Replies: 0
Hello,
I’ve been using Wordfence for the last 2 years but today when I scanned my website It was just keep scanning for more than 30 minutes even my website is not too big. The website has only 33 pages. I also checked the plugin If it updated or not but It was updated.
Please let me know what could be the possible reason.
Thanks,
Replies: 0
Hello, I have had Wordfence on my website for quite some time now, without any problems.
2 weeks ago, I installed a plugin called Woo Discounts. Everything worked fine until a few days ago, I tried to use the plugin again and it appeared to be broken. I contacted developers of the plugin and gave them access to the website to take a look.
Their answer was:
We had a check and it seems like the Wordfence Security Plugin Blocking ajax requests.
Seems like this occurs even when wordfence is deactivated.
Please, any ideas?
Thanks
Replies: 0
Hi there,
I have a slightly more secure setup than most, I perform updates over FTP/SSH rather than allowing direct access to the file system, this is so that I can lock down the permissions and only allow the web server write access to the folders it needs.
However I set this up permissions correctly for the wflogs folder in a way that both my web server and FTP user can access and Wordfence changes the permissions to 600 each time it updates the files effectively locking either itself or the FTP user out depending on which way I set it up.. I am happy with the security my permissions give so was wondering if there was a way to stop wordfence from changing them.
Thanks
Replies: 0
I am getting the following error when adding or updating all plugins. The update process is very slow (over 60s) but the plugins do eventually install.
> Warning: An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /home/user/public_html/wp/wp-includes/update.php on line 607
I do not see the error when I disable Wordfence.
Replies: 1
I have tried multiple solutions. Turned off firewalls, removed from Cloudflare and so on. 13 other sites connect yet this one does not.
Replies: 0
Noticing issues where I have a WooCommerce shop and a number of customers have complained thy can’t login even though they are using the correct password they setup initially. I reset it for them, but that still doesn’t answer the question as to why the user can’t login in the first place.
There are very few plugins on the site. WooCommerce, the authorize.net plugin by SkyVerge, Contact Form 7, Yoast, a few other Woo plugins and obviously WordFence.
Replies: 0
Hi, I am using the Divi theme and when trying to customise various parts the theme options are showing but not the actual page that I am customising. The tab shows Customise: Loading…. but doesn’t complete. I temporarily de-activated Wordfence and the customise pages were displayed. I guess I’ve got to whitelist something in Wordfence but I don’t know what and I don’t know how!
Replies: 0
Hi,
I’m seeing a large number of brute force attacks to xmlrpc.php, even though I’ve got WordFence installed and the brute force protection is enabled. It looks like brute force protection is working for the regular login page, but not for XMLRPC. Does WordFence not block XMLRPC attacks by default?
The client IP is in a Google IP range (34.68.88.222, hostname: 222.88.68.34.bc.googleusercontent.com) but this is actually a Google Cloud customer. Is it possible Wordfence is incorrectly thinking this is Googlebot indexing the site, and thus not blocking it?
Thanks,
Replies: 0
So I noticed that when the scan is running if you try to click to any other page such as /wp-admin the system redirects to install.php
I looked and there is NO install.php file in my WordPress directory, so it must be getting created dynamically? …or hidden in the depths somewhere out of sight?
Maybe WordPress, sensing things are locked for the scan, assumes installation should occur and thus it offers the prompts because it cant access all it’s own files (I’m guessing).
This seems dangerous. The default screen it shows has the WordPress logo and a language selection box (Step 1 of installation).
What would happen if I clicked through that installation prompt?
It goes away and returns to normal when the scanning is finished, but if the user followed the prompt and re-installs; would that conceivably be a problem for any of the thousands of WordPress users who could encounter this?
Should an alternative redirect page be forced by WordFence prior to scan — to prevent some sort of catastrophic re-installation changes?
Maybe clicking through a reinstall during the scan is harmless? I don’t know enough to know.
As a naive user, it scares me that I’m being presented with the option.
Replies: 0
When I activate the option to “Scan files outside your WordPress installation” the scan never completes, it always freezes
There is nothing special about the directory being scanned; it’s only a copy of the “WP-Contents” folder pulled out of the install directory and put into a “drafting” folder. So there shouldn’t be any large files to hog computing power.
I’ve even tried to disable all the other scanning options to only do an external files scan; and it still freezes.
This is where it stops on a full system (including external files) scan:
[Oct 04 06:57:57] Scanned contents of 3318 additional files at 42.09 per second
This is where it stops on an external files scan only:
[Oct 04 06:57:58] Scanned contents of 3360 additional files at 42.09 per second
Can’t imagine where the problem is exactly, but it sure would be nice to complete the external scan successfully for peace of mind.
Replies: 1
There seems to be an issue with the new Cloudflare APO (Automatic Platform Optimization) feature which blocks both admins and then real users.
Here is another user mentioning it on the Cloudflare plugin support page:
https://wordpress.org/support/topic/apo-for-wp-causes-wordfence-bans-for-logged-in-users/
Also something here on the Cloudflare main support pages:
https://community.cloudflare.com/t/automatic-platform-optimization-enabled-i-no-longer-see-visitor-ip/210241
Not sure how to resolve this but I have disabled APO for now.
Thanks,
Mike
Replies: 0
SUMMARY: Entering valid WordPress admin email address on the Wordfence lockout page when using Firefox browser I get error page which states “Sorry but your browser sent an invalid security token when trying to use this form”. Using same page in Chrome it works fine.
FULL DETAILS:
This morning an administrator (my wife) of one of the WordPress sites we manage for a client was locked out after two attempts with wrong password. (We don’t know why, as she was definitely using the active username and password, and in fact succesfully logged in later with same password after we unfreezed the lockout). She was using Firefox as her browser, and got the Wordfence lockout warning page “Your access to this site has been temporarily limited by the site owner…”. Under the section that says “If you are a WordPress user with administrative privileges on this site please enter your email in the box below and click “Send” she entered her email address and clicked the “Send Unlock email” button. Every time she tried that it returned an page in Firefox which just said “Sorry but your browser sent an invalid security token when trying to use this form”.
I then tried logging in myself form a separate PC with the admin login and got locked out too. I too tried entering email address on the lockout page, and again got exact same error in Firefox “Sorry but your browser sent an invalid security token when trying to use this form”. I then tried opening the lockout page using Chrome and this time it accepted my email address and sent me the unfreeze instructions.
Can you please investigate why your lockout page is not working with Firefox.
Replies: 0
There seems to be a problem with Wordfence recognizing valid file changes for some popular plugin updates.
In particular, the most recent update to Advanced Editor Tools (previously TinyMCE Advanced) is still showing seven errors after a week or so since the last update.
Modified plugin file: wp-content/plugins/tinymce-advanced/mce/wptadv/plugin.js
Modified plugin file: wp-content/plugins/tinymce-advanced/mce/wptadv/plugin.min.js
Modified plugin file: wp-content/plugins/tinymce-advanced/plugin-assets/tadv.css
Modified plugin file: wp-content/plugins/tinymce-advanced/plugin-assets/tadv.js
Modified plugin file: wp-content/plugins/tinymce-advanced/tadv_admin.php
Modified plugin file: wp-content/plugins/tinymce-advanced/tinymce-advanced.php
Modified plugin file: wp-content/plugins/tinymce-advanced/uninstall.php
And now I am now getting an error for Yoast SEO also.
Modified plugin file: wp-content/plugins/wordpress-seo/wp-seo-main.php
Is this a problem with Wordfence or is there another explanation?
Replies: 0
I’m admin on the site. When trying to update the Breadcrumb NavXT WordPress plugin — to change the link separator — When I hit update, I get a Wordfence screen saying “A potentially unsafe operation has been detected in your request to this site.” But I don’t see my request in the logs so I can’t find what to do. Thank you.
Replies: 0
Hello,
I get this PHP or Javascript error in LiveTraffic.
Any idea? Thanks, Didier.
Activity Detail
Ashburn, Virginia, United States visited https://www.xx.yy/gestion-administrative-chaos/
10/4/2020 5:07:22 PM (3 minutes ago)
IP: 54.209.75.0 Hostname: ec2-54-209-75-0.compute-1.amazonaws.com
class s extends Function{constructor(e){if(super(),d.call(this),h(this,g(e)),0===this.cumulativeWeightIndexPairs.length)throw new Error(“No user agents matched your filters.”);return this.randomize(),new Proxy(this,{apply:()=>this.random(),get:(e,t,i)=>{if(e.data&&”string”==typeof t&&Object.prototype.hasOwnProperty.call(e.data,t)&&Object.prototype.propertyIsEnumerable.call(e.data,t)){const i=e.data[t];if(void 0!==i)return i}return Reflect.get(e,t,i)}})}}
Replies: 0
Ezoic told me that Wordfence plugin was not compatible with all Ezoic integration methods, and they gave me a list of their huge 3000+IPs, that required me that I must contact Wordfence to whitelist Ezoic IPs.
I noticed the Wordfence setting Wordfence > All Options > Advanced Firewall Options > Whitelisted IP addresses that bypass all rules
Can I just add those 3000+ IPs there or…. ? Many Thanks
Replies: 0
Hi,
I received an email from Wordfence stating Medium Severity Problems with the Yoast SEO plugin file listed below. But, I do not see any changes that may cause error or problem. Can you please assist?
* Modified plugin file: wp-content/plugins/wordpress-seo/wp-seo-main.php
Thank you
Nisha
Replies: 1
Hello!,
I’m trying to activate a script in the checkout page and when I have the plugin activated it blocks it and does not let it run, I can not find any option or anything in the documentation on how to allow the execution of this script in that page.
This script is executed in other points of the web successfully.
Replies: 0
Hi,
I know that the issue of false positives from 7 files from Advanced Editor Tools (previously TinyMCE Advanced) plugin has been reported and the issue was closed.
I have seen this problem on ten sites. To clean up the scan reports, I ‘repaired’ each file and removed the 7 issues on each site. On rescanning, I see the same 7 issues return. Presumably that will happen, if the replacement files were identical to the ones ‘repaired’.
Do you not need to find out why this is happening in Wordfence, since it may be a long time before the Advanced Editor Tools plug-in is updated again and even then this may not fix the issue. The author, Andrew Ozz (@azaozz) stated in his support page: “@bobsled Then in your case it seems this is a false positive. It will probably be fixed in Wordfence soon as they are aware.
Replies: 0
Hi 🙂
CloudFlare has an API so WordFence can add blocked IPs to the firewall at CloudFlare Firewall so their are block there too.
The more blocking that CloudFlare can do, the less server resources are spent on blocking unwanted traffic.
Can you improve your software with this idea for at future update? 🙂
Thank you 🙂