Extremely long URLs sent in emails

January 15, 2020, 1:37 pm

≫ Next: Wordfence protection for allow_url_fopen

≪ Previous: Can’t log into my site

$

0

0

Replies: 0

Hi, I am not sure if this problem originates with WordFence or with SendGrid, which we use to distribute emails from the website (like forum topic notifications). The originating URL links.cadc.net is set in SendGrid. But, links are being sent out in a very long format, like this: http://links.cadc.net/wf/click?upn=QMvZu9o68VgZWha4chI9qR8fiPA9EPhdab6-2FNcIhVXagTxNaDQrxhqXbp3FyRiAcgZhkp1N3eMDed6UirlISAw-3D-3D_VxlAuX98jGTImtRfy8qSMi8kimv4U8vdvQbMU6l6-2FnaVdFDIm8ttWoAsPSGP5UnbvmRKsrJsDg2RYdeSkozrr6ejcrbDS9eef70TJ3vU5XN5sdC7Nifmam6OHoHkX7vXgwG7fIy-2FqEIx6uJ3rlEcTXlKo-2F6IwciDYSdR8qXb3-2Bo3kmigEa9iYbpsPrwVToOP5h0s4fhQQumldUlmSG95n8jZd-2B1u3FPMDaJ3jT0HWgfN2wALJ4AZfejS-2BI5Hhy-2Bl which is actually just this: https://cadc.net/home/cadc-history-and-past-presidents/. Is it a function of WordFence to rewrite URLs? I’ve tried downgrading to an earlier version of WordFence but the problem persists. Any suggestions would be much appreciated.

---

Wordfence protection for allow_url_fopen

January 15, 2020, 8:50 pm

≫ Next: 403 Error without checkbox in learning mode

≪ Previous: Extremely long URLs sent in emails

$

0

0

Replies: 0

hi all.

i am not well versed in security stuff and wordfence is the only place i know where the makers are nice and helpful.

i have a plugin which requires allow_url_fopen to be On.

i did a search on google and found many articles stating that On = security risk.

Am hoping to get a better understanding here on what security risk is it ( its just the usual unavoidable risk or its a major open doors kind of risk? ) and whether wordfence will protect my site against that?

Much appreciated

• This topic was modified 8 minutes ago by confusedkoala.

403 Error without checkbox in learning mode

January 16, 2020, 1:49 am

≫ Next: Using WordFence with a Magento install

≪ Previous: Wordfence protection for allow_url_fopen

$

0

0

Replies: 0

Hi

I am trying to install a cookie plugin on my website. When I save the configuration with the Analytics script it returns a 403 Forbidden error.

I did not see a relationship with Wordfence, but today I tried to configure the same plugin on another website where Wordfence is still in learning mode and I could do it.

The same error was shown again but with a checkbox to indicate that it was a secure request. After checking it, the configuration was saved correctly and the plugin is already working.

I went back to the first website, put Wordfence in learning mode and cleaned cache, but error 403 still appears without checkbox.

How do I tell Wordfence that this request is safe and finish configuring my plugin? How can I modify it or configure another plugin in the future, with the protection mode already activated?

Thanks in advance.

Using WordFence with a Magento install

January 16, 2020, 7:05 am

≫ Next: Error: A regex Wordfence received from its servers is invalid.

≪ Previous: 403 Error without checkbox in learning mode

$

0

0

Replies: 0

We are a developer and use both WordPress and Magento as a platform. For WordPress, we always use WordFence and WordPress and when used together WordPress is installed in a subdirectory /blog/

My question is there a way to make use of WordFence as the firewall when WordPress is not the front end and located in a subdirectory? I would also want scanning enabled for Magento as well.

Even better is there a way to use WordFence without WordPress installed at all?

Error: A regex Wordfence received from its servers is invalid.

January 16, 2020, 1:30 pm

≫ Next: Error upgrading to 7.4.5

≪ Previous: Using WordFence with a Magento install

$

0

0

Replies: 0

Recent logs on my website are showing the error “A regex Wordfence received from its servers is invalid”. I don’t know why this would be, if this is actually a problem for my website (or what I would need to do to resolve it).

I also have a problem completing limited scans, which may be related, typically:

<b>Fatal error</b>: Out of memory (allocated 161480704) (tried to allocate 1261568 bytes) in <b>file</b>... <p>There has been a critical error on your website.</p>...

The scans get as far as “Analyzed 0 files containing 0 B of data.” and then drop off.

I’m on 123-reg hosting, which I know doesn’t help because they update the settings automatically to a limited scan every night.

Thoughts on what the issue(s) might be? Any solutions (other than change hosting provider)?

• This topic was modified 1 hour, 33 minutes ago by mkcn.

Error upgrading to 7.4.5

January 16, 2020, 3:54 pm

≫ Next: Immediately lock out invalid usernames still doesn’t work correctly

≪ Previous: Error: A regex Wordfence received from its servers is invalid.

$

0

0

Replies: 0

When upgrading Wordfence I get an error saying the this file couldn’t be copied:
wordfence/lib/wfDateLocalization.php
All file have the save rights (0744) and have the same owner.
When I remove this file before the update, I get a different error and the site is no longer avilable.
What can I do?

Immediately lock out invalid usernames still doesn’t work correctly

January 16, 2020, 8:06 pm

≫ Next: Unknown user disables Wordfence

≪ Previous: Error upgrading to 7.4.5

$

0

0

Replies: 0

Hi, I previously opened a ticket related to this topic, but I haven’t received a response in a month, so wasn’t sure how to resolve: https://wordpress.org/support/topic/immediately-lock-out-invalid-usernames-doesnt-seem-to-work/

I went ahead and deleted and reinstalled your plugin to see if the problem would be fixed. It does appear that more login attempts are being blocked, but for some reason the username [login] is not being blocked, although it is listed on the username block list. Any help would be greatly appreciated since there are several attempts per hour to try to login to my site.

Unknown user disables Wordfence

January 17, 2020, 2:54 am

≫ Next: Not receiving alerts for issues marked as high

≪ Previous: Immediately lock out invalid usernames still doesn’t work correctly

$

0

0

Replies: 0

Hi,

I recently got an email from Wordfence saying that Wordfence has been switched off by a user called “” on 127.0.0.1 which is a very worrying message.

I logged in to WordPress and saw that Wordfence was still active and i couldnt see any malicious logins. I have done a scan and seen a couple of files which I would query but is this a known problem? My Site host has also run a malware and virus scan and we cant see anything suspicious at this stage.

What are the scenarios which might lead to this message being generated?

Thanks,

WR

---

Not receiving alerts for issues marked as high

January 17, 2020, 7:40 am

≫ Next: The scan has failed to start

≪ Previous: Unknown user disables Wordfence

$

0

0

Replies: 0

Hello.

We have the following setup of a wordpress site (for several reasons we can’t update wordpress yet):

Wordpress 4.9.6
Wordfence 7.4.2 (not premium)

We have setup an email to get the alerts and set them up to “low” in order to get all alerts (from low to critical). However, even if we are getting an alert for a “medium issue” if we go to the scan’s result url (that is linked in the email) we get different results. Eg: we can see in that page a “high issue” (update wordpress core version), but that issue is not informed in our email.

There are other “medium” issues that are not informed in the email we receive.

We were not able to set it up so all issues are informed in the email. Is that the correct behaviour? We are we not at least getting the “high issue” alert in our email? We have set up the email alerts limits to “0” (according to what is described, that would mean *no limits* and should send all email alerts as they appear).

Finally, my last question is: how often are those schedule scans run? I have not seen it mentioned.

Thanks in advance.

The scan has failed to start

January 18, 2020, 4:53 am

≫ Next: Spam User Registration

≪ Previous: Not receiving alerts for issues marked as high

$

0

0

Replies: 0

Hey,

Since couple of days, I am not able to make a new scan, it always says that the scan has failed to start. I followed all the steps ho to solve this problem, but unfortunately, nothing helped.

Please help.

Spam User Registration

January 19, 2020, 6:27 am

≫ Next: Wordfence detecting malicious code The issue type is: Spam: HTML / spam.music.76

≪ Previous: The scan has failed to start

$

0

0

Replies: 0

I am getting four or five spam user registrations a day, which is an increase from one or two a month. I see no settings to add any specific defense from the registration form. I was looking at an additional plugin to help from CleanTalk but I don’t want to create a conflict with WF.

I am looking for a suggestion; if there is a setting that can help or if there is not a potential conflict with the other plugin, or any other suggestion?

Wordfence detecting malicious code The issue type is: Spam: HTML / spam.music.76

January 19, 2020, 1:35 pm

≫ Next: Not receiving unlock email

≪ Previous: Spam User Registration

$

0

0

Replies: 0

I have a wordpress site and I use 2 plugins with it: w3 total cache and wordfence security. About 1 week ago, wordfence security has been detecting a suspicious file on my website.
Is message:

File appears to be malicious: wp-content/cache/page_enhanced/toquesengracadosmp3.com/download-assobio-whatsapp-mp3-para-celular/_index_high_ssl.html
Type: File
Issue Found 19 de January de 2020 19:02
Critical

Filename: wp-content/cache/page_enhanced/toquesengracadosmp3.com/download-assobio-whatsapp-mp3-para-celular/_index_high_ssl.html
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">\x0a<html xmlns="//www.w3.org/1999/xhtml">\x0a<head profile="//gmpg.org/xfn/11">\x0a<title>Do...

The issue type is: Spam:HTML/spam.music.7683
Description: Suspicious template files that resemble music and movie download spam

This file (called _index_high_ssl.html) is actually a cached page. I checked the file several times and found no problem. The only problem is that the characters “\ x0a” do not appear when I open the file in google chrome or in notepad. I don’t know if it’s malicious code, or just a line break character. I already deleted the cached files from the page, but they come back, and when I scan again, wordfence detects the same problem. The strange thing is that I have more than 100 curly pages, and wordfence does not detect any problem in any of them, only on this specific page. Could anyone explain what is going on? Could my site be infected, or is it a “false positive?”

• This topic was modified 39 minutes ago by luizbr262.

Not receiving unlock email

January 19, 2020, 7:18 pm

≫ Next: Scan Failed The scan has failed because we were unable to contact the Wordfence

≪ Previous: Wordfence detecting malicious code The issue type is: Spam: HTML / spam.music.76

$

0

0

Replies: 0

Hello!
Today I was going through my Wordfence settings, and I added /wp-admin/ to the blacklisted URLs thinking that it would automatically whitelist my IP. Regardless, I am now locked out of my WordPress Admin panel and when I try to put in the email to unlock it, it says the request was received but I don’t get an email. Any help would be hugely appreciated! Thank you!

Scan Failed The scan has failed because we were unable to contact the Wordfence

January 19, 2020, 11:35 pm

≫ Next: using WP_HTTP_BLOCK_EXTERNAL

≪ Previous: Not receiving unlock email

$

0

0

Replies: 0

Hello,

I am getting below error when I try to run scan –
———-
Scan Failed
The scan has failed because we were unable to contact the Wordfence servers. Some sites may need adjustments to run scans reliably. Click here for steps you can try.

The error returned was:

The Wordfence scanning servers are currently unavailable. This may be for maintenance or a temporary outage. If this still occurs in an hour, please contact support. [404]
————–

What can be done to resolve this as I am stuck. Please help.

—
Best Regards,
Lily M.

using WP_HTTP_BLOCK_EXTERNAL

January 20, 2020, 2:30 am

≫ Next: Same template, different results

≪ Previous: Scan Failed The scan has failed because we were unable to contact the Wordfence

$

0

0

Replies: 0

Can you use wordfence with WP_HTTP_BLOCK_EXTERNAL set up in the config? I thought I would be able to define( ‘WP_ACCESSIBLE_HOSTS’, ‘*.wordfence.com’ ); but it seems I cannot start a scan.

---

Same template, different results

January 20, 2020, 4:36 am

≫ Next: Strategy for “Immediately lock out invalid usernames”

≪ Previous: using WP_HTTP_BLOCK_EXTERNAL

$

0

0

Replies: 0

Hi,

My websites are pretty much following the same schema in fact of Wordfence template being used and website settings. However for some I get a low priority warning while I don’t for others using the same template and settings, here is an example:

http://share.creoweb.it/2768a2bb.jpg

Strategy for “Immediately lock out invalid usernames”

January 20, 2020, 7:00 am

≫ Next: Problem with email activity report.

≪ Previous: Same template, different results

$

0

0

Replies: 0

I am trying to decide if the feature “Immediately lock out invalid usernames” should be used or not. I note that if a certain username is entered and then someone tries to log in using that username, not only does the login fail, but a link is provided to a page that explains in detail why it may have failed. This is probably useful information to a hacker. If nothing else, it tells them to stop wasting time trying a brute force attack with that username.

I wonder if it would not be better to provide a strict minimum of information about the failure and let the hacker uselessly continue the brute force attack, but with no hope of success (assuming that no account for that username exists).

I welcome feedback from people who have concrete experiences one way or the other regarding this issue.

Thanks in advance.

Problem with email activity report.

January 20, 2020, 8:39 am

≫ Next: Negative time

≪ Previous: Strategy for “Immediately lock out invalid usernames”

$

0

0

Replies: 0

Hi I have a problem. I have set up sending the weekly activity report by e-mail, but from 09/12/2019 I am no longer receiving anything.

How can I solve the problem? Thanks.

Negative time

January 20, 2020, 9:18 am

≫ Next: Can’t restrict user registration

≪ Previous: Problem with email activity report.

$

0

0

Replies: 0

Hi,

I’ve noticed since the latest updates that after a while the live traffic shows a negative time:

20/01/2020 18:03:39 (-1267 seconds ago)

I check the time settings on the server and it matches the time setting on the website. When I refresh the page the issue is fixed on it’s own for a while. I checked multiple browsers including Chrome and Firefox.

Do you know what the issue might be.

Thanks,

Can’t restrict user registration

January 21, 2020, 3:40 am

≫ Next: WP Rocket Blocked

≪ Previous: Negative time

$

0

0

Replies: 0

I there.
I’m trying to restrict registration to some users who came from an specific url
goodcoffemaker.com

I tried to add this rule into the firewall > block page like this
Referrer – *goodcoffeemaker.com

But users still registrating.

What I’m doing wrong?
Thanks a lot!
🙂