Replies: 0

Hi Wordfence team,

Need a follow up on https://wordpress.org/support/topic/scan-process-ended-after-forking-13/#post-13254469

Replies: 0

I have many sites hosted with Cloudways. A few days ago, two of the sites completely crashed. I inquired and I received this info back from customer support:

I have checked the logs and it seems that a few applications on the server had an xmlrpc.php and wp-login.php attack. We have introduced a new feature called bot protection to mitigate such attacks. Please consider activating this on your WordPress applications.

I thought this was a “server side” blocker of bots but apparently when I accept it, it installs just like a wordpress plugin.

I am loyal to WORDFENCE and things overall are working smoothly.

I would rather not uninstall Wordfence on all my sites and install Malcare. But they are claiming that they are better at blocking bots.

1) Is there some setting within Wordfence that I may have missed in wordfence to prevent this type of hack without switching over to Malcare?

2) would it be bad to install Wordfence AND Malcare concurrently?

Thank you.

Replies: 0

Hello,

It has been common for me to receive messages like this from WordFence for the last 2 months: “[Wordfence Alert] vemverosolnascer.com User locked out from signing in”.

I’m detoxing my site, updating everything, reviewing other mistakes, but this keeps happening and I don’t think it’s normal. Is it? What can I do to protect my site?

Thank you.

Roberta

Replies: 0

I have my site setup to schedule a standard scan every day however it doesn’t work. Scans are successful when I start one manually, but they just wont run automatically.

I have checked “Start all scans remotely” in diagnostics but it still doesn’t work. The only issue I can see is in ‘Connectivity > Connecting back to the site’ which says this (URL redacted):

wp_remote_post() test back to this server failed! Response was: cURL error 7: Failed to connect to [–url–] port 443: Connection refused

Our IT technician has looked into it but can’t see what the issue is.

Replies: 0

Hi,
Wordfence somehow keeps locking me out of my website. I completely uninstalled it and dropped all its database tables and then reinstalled it, but I still have the problem. I work a lot with VPNs (a necessity in my work), so maybe that plays in here. What can I do to make this stop?

Replies: 0

I use Font Awesome 5 (including the FA4 Shim) on all the sites I build, including the admin. I am currently dealing with multiple plugins that all load their own version of FA in the admin using their own handles, for example, wordfence uses “wordfence-font-awesome”. If it used a standard “font-awesome” handle this would not be an issue since my enqueuing has a very low priority and it would override the version in this plugin. This multiple loading of FA not only breaks the admin of this plugin but on the site I’m currently working on 5 different versions of FA are being loaded by various plugins creating a significant performance issue for the WP admin.

Replies: 0

Hey Wordfence,

I have an issue trying to make XML-RPC Skipped, but the save button does nothing, and this conflicts with other plugins, so I had to disable the plugin until I can save the option, I’m trying to get to your premium support as I have a premium license but I can’t reach it on your website, can you please help me out here?

Thanks,
Ali

Replies: 0

Hi,

I have used WP Downgrader to downgrade WP from 5.5 to 5.4.2.

I have used Wordfence to do a scan and it found about 80 unknown files in WP core folders (wp-admin and wp-includes). The list of the files names is given below.

Could you please confirm they are WP 5.5 core files? If so, perhaps there should be an update to Wordfence to give more suitable scan results and warnings.

Many thanks.

List of file names found in wp-admin and wp-includes and considered unknown by Wordfence:

Unknown file in WordPress core: wp-includes/sitemaps/class-wp-sitemaps-index.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Need help with a hacked website?

Our team of security experts will clean the infection and remove malicious content. Once your site is restored we will provide a detailed report of our findings. Includes a 1-year Wordfence Premium license.

Unknown file in WordPress core: wp-includes/sitemaps/class-wp-sitemaps-provider.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/sitemaps/class-wp-sitemaps-registry.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/sitemaps/class-wp-sitemaps-renderer.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/sitemaps/class-wp-sitemaps-stylesheet.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/sitemaps/class-wp-sitemaps.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/sitemaps/providers/class-wp-sitemaps-posts.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/sitemaps/providers/class-wp-sitemaps-taxonomies.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/sitemaps/providers/class-wp-sitemaps-users.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/sitemaps.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/rest-api/endpoints/class-wp-rest-block-directory-controller.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/rest-api/endpoints/class-wp-rest-block-types-controller.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/separator/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/social-links/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/spacer/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/subhead/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/table/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/tag-cloud/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/text-columns/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/verse/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/video/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/cache-compat.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/class-wp-block-list.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/class-wp-block-pattern-categories-registry.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/class-wp-block-patterns-registry.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/class-wp-block.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/block-patterns/heading-paragraph.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/block-patterns/large-header-button.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/block-patterns/large-header.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/block-patterns/quote.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/block-patterns/text-three-columns-buttons.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Filename: wp-includes/block-patterns/text-three-columns-buttons.php
File Type: Core
Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. Learn More
Unknown file in WordPress core: wp-includes/block-patterns/text-two-columns-with-images.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/block-patterns/text-two-columns.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/block-patterns/three-buttons.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/block-patterns/two-buttons.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/block-patterns/two-images.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/block-patterns.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/archives/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/audio/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/block/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/button/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/buttons/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/calendar/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/categories/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/classic/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/code/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/column/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/columns/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/file/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/gallery/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/group/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/heading/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/html/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/image/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/index.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/latest-comments/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/latest-posts/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/list/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/media-text/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/missing/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/more/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/nextpage/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/paragraph/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/preformatted/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/pullquote/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/quote/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/rss/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/blocks/search/block.json
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/PHPMailer/Exception.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/PHPMailer/PHPMailer.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/PHPMailer/SMTP.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/SimplePie/Cache/Memcached.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-includes/SimplePie/Cache/Redis.php
Type: File
Issue Found August 20, 2020 5:04 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-admin/css/colors/modern/colors-rtl.css
Type: File
Issue Found August 20, 2020 4:29 am
High
IGNORE
DETAILS
Filename: wp-admin/css/colors/modern/colors-rtl.css
File Type: Core
Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. Learn More
Unknown file in WordPress core: wp-admin/css/colors/modern/colors-rtl.min.css
Type: File
Issue Found August 20, 2020 4:29 am
High
IGNORE
DETAILS
Unknown file in WordPress core: wp-admin/css/colors/modern/colors.css
Type: File
Issue Found August 20, 2020 4:29 am
High
IGNORE
DETAILS
Filename: wp-admin/css/colors/modern/colors.css
File Type: Core
Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. Learn More
Unknown file in WordPress core: wp-admin/css/colors/modern/colors.min.css
Type: File
Issue Found August 20, 2020 4:29 am
High
IGNORE
DETAILS
Filename: wp-admin/css/colors/modern/colors.min.css
File Type: Core
Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. Learn More
Unknown file in WordPress core: wp-admin/css/colors/modern/colors.scss
Type: File
Issue Found August 20, 2020 4:29 am
High
IGNORE
DETAILS
Filename: wp-admin/css/colors/modern/colors.scss
File Type: Core
Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. Learn More
Modified plugin file: wp-content/plugins/democracy-poll/js/democracy.js
Type: File
Issue Found August 20, 2020 5:04 am
Medium
REPAIR
IGNORE
DETAILS
Modified plugin file: wp-content/plugins/democracy-poll/js/democracy.min.js
Type: File
Issue Found August 20, 2020 5:04 am
Medium
REPAIR
IGNORE
DETAILS
1 path was skipped for the malware scan due to scan settings
Type: Skipped Paths
Issue Found August 20, 2020 4:28 am
Low
IGNORE

Replies: 0

hello,

I have no coding experience at all -0.

I tried configuring the firewall on wordfence as I keep getting the notice. I did it but my main menu changed, no drop down options and I can’t access other menu sections.

Please help, I am just starting to get interests.

I even removed the firewall setting but it didn’t resolve the issue.

Preferably, I will like to have kept the firewall configuration if the menu section wasn’t affected. (Don’t know if any other part of the site got affected as well).

Looking forward to some help on this.

Replies: 2

Hi
I have modified and hidden some elements of my wordpress using the wp hide & security enhancer plugin, will it affect security or malware scanning using wordfence? And will it affect the functionality (like blocking etc) of your plugins?
Thank you

Replies: 0

Hi

When generating a shop export feed I get the below 503 error. After many days of assistance from my ISP and the recipient of the feed, I have found that the feed works only if I disable the WORDFENCE plug-in.
This export feed used to work pre-lockdown Level 5 (25 March 2020). Now that we are allowed to sell again at lockdown level 2, I cannot get the export feed to work UNLESS I DISABBLE the WordFence plug-in. I have white listed the IP for the feed but still no joy while WordFence is enabled.

See error below, any help will be much appreciated:

Response Code: 503
Response Content:

Response Exception:
Response failed with error: The requested URL returned error: 503 Service Temporarily Unavailable

Export is completed.

Thank you for your attention to this issue.

Regards,
Brian

Replies: 0

I encountered a problem with connectivity for the scan today. This problem shows in the first time, i never see it before with Wordfence.

When i used scan function, the Wordfence shows below :
“Scan Failed. The scan has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself. Click here for steps you can try.”

Then i checked Diagnostics, and found in the ” Connectivity ” tab, for “Connecting back to this site” sometimes it shows “wp_remote_post() test back to this server failed! Response was: Too many redirects”, but when i refresh the page, sometimes it will show “OK” with two IPs. By the way i use the Cloudflare, it is its problème? Or the problem of WordPress 5.5? And how can i fix it?

Looking forward to your reply!
Sincerely,

Replies: 0

Hello there!

On my new site, and I’m using StackPath for WAF and CDN.

The problem I’m facing is WF is not getting the IP of the user. Then I searched on the internet and I found this topic: https://wordpress.org/support/topic/stackpath-waf-ip-addresses-blocked-for-waf-rule-194/

So, I set it as “Use the X-Forwarded-For HTTP header.”, and added the “trusted proxies” list from StackPath.

But still, WF is getting the IP of StackPath.

Then I thought this is an issue of hosting provider, so I contact SiteGround and they investigated the issue.

They confirmed to me that the site is getting the X-Forwarded IP (They created a custom PHP file and showed me the proof that the site is getting the X-Forwarded IP)

So, SiteGround recommended me to contact WF support.

Any solution? If this issue can be fixed, I can upgrade to WF Premium.

Thanks
Akhil

Replies: 0

Hello,

I thought the 2FA info would transfer when I restored a backup to my new phone. It didn’t, and worse yet, I don’t have my recovery codes. I’m sure there isn’t a way to recover from this careless mistake. But is there a way to remove my wordfence central profile and start over? At this point, I’m not able to log into wordfence central.

Thanks. And before anyone flames out on me: yes I know this is my mistake and am learning from the experience. 🙁

Replies: 0

Scan dont start, some time they do start but again stop with warning
“The scan has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself.”

I tried all the steps mentioned in the list but it does not help, some time it start but it halts in between without finishing the can

• This topic was modified 13 hours, 7 minutes ago by rajeshsingh520.

Replies: 0

i installed and linked through the barcode lastpass 2fa, but when using it, the key i receive from last pass isnt accepted.
help?

Replies: 0

Hi,

Thank you for the great plugin.

I am using the free version of Wordfence and experiencing problems with running scans on staging sites that I have created. The scans run as expected on the live sites, but as soon as I try on the staging site (clones of the live) the scan fails to run, just providing the message: ‘Scan stop request received.’, and nothing more happens

I have tried searching on this forum, but I was unable to find anything to assist. I have also run through the troubleshooting options at https://www.wordfence.com/help/scan/troubleshooting/ without any resolutions.

Any additional recommendations are greatly appreciated.

Thank you for your time and assistance.

Replies: 0

Hello

Every time i enter the code it fails is was working before, I moved my site to a new server the server time is an hour behind my UK time, I am confused what am I supposed to do ? i cant change the server time!!

The code provided does not match the expected value. Please verify that the time on your authenticator device is correct and that this server’s time is correct.

Replies: 0

There was another thread about this that was marked resolved last night for some reason even though the issue has clearly not been resolved.

I thought I found the backdoor (rms_unique_wp_mu_pl_fl_nm.php) in /wp-content/mu-plugins/ but despite deleting that file and cleaning everything out, the script was reinjected into all of my pages/posts this morning.

I’ve noticed yesterday the script was injected into header.php which was a first (previously it would go into all posts/pages or functions.php).

This morning, the url in the script itself was slightly different:
<script src='https://js.donatelloflowfirstly.ga/statistics.js?n=ns1' type='text/javascript'></script>

In the past it’s been stats.js or stat.js

How the hell do we get rid of this thing? Wordfence has not been helpful!

Removing the redirect/script code is easy enough, but please do not mark this thread as resolved until we get the backdoor identified and removed as this virus is relentless and keeps coming back.

• This topic was modified 5 hours, 40 minutes ago by pmoondi.

Replies: 0

Any idea when Wordfence will get the correct client IP when using Amazon CloudFront as a CDN?

This seems to be an issue experienced by many other users that has not been addressed. Regardless of the settings (i.e. Use the X-Forwarded-For HTTP header, etc.) the client IP address is always the CloudFront IP. I would consider this a major flaw in Wordfence and is the only reason I haven’t purchased the premium version. I would advise others not to purchase as well until this is resolved.

• This topic was modified 5 hours, 33 minutes ago by rodgerjm.