Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all 33342 articles
Browse latest View live

Extended protection for sites on AWS autoscaling and load balancer

May 6, 2025, 8:30 am
$
0
0

Replies: 0

Hi,

I’d need support in enabling the WAF “Extended protection” on a server environment, linux based AWS instance, with autoscaling and load balancer.

On this kind of setup, I usually prepare all my mods on local env (such as plugin and WordPress updates or custom code in the theme) and then I push them to be deployed on staging and live via CI/CD development practice.

Working on my local dev environment the “Extended protection” is clean and easy to enable, just a couple of clicks, after saving .htaccess file backup. During this process, as far as I understood, Wordfence basically creates one file (wordfence-waf.php) and edits the .htaccess file according to the detected server configuration. On my local dev env is Apache + mod_php, on live env is Apache + CGI/FastCGI. but, above all, the edits in the .htaccess write absolute paths to the newly created file.

For this reasons A) I cannot activate the “Extended protection” on my local env and then release the mods, because they would be completely different. At the same time B) I cannot activate it directly from live backend settings, because the modifications on files would be lost when AWS creates a new instance of the site code, cloning the repository.

Main question:

How can I solve this tedious problem? Can you advice some best practice?

Bonus question:
I also realized that our site is constantly in Learning mode, and when I force the status “Enabled and Protecting” (without waiting the date), it goes back to Learning mode by itself (in my last check it has been done after just one hour). Do you maybe know why, and if this could be related to the type of environment setup?

Thank you in advance for any help you could give 🙂

  • This topic was modified 44 minutes ago by sgot.
Search

Cancel web scheduled scan and use wordfence-cli instead

May 6, 2025, 12:23 pm
$
0
0

Replies: 0

Is it possible to turn off the scheduled scanning on the WordPress plug-in and instead use wordfence-cli on my server?

Authentication issues, cookies issues, recurring wordpress/fence issues

May 6, 2025, 8:00 pm
$
0
0

Replies: 0

Hi, I manage the website for thebanyansmedicalcentre.com.au.

Over the last few weeks, they have been having recurring issues where their website would go down, or the front-end would stay up but the backend would become unusable.

This presents itself first as the wordpress dashboard appearing to fail while loading:

The site would then previously go fully down and become unreachable. I reinstalled wordpress and restored the site form a backup multiple times, the issue kept occurring.

Thankfully the client was also getting a new website developed at the time, so I was able to switch to a fully new site, which I hoped would fix this issue.

Unfortunately the new site is still experiencing a similar issue. Instead of the site going fully down, the site will move from the previous stage (not loading the dashboard) to not allowing any user to log in. I can confirm that the only plugins that are shared between the old site and the new site are Wordfence, Updraft, and MainWP Child.

When trying to log into https://thebanyansmedicalcentre.com.au/wp-admin you will be presented with this error:

After some research it looks like that error is caused by Wordfence. Thus, I disabled Wordfence on the site (through a management plugin we have installed) and tried logging in again:

There is no difference between pluggables.php, or functions.php, and a copy of those files pulled directly from a fresh installation of wordpress.

While looking through apache error logs on our web server I found this:


same as above, wp-cron.php appears to have nothing out of the ordinary, seems to be the same as a fresh copy.

Just wondering if anyone had any ideas about what to do about this? I’m happy that the front-end appears to be running but I have the client wanting to make changes and are unable to log into the admin panel.

Can We Configure So Only Certain IPs Can Access Backend

May 7, 2025, 9:52 am
$
0
0

Replies: 0

Hey Guys!

We recently moved hosts and the old host was able to help us configure a rule that would ONLY allow access to the backend admin pages if users were on certain IP addresses.

Our new host does not give us the same ability (as easily), so we are wondering if this is something we can do via Wordfence.

Is there a way with Wordfence (free or premium) that we can set things so that ONLY users from certain IP addresses can access backend admin URLs?

Thanks so much!

False Positive Security Flag on Plugin – Previously Fixed

May 7, 2025, 11:40 pm
$
0
0

Replies: 0

Hi Wordfence team,

We are the developers of the “LMS – Education WordPress Theme” (available on ThemeForest) and several other premium themes. Our theme includes a helper plugin called “Design Theme Core Features”, which was once flagged by Envato during an early review for a minor security issue.

We addressed the issue immediately and released a fixed version. The plugin now follows best security practices and has been included in updated, approved versions of our themes since then.

However, Wordfence continues to flag this plugin as a security issue across all sites where it’s installed — even though the vulnerability no longer exists. This is causing confusion and support problems for both us and our customers. Details:

  • Plugin name: Design Theme Core Features (/wp-content/plugins/designthemes-core-features/)
  • Affected theme reviewed: LMS – Education WordPress Theme
  • Issue fixed in version: [4.8]
  • Current version: [4.8]
  • Summary of fix: [The vulnerability has been addressed by adding proper authentication checks for the dt-process-imported-file function]

We kindly request Wordfence to review the updated plugin and, if confirmed clean, remove or update the detection signature from your Threat Defense Feed.

Please let us know if you need any more technical info or changelog references. We’re happy to cooperate to get this resolved properly.

Hole in Wordfence/Woo Security?

May 8, 2025, 2:43 am
$
0
0

Replies: 0

Hi there.

I believe I have found a vulnerability/security risk after dealing with some bots tonight. I spent a couple hours trying to figure out why bots were getting through all of the settings and found an inconsistency in a setting that solves it. (i.e. the setting says it blocks a thing, but it does not until I turn that thing off in a different area). I didnt think you would want me to post the full risk here, but there is no email to send these issues to. Can you please advise?

Thanks!

-K

Mailster & Wordfence Trouble

May 8, 2025, 2:55 am
$
0
0

Replies: 1

I have installed Mailster. This does not work because Wordfence causes problems. For example this error: ERR_BLOCKED_BY_CSP That’s why I had to deactivate Wordfence. Can someone help me and tell me how to set Wordfence, which functions I should switch on or off so that it is compatible with Mailster. Unfortunately I have not found any information on the internet that has helped. Thank you very much.

Security Verification

May 8, 2025, 5:21 am
$
0
0

Replies: 0

I used reCAPTCHA v3 security verification and found that it didn’t work. What’s the reason?

Search

Unable to open /storage/www/news/site_news/wp-content/wflogs/config.php for read

May 8, 2025, 8:53 am
$
0
0

Replies: 0

Unable to open /storage/www/news/site_news/wp-content/wflogs/config.php for reading and writing.
Cannot create folder: /var/www/html/news

What should i do with this issue. should i give permissions to wflogs folder or no. does giving permissions is good solution? what else can i do this error?

Force ajax get into wordfence traffic log

May 8, 2025, 1:27 pm
$
0
0

Replies: 0

I retrieve some information from my website using ajax, and I would like this GET to appear in the wordfence traffic log. It appears the wordfence traffic log is ignoring ajax queries.

Is there something I can add to the URL to ensure the ajax get is logged? I tried wordfence_loghuman=1 and wordfence_lh=1 query parameters but they have no effect.

I have already tried to simulate a full browser request, but as chrome restricts setting the user agent in an ajax request (for security reasons) I can’t fully simulate a real user request.

  • This topic was modified 3 hours, 5 minutes ago by ocglimited.
  • This topic was modified 2 hours, 38 minutes ago by ocglimited.

Please suppress unlink() warnings

May 9, 2025, 7:24 am
$
0
0

Replies: 0

While developing custom websites, I already have Wordfence added and activated from the start. I also use Query Monitor to see every possible issue/bug, as soon as possible. I found that many times Wordfence is doing some kind of cleanup, and I keep getting warnings in my logs, because WF’s “unlink()” functions are sometimes getting a file path that is not even exists. And “unlink()” throws a warning, no matter they are prefixed with “@” everywhere.

While this is not a real issue/bug and have no direct negative consequences, I feel like it makes me start ignoring error messages, which is a bad habit. As “@” does not suppress warnings coming from “unlink()”, please consider using “is_file($path) && @unlink($path)” or similar, instead of “@unlink()”, if possible.

Thanks!

Please note that the issue is not that there is [redacted] in the file path, I just removed my real path from the object in the console log.

I installed Wordfence and the images and some styles disappeared.

May 9, 2025, 1:01 pm
$
0
0

Replies: 0

instale el wordfence en el sitio que todavia está en modo mantenimiento, y en la semana de aprendizaje del wordfence, y automaticamente desaparecieron las imagenes, si inspecciono en el navegador me dice error 500 en casi todas las imagenes del sitio. Que puede ser? tengo algo que considerar en la configuración? el sitio tiene istalado el tema Impreza. gracias

When you log in as admin, the wofrence page will open in any window.

May 11, 2025, 1:14 am
$
0
0

Replies: 0

When I edit any post – any field – text, button, absolutely everywhere, clicking in the new field automatically opens https://www.wordfence.com/help/firewall/optimizing-the-firewall/
I use the latest chrome, all updates are installed. It happens in the mailpoet admin, woocommerce, editing posts in Gutenberg, just everywhere.
Work becomes impossible, I’m considering uninstalling your program. Is there a solution. I found two closed posts where there is no solution.

WP “Weak Hashing Algorithm” now fixed?

May 12, 2025, 1:32 am

Scan Stage Failed A scan stage has failed to start. This is often because the si

May 12, 2025, 2:57 am
$
0
0

Replies: 0

Hi,

I am getting the following message: Scan Stage Failed

Scan Stage Failed

A scan stage has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself. Wordfence will make up to 2 attempts to resume each failed scan stage. This scan may recover if one of these attempts is successful. Click here for steps you can try.

Try starting scans remotely : tried but doesn’t resolve the issue

Check plugins: no plugin under construction

Do not password-protect wp-admin: didn’t do that

Make sure our servers are not blocked from reaching your site:

what ports are used to connect so I can test? There were no scan issues before.

Check the database tables:

haven’t checked yet

Check the WordPress AJAX handler

If you see a FORBIDDEN message, then you have probably set up a “.htaccess” file that blocks access to your “wp-admin” directory and you will need to add an exclusion for the WordPress AJAX handler.

Yes: from outside the WAF

You should see a blank page with a “0” in the top left corner.  from inside the WAF

Hosting provider issues:

Own hosting

———

Hopefully you can help me solve this issue.

Thanks,

Kind Regards,

Rob

Search

Blocked for WAF-RULE-819

May 12, 2025, 9:51 am
$
0
0

Replies: 0

Received many Word fence activity results this morning with IP addresses being blocked for WAF-RULE-819, but cannot find what this means. Please advise!

api.pushover.net false positive?

May 12, 2025, 2:39 pm
$
0
0

Replies: 0

Hi there,

We noticed that Wordfence has started flagging several major plugin’s files (including FluentSMTP) as malicious due to their inclusion of an api.pushover.net URL in some of their files.

We looked around but couldn’t find any evidence that the service has been compromised or changed ownership. It appears to be a legitimate push notification service that’s been running for years.

Can you please check to see if this is a false positive or if there’s a legitimate reason for its inclusion?

No user can log in with wordfence active

May 12, 2025, 7:33 pm
$
0
0

Replies: 0

Following a series of upgrades around the recent WordPress upgrade, the site Editor complained that she couldn’t log in. I tried to log in as Administrator but also failed. The hosting service sent code showing a break in Sahifa theme code. So I had them install a backup from a few days earlier. No more break in Sahifa, but neither the editor or myself (admin) can log in. Used cpanel filemanager to remove Wordfence. We can log in just fine. Even with wordfence enabled, I can log in through Softaculous manager on cpanel, but I can’t find what might be blocking us. I can see the pattern in the database table ‘wflogin’, though, starting on May 6 suddenly all of our attempts to login fail.

False Positive Warning for FluentSMTP Plugin

May 12, 2025, 10:29 pm
$
0
0

Replies: 0

Dear wordfence team, what’s wrong with the Monolog PHP library? You started flagging and sending warnings to your customers? Care to explain this false positive? Received 100s of tickets in the last couple of hours. As a security company, you should be more responsible. Please let me know how to resolve the issue.

warning from Wordfence about the FluentSMTP plugin:

File contains suspected malware URL: wp-content/plugins/fluent-smtp/includes/libs/google-api-client/build/vendor/monolog/monolog/src/Monolog/Handler/PushoverHandler.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Bad URL: http://api.pushover.net/
Details: This file contains a URL that is currently listed on Wordfence’s domain blocklist. The URL is: http://api.pushover.net/

Critical error caused by wp_mail() in wordfenceClass.php

May 13, 2025, 1:21 am
$
0
0

Replies: 0

Hi,
I’m getting a critical error related to wp_mail() in wordfenceClass.php (line 7512).
The error says the callback must be a valid array with two elements.
It seems the $to parameter is not properly formatted.

Can you help me fix this?
Thanks!

Here the error message:
Message d’erreur : Uncaught TypeError: call_user_func_array(): Argument #1 ($callback) must be a valid callback, array must have exactly two members in /app/www/wp-includes/class-wp-hook.php:324 Stack trace: #0 /app/www/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters(”, Array) #1 /app/www/wp-includes/plugin.php(517): WP_Hook->do_action(Array) #2 /app/www/wp-includes/pluggable.php(581): do_action(‘wp_mail_failed’, Object(WP_Error)) #3 /app/www/wp-content/plugins/wordfence/lib/wordfenceClass.php(7512): wp_mail(Array, ‘[Wordfence Aler…’, ‘This email was …’) #4 /app/www/wp-content/plugins/wordfence/lib/wfAlerts.php(179): wordfence::alert(‘[Wordfence Aler…’, ‘A user with use…’, ‘176.141.157.90’) #5 /app/www/wp-content/plugins/wordfence/lib/wfCentralAPI.php(816): wfAdminLoginAlert->send() #6 /app/www/wp-includes/class-wp-hook.php(324): wfCentral::sendAlertCallback(‘adminLoginNewLo…’, Array, Array) #7 /app/www/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters(”, Array) #8 /app/www/wp-includes/plugin.php(517): WP_Hook->do_action(Array) #9 /app/www/wp-content/plugins/wordfence/lib/wordfenceClass.php(2602): do_action(‘wordfence_secur…’, ‘adminLoginNewLo…’, Array, Array) #10 /app/www/wp-includes/class-wp-hook.php(326): wordfence::loginAction(‘Quentin’) #11 /app/www/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters(NULL, Array) #12 /app/www/wp-includes/plugin.php(517): WP_Hook->do_action(Array) #13 /app/www/wp-includes/user.php(138): do_action(‘wp_login’, ‘Quentin’, Object(WP_User)) #14 /app/www/wp-login.php(1322): wp_signon(Array, true) #15 {main} thrown.

Viewing all 33342 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>