Replies: 0
A year ago, I reported that Wordfence relies on multiple unsafe-inline scripts, making it impossible to combine Wordfence with a secure Content Security Policy. This issue has not yet been addressed. Please move the scripts to linked files. If that isn’t possible, please print them in the correct way so that we can add a nonce to them using the wp_script_attributes filter.
Replies: 0
I installed free Wordfence on a few of my websites, I noticed that I can use one email account to keep all the licenses in one place. I would love to use the Wordfence plugin, but when I attempted to change the license for the website Joe-dougherty.com it resulted in a critical failure. I was able to delete the word fence plugin from my hosting c panel, but when I attempted to download word fence again, I got another critical failure. Once I get familiar with how word fence works, I may want to upgrade to Premium. Please help! I have created an account on wordfence website using jdougherty2282@gmail.com which is what I would like to manage all the websites from.
Replies: 0
Hi – thanks for your great plugin.
I keep getting an ajax error warning in my admin dashboard (multisite, multinetwork setup)
wflogs/template.0830849001735529884.tmp): No such file or directory”
the file name maybe changes, I’m not sure…
it goes away upon refreshing the page
Replies: 0
HI,
I have noticed recently, that I am constantly receiving notifications, that Wordfence has blocked a “human” due to large number of page not found 404s.
I have specifically set the setting to block a human, if they exceed 15 404s per minute
Screenshot of the settings here:
But I am not sure if this is a legitimate attack attempt or an issue with my website or theme.
Because all of these “attacks” are trying to reach cropped site logo as seen on the screenshot here:
But I have also noticed as if Wordfence was not blocking the attempts in time. Because sometimes I see hundreds of these entries and then later I get multiple email notifications, that an IP was blocked.
Please let me know if this might be a legitimate attack attempt or the issue might be with some logos on my website. I am also not sure if this might be just some bot or a crawler trying to check my website or something
Kind regards
Michal
Replies: 0
Hi,
Can anyone shed any light on why the CSS file ‘wordfenceAJAXcss-css’ is being enqueued to the head of a site? It doesn’t appear to include any styles used in the WF admin, and is also present when logged out.
I have tried every possible way to remove it, but simply cannot.
Any suggestions?
Replies: 0
Hi,
We moved our WP website away from Savvii quite some time ago. This week we run into an issue with the IP-address of my client being blocked by the WordFence firewall.
When trying to send me (as the admin) a de-block request, the client sees an error (DNS_PROBE_FINISHED_NXDOMAIN) after entering my mail-address. Apparently it still tries to go through the Savvii CDN, which is not working anymore. It seems that the old URLs are somehow cached instead of using the site_url. Any way to fix this without a complete re-install of WordFence?
Replies: 0
For some reason, WordFence is blocking some of our website users when they access the website via mobile network. They don’t appear in the blocking section. Whats the best route to unblock these users?
Replies: 0
We are encountering an error in the browser console that states:
Refused to execute script from ‘https://www.domain.com/?wordfence_syncAttackData=##########.####’ because its MIME type (‘text/html’) is not executable, and strict MIME type checking is enabled.
All Wordfence settings appear to be configured correctly. However, upon reviewing the diagnostics, we identified an issue related to connectivity:
“SSL certificate problem: certificate has expired.” Please note that the site does have an active SSL certificate.
SS: https://drive.google.com/file/d/1b0yKCC8mMaMGLnviYm63Yo9oERIbriki/view?usp=sharing
Could you kindly assist us in resolving this issue? Your prompt support would be greatly appreciated.
Thank you
Replies: 0
Hello WordFence Team,
First, I’d like to say kudos to the great work done on WordFence Security for I truly enjoyed the features it added to WordPress websites.
I am having issues trying to load Academy LMS Instructor Dashboard on a website and I am getting this 404 status code error whilst doing so.
After trying different troubleshooting methods, I discovered the cause is from WordFence as the issue dissappears after deactivating WordFence.
I have contacted the LMS Support and was told to contact WordFence support to guide me for a permanent solution that since WF is a security plugin, it blocks important files for security reasons.
Looking forward to your prompt response
Replies: 0
Hello,
For the past week, I’ve been experiencing an issue with All in One SEO (AIOSEO). It doesn’t work properly, and I’m unable to edit properties. However, when I deactivate Wordfence, everything starts working as expected again.
Do you know what might be causing this issue, and what steps I can take to resolve it?
Thank you!
Replies: 0
Hi there been constantly getting the following when trying to run malware scans “The scan time limit of 3 hours has been exceeded and the scan will be terminated. This limit can be customized on the options page”.
I have extended the time through the wordfence settings and also ensured there is no php memory issues on my server however the issue still persists.
If I open up the diagnostics area of wordfence everything looks ok except for:
wp_remote_post() test back to this server failed! Response was:
403 Forbidden
This additional info may help you diagnose the issue. The response headers we received were:
HTTP/1.1 403 Forbidden
Server: nginx
The IP addresses from the wordfence support page have been added as an exception to my firewall (Securi) which is routing all requests to my domain.
Wondering if I can please get some help as everything I try seems to not be working.
Thank you
Replies: 0
Hello, after activating Wordfence , the website crashed 7 times over the next few hours for “Internal Server Error” Error logs on the server show that Wordfence ran out of memory after using 2.6MB, but Wordfence options show memory set to 256MB. Server is LiteSpeed and did trying toggling the “no abort” option, which made no difference.
Error: [02-Jan-2025 15:43:59 UTC] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 2673040 bytes) in /public_html/wp-content/wflogs/rules.php on line 5546. [02-Jan-2025 15:44:44 UTC] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 2673040 bytes) in /public_html/wp-content/wflogs/rules.php on line 5546. [02-Jan-2025 15:44:47 UTC] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 2673040 bytes) in /public_html/wp-content/wflogs/rules.php on line 5546. [02-Jan-2025 15:44:54 UTC] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 2673040 bytes) in /public_html/wp-content/wflogs/rules.php on line 5546
This is saying that the allowed memory size (134MB) was exhausted after trying to allocate 2.6MB (well within the limit). Both of these figures are wrong, the PHP memory limit for the site is set to 1024MB in the INI and 512MB in the wp-config.php file, both well in excess of the 134MB figure.
Replies: 0
Hello all! We have a new release for Wordfence today, version 8.0.2. Please update as soon as you are able.
Thanks everyone for the great comments and suggestions. You can send those to feedback@wordfence.com and someone will get back to you. Keep in mind, the feedback address is not a place to request support. Also, no support questions will be answered in this thread. Free support requests can be posted at https://wordpress.org/support/plugin/wordfence
Our Premium customers can open a ticket on the Licenses page in their account on Wordfence.com. Just click the Get Help button under your license to start the process.
Replies: 2
Hi, after installing wordfence plugin, when I click on “Get Your Wordfence License”, I am redirected on products pricing page and that’s all … is it normal ?
Thanks a lot.
Replies: 0
Hi,
I have noticed, that just in the last few weeks, I have constantly a massive amount of blocked entries by wordfence security network, when visitors try to access wp-login.php page
But I am not sure if these are legitimate blocks for fraudlent behavior or an error. Because recently I had many various problems when using WF Firewall causing blocks for 404 errors and other issues outside of set parameters in the settings.
Even regular visitors sometimes visit wp-login.php page especially when trying to log into their woocommerce customer account or if they want to reset password or similar. Therefore I am not sure if I should be worried now. I know that there are many bots or hackers trying to break in. But now I am not so sure
I was using WF for many years and since I reinstalled Wordfence a month ago due to new updated design of my website, I am constantly getting some weird blocks in WF.
In the past I was also using WPS hide login to have a custom URL for logging in and I did not have any such problems in the past. I know that WF is recommending not changing the login URL, but so far all the facts speak against this recommendation.
Kind regards
Michal
Replies: 1
Hi,
The htaccess file of 2 client websites contains this code, besides the default WP htaccess code:
# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
<Files wp-config.php>
<IfModule !mod_authz_core.c>
order allow,deny
deny from all
</IfModule>
<IfModule mod_authz_core.c>
require all denied
</IfModule>
</Files>
Is this coming from Wordfence?
I did uninstall Wordfence from 1 site (and checked the boxes to remove all settings from DB), but this code remains in the htaccess file.
Guido
Replies: 0
My webhosting company recently had to reinstall my WordPress website from a backup that it held. Prior to doing this, the web hosting company moved the previous version of the site to a folder called effectively called Oldversion. The site is back up and running fine, however I have noticed that the live WordPress site still points towards some of the files in the previous install in the Oldversion folder.
The main file being accessed from the old site seems to be the wordfence-waf.php file. If I move or rename this file in the Oldversion folder, the website falls over. Every other file in the Oldversion folder can be moved with no issue. I can also rename or move the wordfence-waf.php file in the Live site without the site being affected.
How can I get Wordfence to use the wordfence-waf.php file in the Live site as it properly should do? Do I need to delete and reinstall Wordfence or can I reconfigure it to be correct?
Thanks in advance for your help and suggestions to fix this issue.
Replies: 0
Hello WordFence,
See below for eight images of the eight steps I took.
Step 1 – Browser Warning – “Click Here to Configure”.
Step 2 – “Download .htaccess” and continue.
Step 3 – Installation Successful.
Step 4 – Start a new Scan.
Step 5 – Critical Result.
Step 6 – Delete the publicly accessible user.ini file.
Step 7 – Success deleting file.
Step 8 – Browser warning reappears.
It doesn’t matter how many time I repeat this process, or how long I wait between attempts, I keep getting the same result/error.
Any idea how I can fix this?
Thanks.
Replies: 0
hi. I would appreciate any help anyone can offer.
i have a new issue whereby when a gravity form entry is deleted from a Gravity View, the entry is successfully deleted but then there is a critical error implicating Wordfence.
The log and stack trace is below. It possibly relates to the redirect which does takes place after the entry is deleted, to return the user to the gravity view page. This is standard behaviour in gravity view – not a custom function.
any thoughts ?
[03-Jan-2025 13:24:00 UTC] PHP Fatal error: Uncaught ArgumentCountError: Too few arguments to function wordfence::wpRedirectFilter(), 1 passed in /home/newcast1/public_html/consultantquotes/wp-includes/class-wp-hook.php on line 324 and exactly 2 expected in /home/newcast1/public_html/consultantquotes/wp-content/plugins/wordfence/lib/wordfenceClass.php:1460
Stack trace: 0 /home/newcast1/public_html/consultantquotes/wp-includes/class-wp-hook.php(324): wordfence::wpRedirectFilter(‘/my-contracts/?…’) 1 /home/newcast1/public_html/consultantquotes/wp-includes/plugin.php(205): WP_Hook->apply_filters(‘/my-contracts/?…’, Array) 2 /home/newcast1/public_html/consultantquotes/wp-content/plugins/gravityview/includes/extensions/delete-entry/class-delete-entry.php(426): apply_filters(‘wp_redirect’, ‘/my-contracts/?…’) 3 /home/newcast1/public_html/consultantquotes/wp-content/plugins/gravityview/includes/extensions/delete-entry/class-delete-entry.php(412): GravityView_Delete_Entry->_redirect_and_exit(‘/my-contracts/?…’, ”, ‘deleted’, true) 4 /home/newcast1/public_html/consultantquotes/wp-includes/class-wp-hook.php(324): GravityView_Delete_Entry->process_delete(Object(WP)) 5 /home/newcast1/public_html/consultantquotes/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters(NULL, Array) 6 /home/newcast1/public_html/consultantquotes/wp-includes/plugin.php(565): WP_Hook->do_action(Array) 7 /home/newcast1/public_html/consultantquotes/wp-includes/class-wp.php(830): do_action_ref_array(‘wp’, Array) 8 /home/newcast1/public_html/consultantquotes/wp-includes/functions.php(1336): WP->main(”) 9 /home/newcast1/public_html/consultantquotes/wp-blog-header.php(16): wp() 10 /home/newcast1/public_html/consultantquotes/index.php(17): require(‘/home/newcast1/…’) 11 {main}
thrown in /home/newcast1/public_html/consultantquotes/wp-content/plugins/wordfence/lib/wordfenceClass.php on line 1460
