Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all 33127 articles
Browse latest View live

administrator created outside site and temp cleaner

February 18, 2020, 11:11 am
$
0
0

Replies: 0

Just wondering if anyone else has had this issue or if it’s specific to our server:
We are getting repeated hits of someone creating an administrator user they are adding a plugin (or it pretends to be one) called ‘tempcleaner’ to the site. This appears to be for malicious uploading. (Easy to spot as trouble because we NEVER create a user called admin or administrator when setting up the sites.)

We are dealing with it (en masse as it’s hit several of our sites.) I’m just wondering if anyone had a clue if it’s a wordpress vulnerability I should look for or a server side thing. I keep an eye on the Wordfence blogs and haven’t seen anything that looks like it is used on these sites.

If it’s not just us, well, you are not alone.

And In any case I’d like to thank Wordfence for making it relatively easy to find and fix the hacked and unfriendly files (and exterminate the uninvited guests).

Search

Problem “Live Traffic” page.

February 18, 2020, 3:03 pm
$
0
0

Replies: 0

Hi, I have a problem with the wordfence plugin.

Every time I load the Live Traffic page, the loading is very slow with the message at the bottom right “Wordfence is working…” which does not disappear. If I load the Live Traffic page and then try to return to the back-end home, the error “Internal server error 500” is displayed.

In all the other pages of the plugin settings (for example dashboard, firewall, blocks, tools etc …) it does not create any problem.

The plugin is updated to the latest version. Thank you.

Admin locked out

February 18, 2020, 3:34 pm
$
0
0

Replies: 0

Someone tried to log in to the admin unsuccessfully. Then the admin account was locked out. I entered the right password and even changed it, but when I tried to log in I am getting this message :

ERROR: This account has been locked because of too many failed login attempts. You may try again in 2 weeks.

I even changed the Wordfence plugin folder name, but still the same.

Issue with Embedding Script Code

February 18, 2020, 7:43 pm
$
0
0

Replies: 0

Hi i need help!

It seemed that I can’t embed a customized script code into WordPress page as Wordfence somehow is blocking them. As result, I cannot update, publish, or preview the page with the embedded code. It will be redirected to “Page Not Found”.

Please assist.

Log in with my username different IP

February 19, 2020, 1:35 am
$
0
0

Replies: 0

When I logged into wordpress this morning I got an email saying an administrator with my same username had logged in from a different IP in Frankfurt Germany.

I have been getting a lot of alerts about failed loggin attmepts from Germany since I installed wordfence as well.

I did ‘log out everywhere else’ under my user profile and I changed my password. Then I logged out and back in again and I got the same email immedietaly. So is this really someone else does it seem like? Or a hack that is initiated when I log on or is it actually just me logging on and for some reason it is showing as Germany (I am in the UK)?

I tried googling and I can’t find anything to help me understand this.

Thanks,
Kristen

2fa on WordPress, not working on Wordfence.com

February 19, 2020, 2:22 am
$
0
0

Replies: 0

I tried to log in to the Wordfence site since I actually a premium member and need support.

Though, the Wordfence site now requires me to actually use 2fa. I did set up 2fa on my WordPress site, but never on Wordfence.com. Now, the problem is that I can’t log into Wordfence.com, because neither the 2fa code from google authenticator nor the recovery codes are being accepted.

How can I solve this?

Kind Regards
Chris

Wordfence activity report

February 19, 2020, 3:07 am
$
0
0

Replies: 0

After moving the domain to a new host, Wordfence started to send 2 activity reports:

  • One report with old activity that never changes
  • A second activity report with current activity

Troubleshooting
After disabling the Wordfence activity report:

  1. report with old activity continues to be sent
  • report with current activity stops

NOTE
The old activity never changes, it reports updates needed for a plugin and 2 themes that were updated more than 2 months ago.

Can you please advise how to stop the old activity report?

Thank you!

Displays the list of all URLs in the Whitelisted.

February 16, 2020, 12:11 am
$
0
0

Replies: 3

Hi, last month I entered various URLs in the Whitelist and they were visible in the advanced firewall options (at the bottom of the page I saw all the URLs entered manually).

Now, if I go to reload the Advanced Options page of the firewall, I don’t see any URL entered.

I wonder if it is possible to view the entire list of URLs entered in the Whitelist since I installed your excellent plugin. If yes, where can I consult the list?

Thanks.

Search

403 Forbidden – WordFence NOT installed???

February 18, 2020, 11:03 pm
$
0
0

Replies: 0

Hi,

Can you please explain to me why I cannot make changes on my own site and why I am getting this error (403 Forbidden
A potentially unsafe operation has been detected in your request to this site.) when Wordfence is NOT even installed? Please help. Thank you.

KR,
WCAikido

Wordfence activity report

February 19, 2020, 3:07 am
$
0
0

Replies: 0

After moving the domain to a new host, Wordfence started to send 2 activity reports:

  1. One report with old activity that never changes
  • A second activity report with current activity

Troubleshooting
After disabling the Wordfence activity report:

  • report with old activity continues to be sent
  • report with current activity stops

NOTE
The old activity never changes, it reports updates needed for a plugin and 2 themes that were updated more than 2 months ago.

Can you please advise how to stop the old activity report?

Thank you!

Customize “Your access to this site has been limited” page

February 19, 2020, 6:20 am
$
0
0

Replies: 0

Is there a way to customize the wordfence user banned page?

When I ban an IP address/country the user gets the

“Your access to this site has been limited” page — is there away to modify this page?

Thanks

Moving / Migrating to a new server

February 19, 2020, 8:22 am
$
0
0

Replies: 1

Hi all,

I’m planning to change my hosting provider.
Should I remove the wordfence plugin before the migration?
Or
If not;
Which files should I edit after migrating? (.htaccess etc)

Thanks in advance
Nayana Sri.

Manually Updating Rules

February 19, 2020, 10:11 am
$
0
0

Replies: 0

I just received this error message when I opened my WordPress website to perform some routine maintenance:

The last rules update for the Wordfence Web Application Firewall was unsuccessful. The last successful update check was December 11, 2019 12:59 am, so this site may be missing new rules added since then. You may wait for the next automatic attempt at February 20, 2020 5:11 am or try to Manually Update by clicking the “Manually Refresh Rules” button below the Rules list.

I tried pressing the Manually Update link in this message but I can’t find a Manually Refresh Rules button. FWIW, I’m using the free version of WordFence v7.4.6 with WordPress 5.3.2-en. Please advise.

Scan failed message for 6 days

February 19, 2020, 8:30 am
$
0
0

Replies: 0

Wordfence has been giving me the same “Scan failed” message for 6 days. I’ve addressed it with my hosting provider, they’ve run a permissions fix as well as corrected the PHP but it still fails. The log shows no errors that should cause this. I’ve disabled the “Scan as if executable” option, as well as set the max time for each stage at 13 and 15, then set it to 240 (80% of the 300 max shown in the config). After my host ran the permissions fix, the scan ran completely once except for the Vulnerability scan. After than it went back to hanging just after the Server State section. Do I need to just scrap it and reinstall the plugin?

Enable recaptcha not working

February 19, 2020, 1:05 pm
$
0
0

Replies: 0

For some reason, wordfence google recaptcha won’t work. I have tried everything. Please view this screen recording to better convey the issue. As you can see in the attached screenshot, I’ve filled out the proper info and then I logout and log back in to see if google Recaptcha works and there is no sign of it. I can sign in without Recaptcha. Any help would be much appreciated. Am I supposed to place the reCAPTCHA v3 Site Key somewhere else?

https://drive.google.com/file/d/1ua0468TnEpthYG9mKRY2XCkR8qC6zCjo/view?usp=sharing

Search

EasyWP Firewall optimization

February 19, 2020, 1:33 pm
$
0
0

Replies: 0

Hey i want to optimize my firewall but non of the options worked and now im stuck. Tried every servertype but it doesnt work and i dnt know how to do it manually with EasyWP

2FA Compulsory?

February 19, 2020, 4:34 pm
$
0
0

Replies: 0

Hello, I’m wondering if Wordfence Security can be used to make 2FA mandatory/compulsory for users other than admin users. Eg, for editors, contributors, shop managers. If so, how do I put this in place? Thanks very much.

Users blocked by firewall see blank page with date at top

February 20, 2020, 4:31 am
$
0
0

Replies: 0

Hey guys
I’m using Wordfence with the Aardvark theme and this may be a theme issue, but users who are blocked for repeated failed login attempts are taken to the normal public user page, but the page content is blank except for the date printed at the top of the page. They don’t even see the custom blocked user message I set up in the preferences.
Any ideas why this might be or what might cause it?

Whitelist URLs of CSS files

February 20, 2020, 5:48 am
$
0
0

Replies: 0

Hello,

I have installed a cookie consens plugin but Wordfence blocks all CSS and JS files of this plugin so I can’t edit any settings in the plugin.

e.g.

GET https://www.domain.com/wp-content/plugins/borlabs-cookie/css/borlabs-cookie-backend.css?ver=2.1.14 net::ERR_BLOCKED_BY_CLIENT

GET https://www.domain.com/wp-content/plugins/borlabs-cookie/vendor/fontawesome/css/fontawesome.min.css?ver=5.5.0 net::ERR_BLOCKED_BY_CLIENT

GET https://www.domain.com/wp-content/plugins/borlabs-cookie/vendor/fontawesome/css/solid.min.css?ver=5.5.0 net::ERR_BLOCKED_BY_CLIENT

and some more…

I tried to whitelist the URL in Firewall/Whitelisted URLs but the problem is I don’t know which Param Type I need to use and also i don’t know which Param Name I have to use. Can you advice me?

Best regards

Live Traffic Header Error Code

February 20, 2020, 10:49 am
$
0
0

Replies: 1

We’re getting an error message thrown at the top of our website header (below). When WordFence plugin is disabled, the problem goes away. I’ve read to disable “Live Traffic” > Amount of Live Traffic data to store (number of rows) to 0 >Security only >Save and that didn’t solve the issue. The error can be seen with Chrome and Opera, and on cell phones, not Firefox. Any other specific settings we should be hitting?
~~~~~~
(function(url){ if(/(?:Chrome\/26\.0\.1410\.63 Safari\/537\.31|WordfenceTestMonBot)/.test(navigator.userAgent)){ return; } var addEvent = function(evt, handler) { if (window.addEventListener) { document.addEventListener(evt, handler, false); } else if (window.attachEvent) { document.attachEvent(‘on’ + evt, handler); } }; var removeEvent = function(evt, handler) { if (window.removeEventListener) { document.removeEventListener(evt, handler, false); } else if (window.detachEvent) { document.detachEvent(‘on’ + evt, handler); } }; var evts = ‘contextmenu dblclick drag dragend dragenter dragleave dragover dragstart drop keydown keypress keyup mousedown mousemove mouseout mouseover mouseup mousewheel scroll’.split(‘ ‘); var logHuman = function() { if (window.wfLogHumanRan) { return; } window.wfLogHumanRan = true; var wfscr = document.createElement(‘script’); wfscr.type = ‘text/javascript’; wfscr.async = true; wfscr.src = url + ‘&r=’ + Math.random();
:
:
:

Viewing all 33127 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>