Replies: 0
I’m using ubuntu server 18.04.
ı have 15 domain names.
my installations
/var/www – A wp site
/var/www/b folder – b wp site
/var/www/C folder – C wp site
….
should I install separate wordfence for each wp folder?
or is a site wordfence just in the www folder enough?
Ps: my domain names example.com ,example1.com as.
Not A.example.com ,b.example.com
Replies: 0
Hello!
Error Scan:
Scan Failed
The scan has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself. Click here for steps you can try.
Error Diagnostics:
Connecting back to this site
wp_remote_post() test back to this server failed! Response was: 401 Unauthorized
This additional info may help you diagnose the issue. The response headers we received were:
View Additional Detail
Replies: 0
Hi my brute force settings don’t seem to be working as expected.
I have the following settings:
Lock out after how many login failures 8
Count failures over what time period 12 hours
However when I look at live traffic I see a few IP addresses that have failed to login with invalid usernames 10 times in a 4 minute period. Shouldn’t they be blocked after the 8th time?
Brute force is working overall as there have been 680 brute force attacks blocked today. It’s just not using the criteria set.
Replies: 0
Hello, i have installed wordfence and no doubt its a great plugin. My site was getting down from last one month especially when i start working on wo-admin and creating any post. It shows on the top Connection lost….. I upgraded my site to a dedicated server but couldn’t fix it. When i enable Under Attack mode in cloudflare the site become little bit stable. So i installed wordfence and I have done all the setting to prevent my site but still i can see alot of bot traffic coming to my website in Analytics. can you please help me to stop this. What is the best setting to prevent myself from such traffic.Also i saw so many people trying to log in with the user admin where i don’t have a user admin how can i block them. and i saw those all are targetting /xmlrpc.php not /wp-login or wp-admin page.. I also need your help to prevent this.
Many Thanks in advance.
Attached is the screenshot of some.
/?__cf_chl_jschl_tk__=48d…ma1VRsfOBrCRuotcfxQqsUdMo
/?__cf_chl_jschl_tk__=79a…TLIq2LPpYm8KGZEC_84f_sFLU
/?__cf_chl_jschl_tk__=c5a…m6VvD-defN9F4HbYU8SQXnxHE
Replies: 0
Since a few days, wordfence is sending me email for admin access login , Only issue is that the users logging in are not Admins … any explanation for that ?
Replies: 0
Hi
I’m trying to do a manual setup of the firewall, but I am expecting to be able to download the .htaccess file, so I can put it on my server myself, but instead of a download I am asked to enter FTP credentials instead – exactly like when having an automated install.
Due to security reasons we do NOT use FTP layer at all.
Suggestions?
Thanks a log!
Replies: 0
Wordfence Community –
Please note our customer support will be limited over the Thanksgiving Holiday. You may experience slower response times than normal between Wednesday November 27th until until Monday, December 1st. We appreciate your patience as we allow our team to enjoy the holidays with their families.
As always, we are grateful for all of you. Your participation here, your suggestions, your kind words about Wordfence, these are the things we are most thankful for. You guys rock!
– tim
Replies: 0
I’m looking for suggestions for a good method to bulk add a lengthy list of bad referer sites to the block list.
Do I have to directly add them to the database?
Thanks in advance
Replies: 0
Hi,
I’ve setup site key and secret key, but reCAPTCHA did not show, how come?
Site registration here
Replies: 0
Hi there,
Is there a way to add the wordfence 2FA on the main login screen? Ex. a third input field below the username and password?
I read you can add the 6-digit-code right after your password, but i’m afraid this will feel a bit unlogic to some users.
Regards, Edwin
Replies: 0
How can I whitelist a IPv6 address?
Is entering the first part (the network, the first 4 nnnn:nnnn:nnnn:nnnn) sufficient?
The second part (node, the second 4 nnnn:nnnn:nnnn:nnnn) is not persistent, so it would be practically impossible to list all possible variations.
Replies: 0
Hello I’m getting a lot of errors since I’m using onesignal and the files
site.com/wp-content/plugins/onesignal-free-web-push-notifications/sdk_files/OneSignalSDKWorker.js.php
site.com/wp-content/plugins/onesignal-free-web-push-notifications/sdk_files/OneSignalSDKUpdaterWorker.js.php
site.com/wp-content/plugins/onesignal-free-web-push-notifications/sdk_files/manifest.json.php
has to be publicly accessible. I think that wordfence block these so I’m asking a way to allow access to these files.
Thanks!
Replies: 1
Hi,
I use .htaccess with .htpasswd to required a user in my web, now I want to scan it with Wordfence but I can´t. I met a ticket(https://wordpress.org/support/topic/allow-wordfence-to-work-with-password-protected-wp-admin-folder/) but this solution is not working for me.
This doesn’t work:
AuthType Basic
AuthName "Please log in"
AuthUserFile "/home/www/html/web/.htpasswd"
<RequireAny>
Require valid-user
Require ip 127.0.0.1
Require ip 69.46.36.28
</RequireAny>
ErrorDocument 401 /401.htmlIt doesn’t work either:
AuthType Basic
AuthName "Please log in"
AuthUserFile "/home/www/html/web/.htpasswd"
Require valid-user
Order allow,deny
Allow from 80.147.187.99
Allow from 69.46.36.0/32
Allow from 54.68.32.247
satisfy anyMaybe I’m doing something wrong?
Is it possible to make a scanner even if you have a username and password to view the web?
Thanks!
Replies: 0
logged into my site yesterday and noticed 2FA was not working so was able to log straight into my website without authentication,on inspection 2FA was showing not active on my user account,so using google auth i rescanned with my phone and follow procedure,
page showed now activated for me,so logged out to test and still no 2FA auth required,checked user accounts and again showed 2FA not activated,activated 2FA again and instead of logging out went straight to user accounts page,it show not active,my site did update to wordpress 7.3 about 3 weeks ago PHP is 7.2.23 Wordfence is 7.4.1.
I did try to set up new admin user but same thing happening.
Please advise
Replies: 0
Hello,
I was trying to update wordfence and got a fatal error. I deleted the plugin and reinstalled it but, upon activation, I still have the Fatal error.
I have also tried to delete wflogs folder but same thing.
Can you please help?
PS: I have a premium account
Thanks.
Replies: 0
I was not able to complete the optimization setup process within the WP dashboard so I followed the manual configuration instructions provided. However, a PHP variables icon is not visible in my Cpanel. My hosting support told me to use the file manager to edit the php.ini file and insert the code provided in your documentation: auto_prepend_file = ‘/home1/amwsorg/public_html/wordfence-waf.php’
I did this and it is showing up in my php info now but the optimization warning is still appearing in the WP dashboard. Hosting confirmed that we only have 1 website in our single hosting account so that is not causing this issue.
Please advise on what I did wrong or why the optimization warning is still appearing in WP?
Thanks.
Replies: 0
I had added 3 usernames to immediately lock out. After a short period yesterday, it was working and showing each of these login attempts as blocked ( i.e. Paris, France was blocked by the Wordfence Security Network at …).
However, today, the login attempts with the same usernames are failing even after I added an additional username to block. For example, one log says San Mateo, United States attempted a failed login using an invalid username “admin”.
I specifically have admin and other usernames on my list.
Have others experienced this? I searched the forum and found one post that said empty password logins do not get blocked, but that is all I can think of. I haven’t figured out how to check my logs to see if these are empty passwords.
Thanks for any help you can provide.
Replies: 0
Hello!
Could you add Type (Bot) condition for IP Blocks in Custom Pattern
for example, a lock on the range 192.168.0.0-192.168.255.255, provided that Type = Bot
This is really missing .. thanks!
Replies: 0
I have recently successfully set up Two Factor Authentication in Wordfence using Google Authenticator on my iPhone. I would like to also set it up on my iPad for the same website so if I don’t have my iphone with me I can use my iPad instead but now it is set up on my iphone the QR code is no longer visible. Is it possible to set up on 2 devices please?
Replies: 0
I noticed you had a topic in 2018 which was closed.
I have now also one.
php error.log
[30-Nov-2019 16:13:17 UTC] PHP Fatal error: Uncaught OutOfBoundsException: ipRange is not a valid property for this block type in /../wp-content/plugins/wordfence/models/block/wfBlock.php:1148
Stack trace:
#0 /../wp-content/plugins/wordfence/waf/wfWAFIPBlocksController.php(63): wfBlock->__get(‘ipRange’)
#1 [internal function]: wfWAFIPBlocksController::synchronizeConfigSettings()
#2 {main}
thrown in /../wp-content/plugins/wordfence/models/block/wfBlock.php on line 1148
Note:
I did have one entry in the blocking options. It was last accessed 9/3/19 and it was one IP address. I did remove it today, since it was not used for 3 month now.