New to Wordfence. Need Help With Warning Emails

September 10, 2020, 12:53 pm

≪ Previous: Unknown File in Wordfence Scan

Replies: 0

Volunteer with Families Anonymous. Just asked to take over website support. Got multiple warning emails from WordFence. Latest email is:

“A user with IP addr 51.38.162.226 has been locked out from signing in or using the password recovery form for the following reason: Exceeded the maximum number of tries to recover their password which is set at: 10. The last username or email they entered before getting locked out was: ‘pHqghUme’.
The duration of the lockout is 4 hours.
User IP: 51.38.162.226
User hostname: ip226.ip-51-38-162.eu
User location: France”

Is there anything further I need to do, or did WordFence take care of this itself?

↧

Login Error Log

September 10, 2020, 1:07 pm

≫ Next: Signal Sciences WAF conflict

≪ Previous: New to Wordfence. Need Help With Warning Emails

Replies: 0

Hi There!

I know there is a way to view a selection of attempted unsucessful logins, but is there a way to view a larger list and most importantly the REASON they were unsuccessful?

Right now it says:

username ip timestamp
username ip timestamp

I would love:

Username ip timestamp “wrong Password”
Username ip timestamp “on breach list”
Username ip timestamp “not a user”

I cant find anything on free or pro that does this, but I used to get emails for each one with that information, so I know that it is possible. Is this somewhere I just havent seen?
TIA

↧

Signal Sciences WAF conflict

September 10, 2020, 1:27 pm

≫ Next: File identified but reported text not found

≪ Previous: Login Error Log

Replies: 0

Hi,

We are using a WAF from Signal Sciences, https://www.signalsciences.com/ and this seems to be conflicting with the firewall in that every visitor to the site is attached a single ip, that if a lockout occurs it blocks this ip which blocks all users. Is there a solution to this issue so that we can get the Wordfence firewall to work with our other WAF?

Thanks

↧

File identified but reported text not found

September 10, 2020, 4:47 pm

≫ Next: Rules applied on our htaccess file causing slow performance

≪ Previous: Signal Sciences WAF conflict

Replies: 0

In my wordfence scan I am getting a backdoor reported in a file, but when I check the file the reported bad text is not there.
The reported file is

Filename: wp-content/themes/anora/core/admin/options_page__importexport.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: $uploaddir = get_template_directory().’/core/temp/’;\x0a\x09\x09\x09\x09\x09\x09\x09\x09$uploadfile = $uploaddir . basename( $_FILES[‘userfile’][‘name’] );\x0a\x09\x09\x09\x09\x09\x09\x09\x09if ( move_uploaded_file( $_FILES[‘userfile’][‘tmp_name’], $uplo…

The issue type is: Backdoor:PHP/baduploader.6832
Description: File uploader used as a backdoor

When I go to that file and find the lines $uploaddir etc, the \x0a\x09\x0…. stuff isn’t there

if ( $_SERVER[‘REQUEST_METHOD’] == ‘POST’ ) {
$uploaddir = get_template_directory().’/core/temp/’;
$uploadfile = $uploaddir . basename( $_FILES[‘userfile’][‘name’] );
if ( move_uploaded_file( $_FILES[‘userfile’][‘tmp_name’], $uploadfile) ) {
if ( $_FILES[‘userfile’][‘type’] === ‘text/plain’ ){
echo anora_import_theme_options( $uploadfile );
} else {

Where could this backdoor code be coming from?

↧

Rules applied on our htaccess file causing slow performance

September 10, 2020, 10:19 pm

≫ Next: Are these Malicious Files or False positive ?

≪ Previous: File identified but reported text not found

Replies: 0

On our Htaccess file, we had some rules applied for WordFence plugin. The rules were embedded on our htaccess file, and it was causing this major looping issue on the backend, which slowed down the whole site. Seems kind of like there’s some issues with it creating historical rules that don’t go away even on deactivation. Is there any way we can solve this and keep using the plugin?

↧

Are these Malicious Files or False positive ?

September 11, 2020, 1:11 am

≫ Next: Fatal error

≪ Previous: Rules applied on our htaccess file causing slow performance

Replies: 0

https://ifluids.com/

WordFence Scan shows below files are Critical Issues. Are these files Malicious or False positve? What action I should take. Using Wordfence Premium Plugin

File appears to be malicious: wp-content/themes/twentytwenty/link-template.php

File appears to be malicious: wp-includes/sodium_compat/theme.php

File appears to be malicious: wp-content/themes/twentytwenty/classes/class-twentytwenty-script-loader.php

File appears to be malicious: wp-includes/js/tinymce/skins/category.php

File appears to be malicious: wp-includes/blocks/comment.php

File appears to be malicious: wp-includes/block-patterns/post-template.php

File appears to be malicious: wp-content/uploads/wp-file-manager-pro/embed.php

File appears to be malicious: wp-includes/sodium_compat/src/Core/Curve25519/ms-site.php

Unknown file in WordPress core: wp-includes/js/tinymce/skins/category.php

Unknown file in WordPress core: wp-includes/sodium_compat/src/Core/Curve25519/ms-site.php

Unknown file in WordPress core: wp-includes/sodium_compat/theme.php

Unknown file in WordPress core: wp-includes/block-patterns/post-template.php

Unknown file in WordPress core: wp-includes/blocks/comment.php

Unknown file in WordPress core: wp-includes/PHPMailer/category-template.php

↧

Fatal error

September 11, 2020, 2:30 am

≫ Next: .htaccess to default

≪ Previous: Are these Malicious Files or False positive ?

Replies: 0

Hello,
I’ve found this error message showing today:
Fatal error: Uncaught wfWAFStorageFileException: Unable to verify temporary file contents for atomic writing. in /var/www/clients/client5/web114/web/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:52 Stack trace: #0 /var/www/clients/client5/web114/web/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(659): wfWAFStorageFile::atomicFilePutContents(‘/var/www/client…’, ‘<?php exit(‘Acc…’) #1 [internal function]: wfWAFStorageFile->saveConfig(‘livewaf’) #2 {main} thrown in /var/www/clients/client5/web114/web/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 52

I’ve entered the backend, were the error was showing as well, deactivated Wordfence, and the error disappeared.
I’ve run some plugin updates, then reactivated Wordfence: the error was not showing anymore.
I hope it does not shows again, but I’m wondering about this and if it may cause some major issues.

↧

.htaccess to default

September 11, 2020, 2:46 am

≫ Next: Can’t login on Firefox

≪ Previous: Fatal error

Replies: 0

Hi there,

I checked my .htaccess file and I’ve seen that it’s on the WordPress default.
I believe this happened when WordPress was automatically updated, not sure why since it hadn’t happened before.

I would like to know how do I make Wordfence re-write my htaccess for full security.

Thanks,
Jesús

↧

Can’t login on Firefox

September 11, 2020, 5:27 am

≫ Next: Cannot delete Wordfence

≪ Previous: .htaccess to default

Replies: 0

Hey guys! I have a blog using Wordfence, and I simply can’t login on Firefox (on Chrome is working ok).

Firstly It wasn’t showing the 2FA step, so I removed the 2FA on my account via Chrome. Now It shows “VERIFICATION REQUIRED: Additional verification is required for login. Please check the email address associated with the account for a verification link.”

I click on the link in my email, and when I try to login, the same message appears again. I don’t know what to do.

↧

Cannot delete Wordfence

September 11, 2020, 6:49 am

≫ Next: Can’t view pages via corporate VPN

≪ Previous: Can’t login on Firefox

Replies: 0

Hey there,

I just installed Wordfence and I am using the default settings, but now I am not able to delete any Plugin nor install new plugins and I cant find a setting where to change it?!

Please help!

↧

Can’t view pages via corporate VPN

September 11, 2020, 7:58 am

≫ Next: Hackers flowing through Wordfence like water

≪ Previous: Cannot delete Wordfence

Replies: 0

When my colleagues are trying to view pages of our web site via corporate VPN the following error is appearing: Unable to access the site (ERR_CONNECTION_TIMED_OUT). When they aren’t using VPN – all is OK. Is it can be related with plugin Wordfence?

I’m very appreciate you for any answer.

↧

Hackers flowing through Wordfence like water

September 11, 2020, 10:39 am

≫ Next: PHP Warning: array_key_exists() in bootstrap.php

≪ Previous: Can’t view pages via corporate VPN

Replies: 0

I have had several sites now hacked with Wordfence applied. The last being posting to database through wp_post and wp_options. They initially placed javascript code on the index.php page.

↧

PHP Warning: array_key_exists() in bootstrap.php

September 11, 2020, 10:31 pm

≫ Next: how to stop bot traffic

≪ Previous: Hackers flowing through Wordfence like water

Replies: 0

I thought I’d mention this warning which has been appearing in our /public_html/error_log since Aug 14, though only three times total in that period. I don’t associate it with any particular problem, but it’s probably something you want to clear up if it’s not just us.

PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /home/xxxxxxx/public_html/wp-content/plugins/wordfence/waf/bootstrap.php on line 286

This is with PHP 7.4.x (latest) currently but 7.3.x back in August.

Wordfence is the current version.

Wordpress is 5.5.1 but 5.4.x in August.

↧

how to stop bot traffic

September 12, 2020, 5:08 am

≫ Next: Automatically delete suspicious files after scan

≪ Previous: PHP Warning: array_key_exists() in bootstrap.php

Replies: 0

how to stop bot traffic

This topic was modified 5 hours, 22 minutes ago by habiburrahmanbd.

↧

Automatically delete suspicious files after scan

September 12, 2020, 6:30 am

≫ Next: WordFence – Notification now showing correct time

≪ Previous: how to stop bot traffic

Replies: 0

Hello,

I was checking both standard and premium version and I can’t find any option to to automatically deleted infected files. I know that premium version can scan o schedule but will also deleted infected files ? Please advise where is that info.

This topic was modified 3 hours, 59 minutes ago by alfateam.

↧

WordFence – Notification now showing correct time

September 12, 2020, 9:08 am

≫ Next: SQL injection

≪ Previous: Automatically delete suspicious files after scan

Replies: 0

I have a website setup to send Admin logon notifications with WordFence. These notifications are not showing the correct time. I have reset the server time and made a change in PHP so I’m thinking there is something I’m not doing correctly in WordFence.

Since we are in CDT, the time below should have been 10:55am.

Here’s the statement in the notification email:

This email was sent from your website …. by the Wordfence plugin at Saturday 12th of September 2020 at 03:55:06 PM

WordFence diagnostics shows the following:

Wordfence Network Time
2020-09-12 15:55:22 UTC

Server Time
2020-09-12 15:55:22 UTC

Wordfence Network Time Offset
+ less than 1 second

NTP Time Offset
+ less than 1 second

TOTP Time Source
Server Time

WordPress Time Zone
UTC+0

What is the best way to fix this discrepancy?

Thanks!

↧

SQL injection

September 12, 2020, 10:30 am

≫ Next: 503 error from my site – on my own phone that was inactive??

≪ Previous: WordFence – Notification now showing correct time

Replies: 0

1) Does this plugin prevent the SQL injection hacking method from injecting infected code into the database?
2) The plugin prevents Alpha Shell !?

↧

503 error from my site – on my own phone that was inactive??

September 12, 2020, 1:59 pm

≫ Next: error and laggy site

≪ Previous: SQL injection

Replies: 0

I viewed my site a few times late in the morning, refining some changes. I left my phone behind to charge and when I came out ‘i had been blocked from my site with a 503 error-“too many page not found erros..” How? Why? The phone was not in use now it is blockeed. How do I prevent this false-positive for me and for visitors?

↧

error and laggy site

September 12, 2020, 4:32 pm

≫ Next: Fatal error appears when upgrade php version from 7.3 to 7.4

≪ Previous: 503 error from my site – on my own phone that was inactive??

Replies: 0

My site was crazy laggy today and I disabled word fence and it was then 100% fine.

got this error emailed to me.

Already tried all the troubleshooting at https://www.wordfence.com/help/scan/troubleshooting/#adjust-the-max-execution-time

Error Details
=============
An error of type E_ERROR was caused in line 283 of the file /home1/user/public_html/new/wp-content/plugins/wordfence/modules/login-security/classes/controller/wordfencels.php. Error message: Uncaught Error: Class ‘WordfenceLS\Model_Asset’ not found in /home1/user/public_html/new/wp-content/plugins/wordfence/modules/login-security/classes/controller/wordfencels.php:283
Stack trace:
#0 /home1/user/public_html/new/wp-includes/class-wp-hook.php(287): WordfenceLS\Controller_WordfenceLS->_admin_enqueue_scripts(‘plugins.php’)
#1 /home1/user/public_html/new/wp-includes/class-wp-hook.php(311): WP_Hook->apply_filters(NULL, Array)
#2 /home1/user/public_html/new/wp-includes/plugin.php(478): WP_Hook->do_action(Array)
#3 /home1/user/public_html/new/wp-admin/admin-header.php(102): do_action(‘admin_enqueue_s…’, ‘plugins.php’)
#4 /home1/user/public_html/new/wp-admin/plugins.php(603): require_once(‘/home1/user…’)
#5 {main}
thrown

↧

Fatal error appears when upgrade php version from 7.3 to 7.4

September 12, 2020, 10:59 pm

≫ Next: Lost Password Form

≪ Previous: error and laggy site

Replies: 0

Fatal error appears when upgrade php version from 7.3 to 7.4
Fatal error: Unknown: Failed opening required ‘/home/supercan/public_html/wordfence-waf.php’ (include_path=’.:/usr/local/php74/pear’) in Unknown on line 0

↧