Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all 33271 articles
Browse latest View live

Inquiry Regarding Discrepancy Between API Data and Website Display

March 10, 2025, 10:01 pm
$
0
0

Replies: 0

I am currently using the following API endpoint provided by Wordfence:
GET /api/intelligence/v2/vulnerabilities/production

However, I have noticed that the data returned by this API appears to be less comprehensive compared to the vulnerability information displayed on your website here:
https://www.wordfence.com/threat-intel/vulnerabilities

For example, the vulnerability CVE-2024-13635 is listed on your website and can be found through the search function, but it does not appear in the API results when I search for it.

Could you kindly clarify the reason for this discrepancy?

  • Is the website displaying additional data that is not available through the public API?

Thank you very much for your time and assistance. I look forward to your response.

Search

Wordfence Central: “The server encountered an error processing your request.”

March 10, 2025, 11:48 pm
$
0
0

Replies: 0

I’m having trouble loading Central. I just get the error:
The following errors occurred when loading data from the server: The server encountered an error processing your request.”

In the browser console I see:

/api/site?&sort=last_scan&direction=asc&page=1&licenseType=all&licenseStatus=all:1

       Failed to load resource: the server responded with a status of 500 ()

I’ve tried both Safari and Chrome on MacOS.

Wordfence broke JS code in Snippets

March 11, 2025, 10:04 am
$
0
0

Replies: 0

Delete this support. it’s been resolved.

  • This topic was modified 2 hours, 1 minute ago by r1rider.

AMP plugin compatibility?

March 11, 2025, 11:11 pm
$
0
0

Replies: 0

Hi,

Getting message below after installing the AMP plugin, with the option to suppress Wordfence plugin on the AMP pages suggested. All errors point at the only pages on an otherwise empty (but soon to be large) new site.

Opinions/suggestions greatly appreciated.

Thanks

3 validation errors:

  • Invalid script: wfi18n.1736960042.js
  • Invalid inline script
  • Invalid script: admin.ajaxWatcher.1736960042.js

Reactivate Wordfence via cPanel File Manager – critical error on this website

March 12, 2025, 5:28 am
$
0
0

Replies: 0

I changed my new phone so I can’t login to admin with Wordfence 2FA.

So logged into cPanel File Manager and changed wordfence directory to wordfence.bak to deactivate the plugin as guided in the other post. Once I got to the admin area and changed the folder name back to wordfence to reactivate it and disable 2FA for a moment. Then I was automatically logged out with error “There has been a critical error on this website…..”. Now when I try to login to admin, it asks for username & password but no 2FA and displayed the same error. please assist.

Thank you.

access to this site has been temporarily limited by the site owner

March 12, 2025, 7:18 am
$
0
0

Replies: 0

Hello,

I’m encountering an issue where every time I try to access the following link, I receive a “Your access to this site has been temporarily limited by the site owner” 503 error.

I’m using BunnyCDN through my hosting provider and have already reached out to both BunnyCDN and my hosting provider. However, they have confirmed that there are no issues on their end.

I’ve also added all of BunnyCDN’s IPs to the whitelist and allow list, but this hasn’t resolved the issue.

Could you please help me troubleshoot this further?


Incorrect Vulnerability Report Affecting AYS Pro Quiz Maker Free Users

March 12, 2025, 7:26 am
$
0
0

Replies: 0

Dear Wordfence Team,

Hope you are doing well.

We are writing about the vulnerability you have reported for the AYS Pro Quiz Maker plugin.
The issue was related to the Business, Developer and Agency versions of Quiz Maker, which has been resolved. Here, check the patched versions:
8.8.0.100 / 21.8.0.100 / 31.8.0.100 and above

A misconfiguration in how version ranges are specified by Wordfence leads to the vulnerability report appearing for our Free users.
We are getting a great volume of requests per day.

We have already contacted Wordfence via email, however, unfortunately, haven’t heard back from them yet.
We believe the problem comes from the fact that there are no intervals specified for the patched versions.
In the report, it is written that all the versions <= 8.8.0.100 are affected.

See the screenshot: https://imgur.com/GeFCWjj

The free version automatically appears in this list, so the vulnerability report is displayed for the Free users as well.

If possible, can you please let us know whether the problem would get resolved if you add intervals to the report?
For example, like this 7.0.0-8.8.0.100.

Looking forward to your response.

Thanks for your time.

ip consentiti

March 12, 2025, 10:30 am
$
0
0

Replies: 0

come mai rimuovendo un ip da ” Indirizzi IP consentiti che ignorano tutte le regole”  e aggiornando la pagina l’indirizzo IP RICOMPARE!!!

Search

Scan Failed

March 12, 2025, 8:56 pm
$
0
0

Replies: 0

Hello,
For 2 months I have had an error message : Scan Failed
I did all the tests said by Wordfence, but I still have the same message : Scan Failed
I also read the answers on the forum. These are the things I’ve already done
I sent a wftest@wordfence.com

Thank you for your help

Cora


“Error: -200, Message: HTTP Error” during file upload for some users

March 12, 2025, 3:26 pm
$
0
0

Replies: 0

Hi,

I’ve built a form using GravityForms for external clients to supply their details, and a couple have come back with the same issues, that when they get to this field upload some certificates, they get this “Error: -200, Message: HTTP Error., File:[filename]” error that stops them from proceeding, as it’s a required field.

I’ve tried filling out the form multiple times on my end using different browsers and devices, as well as the exact PDFs that the clients tried to upload, and it’s letting me proceed fine. I’ve found a couple of threads discussing this issue online, but they’re all several years old and don’t really have a definitive solution. I’ve seen some people say it may be a server/firewall issue, but I’m lost on what to try next. I’m running Themify Ultra with Wordfence. I do have the Captcha add-on installed for GravityForms, but it’s disabled for this form.

I’ve dug more into Wordfence and found two examples which should relate to the issue, as they’re both linked to that form URL and mentioned a block triggered by file upload. I’ve also seen that you can switch this protection off, but I don’t feel comfortable leave that vulnerability open on the site. Is there a way to whitelist my forms/entire plugin to allow file uploads of certain types? Or turn up the tolerance to allow PDFs through without issue.

If you have any suggestions on whether this is a server issue or not, then I’d be very grateful for the assistance

Screenshot of the errors: https://www.covvi.com/wp-content/uploads/documents/Wordfence-Error.png

500 Error on New User Creation

March 13, 2025, 2:48 am
$
0
0

Replies: 0

Hi,

I’m encountering an 500 fatal error on /wp-admin/user-new.php when creating a new user. The error disappears when Wordfence is disabled.

I’ve enabled WP_DEBUG (with logging and display enabled) and verified that PHP error logging is working—test errors are logged, but no errors appear in debug.log or the php error log file during this process. In Wordfence my IP is whitelisted, nothing is blocked and no problems are found under tools / diagnostics .

Steps I’ve taken so far:

  • Disabled the WAF and set it to Learning Mode.
  • Removed the /wp-content/wflogs directory.
  • Completely removed Wordfence (including its DB tables) and reinstalled it.

Any insights or further troubleshooting suggestions?

Unable to load data

March 13, 2025, 3:39 am
$
0
0

Replies: 0

Hello,

As of recently, we are getting this error, and no sites show:

Is there some way to see why, or to debug it?

Thanks!

  • This topic was modified 27 minutes ago by edindev.
  • This topic was modified 26 minutes ago by edindev.

Can’t connect to WordFence servers: cURL 28

March 13, 2025, 5:07 am
$
0
0

Replies: 0

Hello,

I think this issue may be going on for a couple days/weeks already but I just tried installing WordFence on a new website, and I got an error;
We received an error while trying to activate the license with the Wordfence servers: There was an error connecting to the Wordfence scanning servers: cURL error 28: Connection timed out after 10000 milliseconds

I went to check other websites I got WordFence on, and inside diagnostics -> connectivity -> Connecting to Wordfence servers (https): wp_remote_post() test to noc1.wordfence.com failed! Response was: cURL error 28: Connection timed out after 10001 milliseconds

I can’t even run a scan anymore.

I contacted my hosting provider, he told me it’s and issue with WordFence server noc1.wordfence.com (after pinging it, it does indeed time-out)…

Is there any way I can solve this for my websites or is this indeed a WordFence issue?

Thanks you.

Issue with Ultimate Member and reCaptcha

March 13, 2025, 7:01 pm
$
0
0

Replies: 0

Hello!

Please, I need some assistance to properly configure Ultimate Member + Wordfence + Woocommerce + reCaptcha.

I noticed that when enabling reCaptcha on Wordfence, Ultimate Member login get issues where it display the message “wrong password” when trying to login. I confirmed that I was using the right password.

I also noticed that when I try to login and get this message, Wordfence sends that email that asks “Please verify a login attempt for your account”. But it directs to the WP default login, there I can login normally. But the UM Login still remains with issue.

If I add the addon UM reCaptcha and enable reCaptcha, when I try to login I got the message “Please confirm you are not a robot”.

I need Wordfence and reCapthca for security purposes, specially because of Woocommerce. But I would like to be able to use UM too if possible.

I even tried to use weak and strong passwords. I also tried to lower the reCaptcha Score but it does no difference in the issue.

I’m also using W3TC but I already placed exceptions to don’t cache the login page. I tried it with it disabled too.

So would you be able to give some advice what could be wrong and how to solve it?

Thank you!

Wordfence in multi-site

March 14, 2025, 5:48 am
$
0
0

Replies: 0

Hello
I’m using Wordfence in many sites as is a great plugin.
I want to use it in multi-site but it’s not working in central site and not in any site.
Here in FAQ I saw is supported in multi-site.
What is wrong in my site?

Search

Error 403 access to font files

March 16, 2025, 8:12 am
$
0
0

Replies: 0

I see the following entries in the console and server logs:


[Sun Mar 16 17:37:31 2025] [error] [client 96.24.54.116:0] AH01797: client denied by server configuration: .../public_html/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce.woff, referer https://dendrblog.ru/wp-includes/js/tinymce/skins/lightgray/skin.min.css?wp-mce-49110-20201110-tadv-5900


[Sun Mar 16 17:37:32 2025] [error] [client 96.24.54.116:0] AH01797: client denied by server configuration: .../public_html/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce.ttf, referer https://dendrblog.ru/wp-includes/js/tinymce/skins/lightgray/skin.min.css?wp-mce-49110-20201110-tadv-5900

Could any settings in your plugin block access to font files at these addresses?

  • This topic was modified 2 hours, 5 minutes ago by Bahus.
  • This topic was modified 2 hours, 3 minutes ago by Bahus.
  • This topic was modified 2 hours, 3 minutes ago by Bahus.

Wordfence freier Lizenzschlüssel

March 16, 2025, 9:05 am
$
0
0

Replies: 0

Wie komme ich zu einem freien Lizenz-Schlüssel von Wordfence?

Wordfence + WP Rocket Compatibility

March 17, 2025, 2:58 am
$
0
0

Replies: 0

I am encountering an issue with the ‘WP Rocket’ plugin. The plugin works, but one feature, ‘Remove Unused CSS’, is not functioning properly. I am in contact with WP Rocket support, and we are investigating the source of the problem. It seems that the issue might be coming from the Wordfence plugin, as everything appears fine on the server, according to the support.

I provided FTP access to WP Rocket support so they could run a test, and here is what they reported:

How can I ensure that all the necessary permissions are set in Wordfence?

I just ran some tests and the communication between your site and our SaaS is being blocked (401 Unauthorized).

Please ensure that your firewall and/or security plugin is allowing: These two user agents: Desktop: WP-Rocket/SaaS Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Mobile: WP-Rocket/SaaS Mozilla/5.0 (Linux; Android 13; Pixel 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36 And/or the IPs listed here: https://fr.docs.wp-rocket.me/article/1690-quelles-adresses-ip-url-autoriser-pour-wp-rocket

How can I ensure that all the necessary permissions are set in Wordfence? I have allready put IPs in “Allowlisted IP addresses that bypass all rules” section but i don’t know for URL and user agent where to allow access.

Error Installing Wordfence License Key

March 18, 2025, 6:14 am
$
0
0

Replies: 0

Hello,
I am experiencing an issue when attempting to install the Wordfence license key. After following all the provided instructions, I am still unable to complete the activation of Wordfence Security. When I try to install the license key, I receive the following error: „Error attempting to install the Wordfence license key from the email to your website“.

I have ensured that my PHP version is updated (PHP 8.3) and have checked for any potential conflicts with other plugins. I also tried copying and pasting the key manually, but the issue persists.

Could you please guide me through resolving this issue?
Thank you for your assistance.”

Better control over notification emails

March 18, 2025, 9:03 am
$
0
0

Replies: 0

I manage a lot of sites that have your plugin installed. I am constantly getting bombarded with emails from your plugin. This is creating the “cry wolf” effect so that I will likely just ignore a real problem.

1 thing that would really cut down on this would be to NOT have plugins that need an update be CRITICAL. “The Plugin “Elementor” needs an upgrade (3.27.3 -> 3.28.0).” THIS IS NOT CRITICAL!!!

The bottom line is I already have a process for updating plugins and wordpress core. I really do not need your plugin to notify me of this. What I need is your plugin to lock down the site if someone is trying to hack in or notify me of REAL critical problems.

Viewing all 33271 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>