfilelist have ~1,707,463 rows and is about 182 mb.
Is it ok? Can I do something to make it smaller? Maybe disable some logs or stats in plugin?
Replies: 0
Hello I’m assuming a site and would like to change the registration email that is in the plugin. I looked after it and couldn’t find any tab that I could make the exchange.
Replies: 1
6/28
I have one site protected by wordfence that is allowing a 200 on every xmlrpc.php page. Where is the setting to stop this and generate a 503 or a 403 response.
Replies: 0
Hello,
Thanks for the great security solution.
and again XML-RPC!
Unless by “Disable XML-RPC authentication” feature, Wordfence will not block any XML-RPC attack?
But every minute an attack is through XML-RPC.
Also by adding below code to .htaccess, XML-RPC attacks are completely blocked:
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>Truly what’s the difference between these two?
And why by “Disable XML-RPC authentication” Wordfence will not block them?
Thanks in advance.
Replies: 1
According to the Spamhaus site my IP “is listed in the XBL, because it appears in: CBL Lookup” More Info from the CBL Scan. Is the problem with the site or with one of our computers??
“Now, I re-scanned my site with Wordfence and the error went away, but the Spamhaus site seems current… What can I do?
This IP address is infected with, or is NATting for a machine infected with Tinba.
Tinba (also known as “tiny banker” and “illi”) is a e-banking trojan aimed to steal credentials for online banking accounts. It spreads through hijacked websites (drive-by exploits) and malicious email attachments.
The CBL detection is being made using sinkholing techniques.”
Replies: 0
Hi, i have been infected for 3 times by wp-vcd malware and thanks to WF i found the infected files but how could i configure the firewall for not happen again? thanks
Replies: 0
When I go into the Wordfence tab I see this notice:
The Wordfence Web Application Firewall needs a configuration update. It is currently configured to use an older version of PHP and may become deactivated if PHP is updated. You may perform the configuration update automatically by clicking here.
Clicking the link does absolutely nothing to resolve the issue; the message just keeps coming back.
Going to the page at https://www.wordfence.com/help/firewall/troubleshooting/#configuration-update-for-sites-switching-from-mod_php5-to-mod_php7 is not helpful because it says this:
Generally, you should only need to click the link in the admin notice to automatically update the .htaccess file for the firewall. If the notice disappears, then you are all set! If the notice appears again, you can use the button “Optimize the Wordfence Firewall” on the Firewall Options page to try updating the files the same way it works in a new installation. If you still have trouble resolving the issue, please contact support.
However I have looked all over and I do not see an “Optimize the Wordfence Firewall” button anywhere, not on the Firewall Options page nor anywhere else in the Wordfence pages. Where, exactly do I find this button? I actually think that I may have already done this when I first set up Wordfence, which would explain why I’m not seeing the button, but doesn’t explain why clicking the link doesn’t do anything. Wordfence appears to be working fine, so how can I make that notice go away?
Replies: 0
I added Wordfence 10 days ago to one of my websites. I noticed yesterday was super slow sometimes pages didn’t load and an Error message showed. This morning was worse; I downloaded the server error logs and they were all:
… mod_fcgid: can't apply process slot for …
Once I got a page to load I deactivated Wordfence and the errors stopped.
Is there something I need to do on the server (Network Solutions?)
thanks!
Replies: 0
Hello,
my wordpress website is http://www.jismi.ma
yesterday I received a Wordfence alert by emai which said:
[Wordfence Alert] Problems found on bakery.edward.dv.ancorathemes.com”
See the details of these scan results on your site at: http://bakery.edward.dv.ancorathemes.com/wp-admin/admin.php?page=WordfenceScan”
i don’t know why the website URL shows “bakery.edward.dv.ancorathemes.com” instead of my website URL “jismi.ma”.
Two days ago the same email said:
“[Wordfence Alert] Problems found on http://www.jismi.ma”
I would like to know if this is some kind of hacking or intrusion and how to clean it.
Thank you very much for your help !
Replies: 0
I noticed that my Related Posts plugin which used to show 4 posts are now only showing one. I went into the plugin and changed the configuration from “tag” to “categories and tags”. Anyway, wordfence would not let me save and says it’s finding suspicious activity. I tried several times. So I was going to go to the plugin and check, but the wordfence plugin is no longer listed. I even ran a search of my plugins and wordfence came back with no matches. That is a bit odd to say the least.
Anyway, I then went to download it again and it says can’t download because you already have wordfence installed. So it is not showing but is there and also it just sent me its standard someone logged into you account email that I can’t get it to stop doing when I log in but I really don’t care about.
Anyone know what’s going on? Thanks (two issues – wheres the plugin and why is it blocking the Related Posts change?)
Replies: 0
Hi Wordfence
I have disabled wp-chron and I am running a server/linux chron job to automatically export gravity form entries to a server directory based on a timed base schedule – daily.
wget -q -O – https://www.raizcorp.co.za/wp-cron.php?doing_wp_cron >/dev/null 2>&1
It seems ever since Wordfence was installed we are having issues with the chron running / exporting.
If I run the chron manually from server, it runs no problem. But if I leave it to run via the website schedule it does not.
Could Wordfence be blocking this chron, is there a way I can prevent this? test? Whitelist?
Replies: 0
here’s the code
one of our clients (just one) got a false positive case and detected our script as malicious
does anyone have an idea on why that happened ?
Replies: 0
I have tried to run a Scan a few times but it seems to be hanging at the same point every time.
The Log file reaches the top line listed below and that’s it. The three progress spinners are running (File Changes –
Malware Scan – Content Safety) but that’s it.
[Jul 01 12:46:05:1561949165.004511:2:info] 16561 files indexed
[Jul 01 12:45:54:1561949154.038548:2:info] 16065 files indexed
[Jul 01 12:45:51:1561949151.848928:2:info] 15565 files indexed
Would appreciate your thoughts.
Cheers
Replies: 0
Hello there , as my title says I got locked out from Wordfence. I used 2FA I have set up everything , I also was logging in by using 2FA by now without any problem. What happens now is that my website doesn’t redirect me to the 2FA page when I use my username and pass to log in so I can’t really go to the needed page to use my 2FA and I still get a message that says CODE REQUIRED: Please provide your 2FA code when prompted.
Replies: 0
I’m getting some Wordfence errors, here is some of the logs I find in my error_log:
[26-Jun-2019 14:32:05 UTC] WordPress database error Table 'site_dkbi.wplki_wfconfig' doesn't exist for query SELECT name, val, autoload FROM wplki_wfconfig WHERE name = 'disableWAFIPBlocking' made by wfWAFIPBlocksController::synchronizeConfigSettings, wfConfig::get
[26-Jun-2019 14:32:05 UTC] WordPress database error Table 'site_dkbi.wplki_wfconfig' doesn't exist for query SELECT name, val, autoload FROM wplki_wfconfig WHERE name = 'cbl_cookieVal' made by wfWAFIPBlocksController::synchronizeConfigSettings, wfBlock::countryBlockingBypassCookieValue, wfConfig::get
How can I get rid of the errors?
Replies: 0
My site was hacked twice in the last month or so and I installed Wordfence after the second hack. I have turned on 2fa and have it set to alert me when someone logs into my account.
However, someone was able to change the username and password of the admin account and locked me out today. I didn’t get an alert that anyone had logged into the account.
I was able to get the username and password changed with the help of my host. I’m really just trying to figure out how this happened. All plugins and themes are up-to-date as well as WordPress and PHP.
Replies: 1
I change the hositng. And now when I try to enter my wordpress panel I cant access, Im blocked. On my cPanel I deleted the WordFence plugin, and Im still cant log in to my site. I deleted the cookies and cache and still not working. What should I do? Please I really need help with these.
Replies: 0
I just got an email with this notification:
he Wordfence Web Application Firewall has blocked 134 attacks over the last 10 minutes. Below is a sample of these recent attacks:
July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for Blog Designer <= 1.8.10 – Unauthenticated Stored Cross-Site Scripting in POST body: custom_css=</style><script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(98ê
July 1, 2019 6:23pm 222.73.242.180 (China) Blocked for WP GDPR Compliance <= 1.4.2 – Update Any Option / Call Any Action in POST body: action=wpgdprc_process_action
July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for Blog Designer <= 1.8.10 – Unauthenticated Stored Cross-Site Scripting in POST body: custom_css=</style><script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(98ê
July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for Blog Designer <= 1.8.10 – Unauthenticated Stored Cross-Site Scripting in POST body: custom_css=</style><script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(98ê
July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for XSS: Cross Site Scripting in POST body: domain=</script><script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(9ê
July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for XSS: Cross Site Scripting in POST body: css=</style><script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(98ê
July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for XSS: Cross Site Scripting in POST body: otw_pctl_custom_css=</textarea><script async=true type=text/javascript language=javascript>var nt = String.fromCharCodeê
July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for XSS: Cross Site Scripting in POST body: otw_pctl_custom_css=</textarea><script async=true type=text/javascript language=javascript>var nt = String.fromCharCodeê
July 1, 2019 6:23pm 222.73.242.180 (China) Blocked for Yellow Pencil Visual Theme Customizer <= 7.1.9 Arbitrary Options Update in query string: yp_remote_get=3
July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for Total Donations (all known versions) – Multiple Unauthenticated AJAX Actions
I notice that a number of them say “Scripting in POST body” – where exactly is this posting happening? Comments are turned off for all posts and pages on the site.
Thanks!
Replies: 0
Hello,
I have a few staging sites that require HTTP auth, and I’d like to connect them to Wordfence Central. It doesn’t appear that this is possible at this point, but I just wanted to verify.
Thanks!
Jake