Replies: 0
Many of my clients use GoDaddy hosting and are getting multiple emails saying their websites aren’t secure. They all use the free version of Wordfence and I’m very happy with it. Can you provide a comparison as to how your free version (or pro) is comparable to what a hosting company provides?
Replies: 0
Greetings all. We have a point release for Wordfence today, version 7.4.1. Please update as soon as you are able.
Thanks everyone for great comments and suggestions. Send any of those you might have to feedback@wordfence.com and someone will get back to you.
Keep in mind, the feedback address is not a place to request support.
Also, no support questions will be answered in this thread.
Free support requests can be posted at https://wordpress.org/support/plugin/wordfence
Our premium customers can open a ticket at https://support.wordfence.com
Replies: 0
After updating to Wordfence 7.4.1, the website doesn’t load anything.
Any other reports of similar issues?
Theme: OceanWP
Replies: 0
I get a lot of brute force attack from hackers trying to login with the username “[login]” with the braces included. This doesn’t make sense to me, but then again I am not a hacker. Are there any issues with me blocking the IP address for those trying to login using the username [login]? Thank you.
Replies: 0
Hello.
I see such database errors
https://drive.google.com/file/d/1otYxNE8axQKsmeG1KsqlJRAngrxKWAen/view?usp=sharing
In version 7.2.5 there were no such errors. Appeared after updating version 7.2.5, but after that update there were 4 errors. After the next update, 6 errors appeared. I didn’t write right away, because I thought I would fix it in the next update. Updated to version Version 7.4.1, but errors remained.
And one more thing, 2FA does not work (I tried to configure it in version 7.4.0).
Look here please.
Replies: 0
After your last update:
Error Details
=============
An error of type E_COMPILE_ERROR was caused in line 4 of the file /home/XXXX/domains/technoogies.com/public_html/wp-content/plugins/wordfence/models/common/wfGeoIP2.php. Error message: require_once(): Failed opening required ‘/home/XXXX/domains/technoogies.com/public_html/wp-content/plugins/wordfence/models/common/../../vendor/autoload.php’ (include_path=’.:/opt/alt/php73/usr/share/pear’)
Replies: 0
I have a Critical message from your plugin:
Publicly accessible config, backup, or log file found: .user.ini
Type: Publicly Accessible Config/ Backup/Log
Issue Found November 5, 2019 11:12 am
critical
Can I Hide the file by clicking on Hide File?
Thanks.
Replies: 0
I’ve recently installed Wordfence central, it works well, however when I first login it is sending simultaneous requests to ALL SITES in the network.
We’re using a shared server for most of our sites and this is resulting in the servers’ memory being almost maxed out. This is very bad for server stability/ reliability.
My question is, how can I stop this behaviour? I just want Wordfence Central to use the most recent scans, not launch scans on launch.
Screenshot 1) Simultaneous updates:
https://ibb.co/QmwrnM2
Screenshot 2) Digital Ocean graphs (server reaching 90% memory capacity!)
https://ibb.co/gZyWmQq
Thanks for any help.
Replies: 0
Hi,
I can see it’s possible to force for admins but i would also like to force for “Shop Manager” too, is this possible somehow?
Cheers
Replies: 0
Latest update hangs the website due a DB error. Here is the log. Very sad about it… I’ve to disable this important plugin. Is any plug-in’s developer than can handle this issue. Here is the log:
[07-Nov-2019 01:01:06 UTC] WordPress errore sul database Server shutdown in progress per la query SELECT *, CASE
WHEN type = 3 THEN 0
WHEN type = 4 THEN 1
WHEN type = 7 THEN 2
WHEN type = 6 THEN 3
WHEN type = 5 THEN 4
WHEN type = 9 THEN 5
WHEN type = 8 THEN 6
WHEN type = 2 THEN 7
WHEN type = 1 THEN 8
ELSE 9999
END AS typeSort, CASE
WHEN type = 3 THEN parameters
WHEN type = 4 THEN parameters
WHEN type = 1 THEN IP
WHEN type = 9 THEN IP
WHEN type = 5 THEN IP
WHEN type = 6 THEN IP
WHEN type = 7 THEN IP
WHEN type = 2 THEN IP
WHEN type = 8 THEN IP
ELSE 9999
END AS detailSort
FROM wp_wfBlocks7 WHERE type IN (4) AND (expiration = 0 OR expiration > UNIX_TIMESTAMP()) ORDER BY typeSort ASC, id DESC fatta da wfWAFIPBlocksController::synchronizeConfigSettings, wfBlock::patternBlocks, wfBlock::allBlocks
[07-Nov-2019 01:01:06 UTC] PHP Warning: Error while sending QUERY packet. PID=592 in /srv/data/web/vhosts/www.angolodeldiabetico.it/htdocs/wp-includes/wp-db.php on line 1924
Replies: 0
Hi!
Would it be possible for Wordfence to not throw an email notification before updating itself automatically?
Medium Severity Problems:
* The Plugin “Wordfence Security” needs an upgrade (7.4.0 -> 7.4.1).
Essentially, if automatic update is enabled, there’s no reason to send this notification because the automatic update will fix this immediately after the message is sent.
This causes a ton of “plugin needs an upgrade” messages every time a Wordfence patch comes out because I have Wordfence installed on a lot of systems. I love it.
Naturally, if the automatic update has failed or isn’t enabled at all, it would be entirely reasonable to send this.
Replies: 0
I constantly get this IP blocked:
User IP: 54.86.175.16
User hostname: ec2-54-86-175-16.compute-1.amazonaws.com
User location: Ashburn, United States
I have not whitelisted it since I have no idea who is this IP from, it says Amazon, BUT looks more like Amazon servers rented by someone.
I currently have it block for 2 hours but it keeps coming once in a while. Recommendations?
Replies: 0
WordPress version: 5.2.4
Wordfence version: 7.4.1
I’m having an issue where the Wordfence firewall is blocking traffic from the Moz crawler (rogerbot). I use Wordfence and Moz on many sites and it’s never been an issue before. The Activity Detail is below:
Activity Detail
Ashburn, United States was blocked for Exceeded the maximum number of requests per minute for crawlers. at https://www.catalystcoachinginstitute.com/
11/7/2019 9:45:22 AM (14 minutes ago)
IP: 54.147.128.148 Hostname: ec2-54-147-128-148.compute-1.amazonaws.com
Human/Bot: Bot
Browser: undefined
rogerbot/1.2 (https://moz.com/help/guides/moz-procedures/what-is-rogerbot, rogerbot-crawler+aardwolf-production-crawler-07@moz.com)
I have whitelisted the IP address, but found out that Moz does not always use the same one or even a range, so that is not a good solution. Is there a way to whitelist the rogerbot without just globally increasing the max number of requests?
Thank you for your help!
Replies: 0
Sucuri tells me that the following two WordPress files have been modified:
.user.ini
wordfence-waf.php
Is this a false positive or do I need to investigate further?
Replies: 0
Hi,
My l10n.php file is continually being flagged by WF scan as changing at line 249 from;
function __( $text, $domain = 'default' ) {
return translate( $text, $domain );
} to;
if (!function_exists('__')) {
function __( $text, $domain = 'default' ) {
return translate( $text, $domain );
}
}Each time I restore it, it changes back a few days later.
Has anyone experienced this and have any idea of the culprit?
I have the same plugins on other sites (different hosts), but the hosting company couldn’t provide much help.
Thanks in advance!
Replies: 0
Hello, my antivirus software on my computer started to get triggered by the .sql file i regularly download as a WordPress backup. After further checking, i found that the triggering part was a script snippet placed into the wp_wfhits table by Wordfence plugin (i believe) about some bad guy’s website.
Here i opened a question on this with more details, if in need: https://webmasters.stackexchange.com/questions/125894/wordpress-database-backup-sql-file-got-a-trojan-category-malware-treat-says/125930?noredirect=1#comment171350_125930
I also send a feedback to Wordfence team, before i found this free forum. Here is the reply for your reference:
The wfhits table stores all visits that are displayed on the Live Traffic tool page in our plugin.
The domain balantfromsun [.] com is a known bad domain, which you can see here:
https://www.virustotal.com/gui/url/003d9a8db5dddc08b6f365b2a9e9144341000caa0011d5f3cfc592401de16c0d/detectionThe rows in the table show that a cross-scripting attack involving this domain name was carried out on the site from which this database belongs to. The attack was blocked by Wordfence.
It’s -obviously- all good and I’m happy that Wordfence managed to catch this specific XSS attack!
My further question on this: is it possible to further improve the storage part of the malicious scripts/codes to as not to trigger antivirus software?
Or what is the required procedure in these cases? It may cause (even) bigger headaches to users who aren’t able to research the exact triggering part themselves?
Thank you!
Viktor Boritas
Replies: 0
error in JS console with wordfence
Uncaught TypeError: $(…).ajaxError is not a function
at Object.init (admin.ajaxWatcher.1573059078.js?ver=7.4.1:7)
at HTMLDocument.<anonymous> (admin.ajaxWatcher.1573059078.js?ver=7.4.1:83)
at e (jquery-3.4.1.slim.min.js:2)
at t (jquery-3.4.1.slim.min.js:2)
Replies: 0
Hello
I purchased and installed the Wordfence plugin, but when it comes to scanning, please guide me. Thanks
Scan Failed
The scan has failed because we received an unexpected response from the Wordfence servers. This may be a temporary error, though some sites may need adjustments to run scans reliably. Click here for steps you can try.
The error returned was:
WordFence API error: The Wordfence key you’re using is not in a valid format.
Replies: 0
I am having an issue on my website which I haven’t been able to solve. When the Wordfence plugin is active, WooCommerce orders are not being updated after payment because the webhook is blocked (403 error).
Strangely, this issue still occurs when the firewall is in learning mode or even disabled entirely (including extended protection). However, the webhooks are working fine when the Wordfence plugin is disabled.
Do you have any suggestions as to why these requests are blocked by Wordfence despite the firewall being disabled?
Replies: 0
I believe I changed a setting in the WordFence configuration (where it checks your server and recommends configuration type), and now I can’t access any of the plugin’s pages. I don’t know if it’s related to the above-mentioned setting, but I keep getting this error any time I try to access a WordFence plugin page:
“The site is experiencing technical difficulties. Please check your site admin email inbox for instructions.”
I have no control over WordFence now. I tried uninstalling/reinstalling, closing browser, etc but I can’t get access to the pages back.
Please assist.