Replies: 2
2FA doesn’t let me in so I have to have my web host deactivate Wordfence all the time to get in.
↧
2FA doesn’t work
↧
Can’t Optimize Firewall
Replies: 2
Hello,
I cannot optimize the Wordfence Firewall, I get this message.
The changes have not yet taken effect. If you are using LiteSpeed or IIS as your web server or CGI/FastCGI interface, you may need to wait a few minutes for the changes to take effect since the configuration files are sometimes cached. You also may need to select a different server configuration in order to complete this step, but wait for a few minutes before trying. You can try refreshing this page.
And I can’t do it manually since my cPanel doesn’t have a “PHP Variables Manager” option.
I really don’t know anything about servers, PHP and all that so if anyone could help please! (and I know there are a lot of topics covering the same issue trust me I’ve read them all but still can’t find a solution to my problem).
Thanks guys !
↧
↧
Fatal error: Unknown: Failed opening required … /wordfence-waf.php
Replies: 1
Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0
Fatal error: Unknown: Failed opening required ‘/home/edw7u6x8f4bn/public_html/lynnegolodner.com/wordfence-waf.php’ (include_path=’.:/opt/alt/php74/usr/share/pear’) in Unknown on line 0
Unable to bring up site or admin today after making no changes to the site. Any ideas? I don’t see a file wordfence-waf.php in the latest plugin release.
↧
Wordfence and PHP-FPM
Replies: 1
Hi,
When using wordfence, we are experiencing stucked/long running php-fpm process due to wordfence.
I checked the wordfence plugin and there were no ongoing attacks or attempts.
This particular php-fpm process is running for 174 minutes.
3199 nginx 20 0 1853952 229764 111472 R 89.5 0.2 174:08.96 php-fpm
When we check the php-fpm process we saw the following details:
php-fpm 3199 nginx 5u sock 0,7 0t0 403577907 protocol: TCP
php-fpm 3199 nginx 6u REG 253,0 51 3524362460 /var/www/html/wordpress/wp-content/wflogs/ips.php
php-fpm 3199 nginx 7u REG 253,0 560 3518207522 /var/www/html/wordpress/wp-content/wflogs/config.php
php-fpm 3199 nginx 8u REG 253,0 40083 3500470807 /var/www/html/wordpress/wp-content/wflogs/attack-data.php
php-fpm 3199 nginx 9u REG 253,0 12553 3517614653 /var/www/html/wordpress/wp-content/wflogs/config.tmp.zYDQSG (deleted)
php-fpm 3199 nginx 10u unix 0xffff8b7c658c7b40 0t0 394577602 /run/php-fpm/www/www.sock
php-fpm 3199 nginx 11u REG 253,0 601 3524565005 /var/www/html/wordpress/wp-content/wflogs/config.tmp.yda0GU (deleted)
php-fpm 3199 nginx 12u REG 253,0 1315204 3524362467 /var/www/html/wordpress/wp-content/wflogs/config-transient.php
php-fpm 3199 nginx 13r REG 253,0 3890328 3524362466 /var/www/html/wordpress/wp-content/wflogs/GeoLite2-Country.mmdbIs this an expected behavior of wordfence, what can we do to prevent this?
Thanks!
↧
GeoLite2-Country.mmdb File 4Gb and getting bigger
Replies: 1
From what I can tell GeoLite2-Country.mmdb in wflogs folder is wordfence file, but for some reason it’s huge. 4GB. Can someone tell me what this is and what is going on? I keep getting hosting warnings due to this file size. Thank you. I found some info that this whole folder can be deleted, and other places that it’s very important for running WF. I’m confused. Thank you.
↧
↧
Crown jobs not running
Replies: 0
Looking at my site and the WordFence report I see that I have a lengthy list of cron jobs from as far back as 5/06/2021 that haven’t run. What do I need to do?
Thanks.
↧
wordfence plugin is consuming heavy server resources and was causing excessive
Replies: 0
Our service provider has blocked our site by saying wordfence plugin is consuming heavy server resources and was causing excessive load negatively impacting other customers on the server
Please help us
↧
Password check triggers suspicious login attempt email
Replies: 0
I have a password field on a form. This is a security measure to ensure that it is the real user completing the form and not someone else who has come across a logged-in account.
In my plugin which processes the form, I make this call:
$user = apply_filters('authenticate', null, sanitize_user ( $current_user->user_login ), $password );
Even though the user is logged in, they will receive a ‘login verification required’ email and furthermore the authentication test fails.
If I disable WordFence, all works fine.
It looks like youi are confusing a password verification test with a real login attempt. The user is logged in so you should be able to tell the difference.
↧
Whitelisting Issues
Replies: 0
We have been using the Wordfence plugin for quite sometime but this issue started happening recently.
We have Whitelisted our IP for the users but WordFence is still blocking the login attempts.
However, if we try to disable the plugin and login , enable it again and try to re login in a new browser instance or in incognito tabs, we are unable to log in again.
https://imgur.com/a/5vWE07w
1) Our conclusions pertain to the IP whitelisting not working properly, or we are not listing it correctly We have listed it : https://imgur.com/a/qMw0YXx
2)We have noticed that some of my users were listed as bots and not humans despite being humans, to curb that we brought down the human score but that didnt work : https://imgur.com/a/qMw0YXx
3) We tried to bypass 2fa for the said IP : https://imgur.com/jGjqXr5
still the same login error: https://imgur.com/a/5vWE07w
Please look into it so that we can restore the functionality fully.
↧
↧
WordFence slows down website, high CPU use and slow Reduce server responce
Replies: 0
After installing WordFence, I have noticed massive CPU spikes very frequently, which has absolutely destroyed server initial response time, what is the most CPU intensive action WordFence is performing and how do I disable it?
↧
Whitelist country
Replies: 2
Hi there, I haven been searching for a while, but have not found any helpful info. I will be travelling an African country and every now and then need to check the state for my website. I want to explicitly whitelist this country for the duration of my trip. I do block selected countries on my page, but now I need to do the contrary. Any help? Thanks
↧
Important | SeznamBot | Not Respecting Directives
Replies: 0
Good Day!
Apologies for this lengthy post, but worth it (will benefit many).
Background:
Two years ago, Seznam posted a topic in your forum asking Wordfence to whitelist them (SeznamBot) and stated the following:
(1)
Seznam … is a main search engine for milions of users in Czech Republic everyday
(2)
Our webcrawler obeys all the restrictions and prohibitions of robots.txt.
Issues:
(1) SeznamBot Receiving Priviledged Treatment by Wordfence: Unless the founder/co-founder of Wordfence lives in the Czech Republic and/or Seznam.cz is paying Wordfence, why did Wordfence add the “Seznam Search Engine” to its Advanced Firewall Options? (together with “Sucuri, Facebook, Uptime Robot, StatusCake, and ManageWP)
With hundreds of “good bots” in the market, the checkboxes provided for these search engines is not necessary and has created some issues for us (perhaps many other Wordfence users as well).
If you want to be consistent, you should also list Google, Bing, Yandex, Baidu, Yahoo, DuckDuckGo, Teoma, and many others.
(2) SeznamBot Not Respecting Directives: When we installed Wordfence, and while in learning mode, SeznamBot was automatically whitelisted for our website by automatically turning on (clicking) the “Seznam Search Engine” box.
This automatically “invited” SeznamBot to crawl our site. Now, our website is being crawled too frequently by SeznamBot although we have unchecked the “Seznam Search Engine” box and blocked it via Cloudflare and our Robots.tx directive.
Here’s an example of what SeznamBot is doing to us (just in the last 6 hours, blocked by Cloudflare).
The funny thing about this too is that, after all the crawling they’ve done, there’s very little info about our company on the Seznam Search Site.
Strong Recommendations:
(1) Delete Search Engines/Companies Listed Under “Advanced Firewall Options”: Completely delete the companies/search engines (and corresponding checkboxes) noted in your plugin under “Advanced Firewall Options.” If not, then start listing all other “Good Bots” as well.
(2) Contact Seznam.cs a.s. and notify them of Issue (2) above: Not only should Wordfence notify them of this issue, they should also be notified that they will be removed from “Advanced Firewall Options.”
It would be appreciated if you can give this your highest attention and priority.
Thank you!
——————–
Useful Links / Past History:
https://wordpress.org/support/topic/false-positive-ban-of-czech-crawler-seznam-cz/
https://wordpress.org/support/topic/bots-attacking-woocommerce-cart/
https://wordpress.org/support/topic/sezman-search-engine-whitelisted-service/
https://wordpress.org/support/topic/notifications-dont-work-5/
https://wordpress.org/support/topic/wordfence-does-not-let-me-edit-with-elementor/
https://napoveda.seznam.cz/en/seznamcz-web-search/
↧
Recurring 503 error even when logged in
Replies: 0
Hi there. I’ve been getting the 503 “Your access to this site has been limited by the site owner” error regularly for three weeks (on two sites). The error occurs when I’m logged in and navigating around my site, but also when I’m not logged into WordPress. Even though I get the error, I can click the back arrow in the browser and continue navigating the site.
When I check the Wordfence Live Traffic I can see myself sign in successfully (sometimes at my actual IP and sometimes at a random IP), and when I’m blocked it shows me at a different IP.
My initial rate settings were set to unlimited, however I’ve changed them to those recommended in your documentation — Still getting the 503 error.
I’ve been in touch with my hosting provider and they’ve been unable to replicate the problem. The hosting provider doesn’t use a frontend proxy, doesn’t use Nginx and my domain isn’t utilizing a CDN service. They also haven’t performed a migration to another server (which helped someone in a similar forum post).
In case it’s helpful, the sites are built using Oxygen Builder.
Thanks in advance for your help! I’ve never had this in 2+ years.
↧
↧
2 Devices
Replies: 0
Hello,
I see here: https://wordpress.org/support/topic/2fa-second-device/
someone already asked this question 2 years agao for which there was a reply that it currently was not possible but would be suggested as a new feature.
Has it been considered a feature or is the possibilty of having the ability for one administrator to have 2factor on 2 devices not going to happen?
↧
Would Be Nice | Additional Live Traffic Filters
Replies: 0
Good Day!
Is their any way Wordfence can expand its capabilities to add a few more filters (i.e., parameters) to Live Traffic?
We (and many others) can use the following, additional filter parameters:
(1) By Location
(2) Regex
Details: https://ibb.co/tLJTTVy
Thank you!
↧
Warning: Creating default object from empty value in plugin-install.php
Replies: 0
The activity log is showing a warning after a Wordfence scan — I’m not sure what it means/how to fix it.
Warning: Creating default object from empty value in /home/customer/www/thissitedomain.com/public_html/wp-admin/includes/plugin-install.php on line 222.
Can you please advise what this means/how to fix it?
Thanks.
↧
Critical errors
Replies: 0
Hi, I recently found I was getting critical errors when I published listings on my site. I asked my theme’s author for help and he asked for WPAdmin and FTP access I set ac/n account up for him but then found all admin accounts were listed as inactive. I turned off wordfence and everything worked again. I would like to use wordfence but need this fixed in order to use it. Can anyone help please ?
Thanks
Andrew
↧
↧
error: script-src directive is missing
Replies: 0
When I check my web pages in Lighthouse, several pages display these 3 errors:
Ensure CSP is effective against XSS attacks
A strong Content Security Policy (CSP) significantly reduces the risk of cross-site scripting (XSS) attacks.
1) script-src directive is missing. This can allow the execution of unsafe scripts.
2) Elements controlled by object-src are considered legacy features. Consider setting object-src to ‘none’ to prevent the injection of plugins that execute unsafe scripts.
3) No CSP configures a reporting destination. This makes it difficult to maintain the CSP over time and monitor for any breakages.
I do not get this error on every web page, only on a few. Why am I seeing this and how do I fix it?
↧
Block IP
Replies: 0
When I look at Live Traffic in my Wordfense dashboard, I see several unauthorized login attempts that failed. If I “block IP” will that prevent them from trying to login from that IP address or will that just block the data from showing that IP?
↧
How many licenses do I need?
Replies: 1
Hello there,
I’m new to WordPress and Wordfence and I got a question.
I have 3 domains:
- a.xyz
- b.xyz
- c.xyz
The main domain (where I’ll install WordPress) is a.xyz and the rest ones will always redirect to the main one.
So, should I get 3 Wordfence licenses or just one?
Thanks in advance!
↧
