Replies: 0
Hi,
I installed WP Rocket, but Wordfence blocks all scans or CRON jobs. Allso it give file permission error on certain files.
Is there a setting or whitelist I can use for WP Rocket?
Thank you
↧
WP Rocket Blocked
↧
Deactivated on its own
Replies: 0
Just discovered the Wordfence plugin was deactivated one week ago. I never did it. Any idea why this might have happened?
↧
↧
Wordfence scan under MAMP not working
Replies: 0
I’m trying to work on a client’s site offline. We’ve installed the site locally on a Mac under MAMP and am able to access it just fine. However, when we try to run a Wordfence scan we get the error:
Scan Failed
The scan has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself. Click here for steps you can try.
I’ve tried the suggestions on the linked page in the error notice, but its still not working. I’m guessing there’s some specific configuration setting that should be made when running Wordfence under MAMP, but I haven’t found anything. Anyone have any thoughts?
Thanks.
↧
Wordfence conflicting with PilotPress causing an error
Replies: 0
I installed the free version of Wordfence on a client’s website. When I try to run a scan I get this error:
wp_remote_post() test back to this server failed! Response was: 200 OK
I did some troubleshooting and found that when I deactived the PilotPress plugin, I had no issues with Wordfence. I could scan just fine. When I turn PilotPress back on, I get the error again. This is an established website and deleting PilotPress is not an option. How can I fix this and get Wordfence to work??
↧
How to mitigate the security issue of having too many plugins installed
Replies: 0
Hi guys. Hoping to get some advice re: security issues with having too many inactive plugins.
I’m working on an unusual project that requires a lot of plugins installed. I need to activate / deactivate them programmatically. I’ve got it working but my concern is the large number of plugins installed at any given time.
From what I understand, the main security issue is that hackers can still make requests to inactive plugins remotely because /wp-content/plugins is publicly accessible. Is that right? So would adding a firewall rule to limit /wp-content/plugins access to just my domain mitigate this problem?
Cheers
↧
↧
Can’t disable firewall
Replies: 0
I’m building a new wp website and wordfence is blocking my plugins and codes. This happens even when I deactivate and delete the plugin. Within the tool, I see the verbiage below. How can I configure wordfence correctly?
You are currently running the Wordfence Web Application Firewall from another WordPress installation. Please click here to configure the Firewall to run correctly on this site.
↧
Wordfence scan reports plugins uninstalled long ago
Replies: 0
Recently ran a scan after getting some spam links injected on my site pages. The scan reported 3 “abandoned” plugins with Medium severity. However I had uninstalled two of those three a long time ago. The third reported plugin is not abandoned according to the plugin homepage on WordPress.org. Why is Wordfence showing results for plugins that don’t exist to my site?
↧
Malware Scan Info.
Replies: 0
Hi, I have scanned my site and in Malware Scan I have noticed a yellow triangle with an exclamation mark. How can I know what it refers to?
In the scan results find this:
WordPress core file modified: wp-includes/rest-api.php
Type: File
Issue Found January 22, 2020 10:49 am
WordPress core file modified: wp-admin/js/updates.min.js
Type: File
Issue Found January 22, 2020 10:49 am
WordPress core file modified: wp-admin/js/post.min.js
Type: File
Issue Found January 22, 2020 10:49 am
WordPress core file modified: wp-admin/js/post.js
Type: File
Issue Found January 22, 2020 10:49 am
WordPress core file modified: wp-admin/js/customize-nav-menus.js
Type: File
Issue Found January 22, 2020 10:49 am
WordPress core file modified: wp-admin/js/customize-nav-menus.min.js
Type: File
Issue Found January 22, 2020 10:49 am
4 paths were skipped for the malware scan due to scan settings
Type: Skipped Paths
Issue Found January 22, 2020 10:46 am
Details: The option “Scan files outside your WordPress installation” is off by default, which means 4 paths and their file(s) will not be scanned for malware or unauthorized changes. To continue skipping these paths, you may ignore this issue. Or to start scanning them, enable the option and subsequent scans will include them. Some paths may not be necessary to scan, so this is optional. Learn More
The paths skipped are ~/bborelie, ~/beaty, ~/easytimer, and ~/softaculous
Perhaps, it refers to this? 4 paths were skipped for the malware scan due to scan settings. Type: Skipped Paths
How can I solve it?
Thanks
↧
SiteGround Instructions
Replies: 0
Hello Wordfence, I was following the instructions here: https://www.wordfence.com/help/firewall/optimizing-the-firewall/ and received the following error message:
The following errors were encountered while processing your request:
OneHphpvar::saveini failed: Invalid value for variable auto_prepend_file ignored.
I continued with the instructions and have turned off the following:
display_errors = Off
auto_globals_jit = Off
I still have the same error located above. I know that SiteGround incorporated Nginx into their hosting environment and this may be the issue. Needless to say, I can’t get WordFence firewall to activate with the auto_prepend_file.
The link I was using for the auto_prepend_file was:
auto_prepend_file = ‘/home/XXXX/public_html/wordfence-waf.php’
Do you have another way to accomplish this task without the auto_prepend_file? Is it possible for you to update the tutorial for the new SiteGround setup they are using?
I hope you have a solution to this issue I’m facing. Many thanks, and I hope to hear back about this subject. Also, is the display_error and auto_globals_jit being off an issue, and do I need to turn them back on?
Thank you,
Syxguns
This was a question I submitted to feedback@wordfence.com. The response was that I should ask in the forums. Not sure if anyone else has faced this issue as of yet.
↧
↧
WPResidence theme
Replies: 0
Hello team,
I’m using the WPresidence theme, and each time the plugin is enabled users can’t access their profiles by logging in.
Once they press login the console log shows
Failed to load resources the server responded with a status of 503()
…/admin-ajax.php
Appreciate any help here
↧
Wordfence dashboard widget gone
Replies: 0
Hey y’all,
For some reason my wordfence dashboard widget disappeared on its own the other day.. I tried flicking the setting on and off to see if I could make it appear again, but no succes.
Any ideas?
↧
Wordfence Central Stuck at Communication Step
Replies: 0
I can’t connect my website to Wordfence Central. It just hangs on the step titled, “Testing that Wordfence Central is able to communicate with this site.” I have four (4) websites successfully in central and two (2) sitting in the “Connection Issues” tab with the resolve option simply saying “Complete Setup”.
These are corporate sites, so I have no say in the matter that these are all hosted on Windows servers, but the fact that they are isn’t the issue considering there are four (4) working and two (2) not.
↧
Fatal Error: wfWAFWordPressRequest::getRawBody()
↧
↧
click to upgrade to premium wordfence
Replies: 0
Trying to use wordfence premium key.
When i enter the key it take me to the wordfence website to register.
i tested to key on another website and it accepted it without going to wordfence link.
Uninstalled wordfence and installed again it still wont accept it without going to wordfence link.
↧
Users getting blocked out
Replies: 0
Hello,
I am seeing a lot of legitimate users getting locked out of two of my sites. I installed wordfence as i was getting about 20,000 hits an hour to my site that were to 404’s and wp-login pages.
“blocked for Exceeded the maximum number of page not found errors per minute for a crawler”
I see legitimate uses getting locked out with the error above, it seems to be when they pull articles vis RSS then visit the site, too. It seems to be people using RSS readers like NetNewsWire.
Cambridge, United Kingdom left https://www.timworstall.com/2020/01/24/not-sure-thats-actually-chinese/ and was blocked: Exceeded the maximum number of page not found errors per minute for a crawler. at https://www.timworstall.com/2020/01/24/not-sure-thats-actually-chinese/ArticleDetailImageFloatInactive.pn…
24/01/2020 10:20:11 (9 minutes ago)
IP: 80.0.180.15 Hostname: cpc91184-cmbg18-2-0-cust14.5-4.cable.virginm.net
Human/Bot: Bot
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) NetNewsWire
So the next question is how do i stop it from blocking these requests?
↧
Disable admin “VERIFICATION REQUIRED”
Replies: 0
Hi!
Since a few days ago, all of the websites that we admin, need the “Verification required” login. Never happens this before.
We configure only the Recaptcha on login, but never the “verification required”.
What’s happening?
We admin a lot of websites, and it’s a headache.
Thanks a lot.
↧
Wordfence.org Login Broken
Replies: 2
I was going to log in to subscribe to Wordfence Premium, but now I’m wondering if that’s a good idea if you can’t get something as simple as login authentication working properly!
Your Wordfence.org login is malfunctioning – it keeps telling me I’m putting in incorrect user name / password details. This has happened before too.
I’m not.
I use a password manager, and I have a backup file of credentials – they are correct!
Then it locks me out.
And then your email ‘unlock’ service is not working either!
What are you people doing? You need to get the basics right too!
↧
↧
Are Comments Allowed in Whitelisted IP addresses?
Replies: 0
Is it possible to add comments to the IP whitelist input box? This would be really handy for maintenance so that I can easily identify IPs that I may want to remove.
I don’t see anything in the settings page about comment syntax, nor any mention on https://www.wordfence.com/help/firewall/options/.
Thanks,
Evan
↧
Wordfence is preventing some users from logging in
Replies: 0
I posted about this quite recently, thought it had been resolved but the issue is still occurring for some users.
On logging in, some users are refused access with the message ‘An error was encountered while trying to authenticate’, here’s a screenshot
Authentication Error screenshot
I discovered another (seeminglly unresolved) Wordfence thread about this exact same issue here:-
Here’s some more info:-
- reCaptcha 3 has secret keys but is turned off
- 2FA is turned on, but only for admins
- I’ve disabled all plugins, problem still occurs
- The specific users can only get logged in if Wordfence is de-activated
- I have uninstalled Wordfence with the option to delete all DB table, no joy there either.
↧
Compatible with iThemes Backup Buddy?
Replies: 0
A couple of years ago, I tried Wordfence and really liked the concept, but it did not play well with the iThemes Backup Buddy plugin.
I use Backup Buddy to frequently restore a site to a development, stage or test area.
As an example, I’ll take https://websitename.com and create a new environment https://dev.websitename.com, and restore the complete website using Backup Buddy. This is important as I will test the validity of the backup and be able to install new features/plugins to check for compatibility.
Previously when Wordfence was installed, I was able to restore a live website that had issues by wiping everything out and restoring the Backup Buddy backup I had. But the real problem was restoring to a sub-domain.
Does anyone do this? Is this still a problem with Wordfence or is there any documentation on how to successfully restore a backup to a dev/stage environment on a sub-domain when Wordfence is installed? I could not find reference to Backup Buddy in the official documentation anywhere.
Thanks in advance.
↧