Replies: 0

Hello,

I have a weird problem. I was using free Wordfence and I was facing some problems with error 403
(A potentially unsafe operation has been detected in your request to this site

Your access to this service has been limited. (HTTP response code 403))

So I deactivated the Wordfence, but the problem is still there. Wordfence blocks this operation even if it’s deactivated – there is mentioned that this block was caused by Wordfence.

I tried to delete the plugin, delete the plugin and all data, but it still blocks my actions even if it’s deactivated/deleted. So I am not sure how to get rid off the plugin. I tried to install the plugin and whitelist my IP, but this didn’t work neither. Can you help me, please?

Thank you in advance and have a nice day!

Best regards

Jiří Pázler

Replies: 0

I recently did a PCI DSS scan on the website and the following was the only identified vulnrability. Can this plug in help me close it?

If yes, please let me know what I need to do. Thanks.

• This topic was modified 5 hours, 2 minutes ago by cyaniccypher.
• This topic was modified 5 hours, 2 minutes ago by cyaniccypher.

Replies: 0

Is it possible with Wordfence free version to view a log of blocks spanning about a week in the past?

Replies: 0

We were trying to disable the Wordfence plugin because we are able to log in, so we followed your documentation link, which is https://www.wordfence.com/help/advanced/remove-or-reset/. After doing it, we are unable to see the dashboard properly. Could you please tell us what the issue is? Also, couldn’t find this wordfence-waf.php file on our server

Replies: 0

I installed a plugin that creates a new login screen (a screen with OTP by mail, where the user submits his username, then receives an email with a “magic” link and automatically logs in on click). The question: can WF protext this new username field from brute force?

Replies: 0

Wordfence installation is incomplete

I’m getting the yellow box at the top of the site saying that I need to put in a license I’m using the exact same process for every site some of the sites have this warning and some of them don’t some of them ask for a license and some of them don’t and I’m doing it the exact same way and I’ll remove them from word fence and add them back and sometimes that’ll fix it and sometimes it doesn’t and I checked my email seems I remember getting like a free license key or something I used initially I’m not exactly sure I checked my email and I can’t find any type of license I know that I could buy a license but my developer said the free version was enough for what we’re doing so what recommendations do you have for me to resolve that yellow box is extremely alarming to my customers

My option is to remove word fence or use this support forum to come up with a solution I tried to search and find it and I saw somebody else just made a new license on another email I don’t want to create a big mess like that so I would like to be able to figure out how to get it to work off of the same account I would like everything in one single account if possible and then I can consider upgrading once I get more familiar I’m just brand new here and I don’t know even what is happening with all this just yet

any help would be appreciated and thank you

Replies: 1

HI i have followed all the steps to and fix the scan failing please find the codes as requested

[May 17 02:32:52:1747413172.048938:4:info] Entered fork()

[May 17 02:32:52:1747413172.047423:4:info] Calling fork() from wordfenceHash with maxExecTime: 20

[May 17 02:32:51:1747413171.991359:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/cy.php (Mem:236.0M)

[May 17 02:32:51:1747413171.979073:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/cv_RU.php (Mem:236.0M)

[May 17 02:32:51:1747413171.966824:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/cv.php (Mem:236.0M)

[May 17 02:32:51:1747413171.954383:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/cu.php (Mem:236.0M)

[May 17 02:32:51:1747413171.941800:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/csb_PL.php (Mem:236.0M)

[May 17 02:32:51:1747413171.929297:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/csb.php (Mem:236.0M)

[May 17 02:32:51:1747413171.916652:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/cs_CZ.php (Mem:236.0M)

[May 17 02:32:51:1747413171.904232:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/cs.php (Mem:236.0M)

[May 17 02:32:51:1747413171.891902:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/crh_UA.php (Mem:236.0M)

[May 17 02:32:51:1747413171.879495:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/crh.php (Mem:236.0M)

[May 17 02:32:51:1747413171.866968:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/cmn_TW.php (Mem:236.0M)

[May 17 02:32:51:1747413171.854382:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/cmn.php (Mem:236.0M)

[May 17 02:32:51:1747413171.841783:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/ckb.php (Mem:236.0M)

[May 17 02:32:51:1747413171.829250:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/chr_US.php (Mem:236.0M)

[May 17 02:32:51:1747413171.816207:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/chr.php (Mem:236.0M)

[May 17 02:32:51:1747413171.803058:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/cgg.php (Mem:236.0M)

[May 17 02:32:51:1747413171.790003:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/ce_RU.php (Mem:236.0M)

[May 17 02:32:51:1747413171.777422:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/ce.php (Mem:236.0M)

[May 17 02:32:51:1747413171.764754:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/ccp_IN.php (Mem:236.0M)

[May 17 02:32:51:1747413171.752204:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/ccp.php (Mem:236.0M)

[May 17 02:32:51:1747413171.739735:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/ca_IT.php (Mem:236.0M)

[May 17 02:32:51:1747413171.726935:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/ca_FR.php (Mem:236.0M)

[May 17 02:32:51:1747413171.714363:4:info] Scanning: /home6/essent27/public_html/essentialminutesfirstaid.com.au/wp-content/plugins/atum-export-pro/vendor/nesbot/carbon/src/Carbon/Lang/ca_ES_Valencia.php (Mem:236.0M)

Replies: 0

See debug.log:

[16-May-2025 13:54:02 UTC] [mb‑i18n] notice _load_textdomain_just_in_time(): Translation loading for the wordfence domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later.
[16-May-2025 21:58:06 UTC] [mb‑i18n] notice _load_textdomain_just_in_time(): Translation loading for the wordfence domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later.

Replies: 0

We’re running WooCommerce Photo Reviews Premium v1.4.3 on our site. Wordfence continues to block links using ?wcpr_token= with the error:

Blocked by firewall for WooCommerce Photo Reviews Premium <= 1.3.13.2 – Authentication Bypass to Account Takeover

I added this to allowlist, it didn’t work:

URL: = /*

request.queryString[wcpr_token]

I disabled the firewall rule(WooCommerce Photo Reviews Premium <= 1.3.13.2 – Authentication Bypass to Account Takeover and Privilege Escalation) as workaround.

Here is full block message:
Type: BlockedActivity Detail

 Dublin, Ireland was blocked by firewall for WooCommerce Photo Reviews Premium <= 1.3.13.2 – Authentication Bypass to Account Takeover and Privilege Escalation in query string: wcpr_token=test123 at https://www.hairweavon.com/?wcpr_token=test123

16/05/2025 20:29:27 (27 minutes ago)

Human/Bot: Human

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

• This topic was modified 11 hours, 59 minutes ago by Evrim Oguz.

Replies: 0

Hi,

I saw related topics about my issue:

• https://wordpress.org/support/topic/how-to-disable-plugin-update-alert-emails/
• https://wordpress.org/support/topic/prevent-plugin-upgrade-notifications/

But I want to keep the severity level in Medium, as Medium level also include these alerts:

• Your site is running an unknown core version of WordPress
• Your site is running an older version of PHP (5.4 or below) that is incompatible with Wordfence country blocking
• An abandoned plugin is installed

Maybe a filter or constant to use to filter the severity levels, what to include or exclude? I really want to disable plugin and theme update notifications, but keep all other notification options as is.

Please consider to add this option as a checkbox or as a filter! Thank you!

Replies: 0

I was thinking it might be useful to have an option like “Only alert me when that administrator signs in from a different country than…” next to “Only alert me when that administrator signs in from a new device.” I’ve noticed that logins seem to always be treated as “new device” for some reason when it comes to alerts, and I always receive notifications about each admin logins. This might not be that useful on a global level, but I live in a smaller country, and the chance of an unauthorized/malicious person logging in with an IP address from our country (using a proxy) is practically zero.
Thank you for considering this option.

Since we’re on the topic, could you help clarify what exactly counts as a “new device”? I’m quite sure the administrators log in from desktops 99% of the time, and even then, from a maximum of two devices. Yet I keep receiving email notifications. Am I missing something?

Replies: 0

Hello guys? how are you?

So i migrate my site to a new server.

The same IP the same Cloud and the same domain.

Just move it a VM on GCP.

Now before long time ago when i did it, i remember the support told me about generate a new license key.

This is really the case? because now for a new license key, i need to remove WordPress and install it again.

everything working now but i want be sure.

Please your advice.

Replies: 0

We are seeing continuous reinfection from this file

<!doctype html>\x0a<html lang=”en-US”>\x0a<head>\x0a<meta charset=”UTF-8″>\x0a<meta name=”viewport” content=”width=device-width, initial-scale=1, shrink-to-fit=no”>\x0a<link rel=”profile” href=”https://gmpg.org/xfn/...

The issue type is: Defacement:HTML/hackedby.names.7855
Description: Page titles containing hacker aliases

We keep deleting the file but comes back after as few days.When we try doing a high sensitivity scan it is failing just before it completes.

How can we resolve the issue?

Replies: 0

Hi Wordfence Support,

I’m encountering an issue when trying to run a scan with the Wordfence plugin on my site.

Issue Description:
Whenever I initiate a scan, it fails partway through with the following message:

Scan Failed
The current scan looks like it has failed. Its last status update was 5 minutes ago. You may continue to wait in case it resumes or stop and restart the scan. Some sites may need adjustments to run scans reliably. Click here for steps you can try.

Steps Already Tried:

• Restarted the scan multiple times
• Checked server resources (no apparent memory or CPU spikes)
• Ensured WordPress, themes, and plugins are up to date

Site Details:

• Website: https://dentistsofpreston.com.au
• Wordfence Version: 8.0.5
• WordPress Version: 6.8.1
• PHP Version: 7.4
• Hosting Provider: cPanel (WHM Server)

Replies: 0

Hi WordFence Team,

I am getting this message whenever I try to run scan:
“A scan stage has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself. Wordfence will make up to 2 attempts to resume each failed scan stage.”

I have done all the steps mentioned in the documentation below:
https://www.wordfence.com/help/scan/troubleshooting/

Are there any other changes that I need to make that will make the scan work?

Thank you.

Replies: 0

buon giorno io riscontro il problema già segnalato da altri utenti con wordfence attivo non riesco ad accedere alla bacheca rinominando la cartella del plugin tramite file manager in modo da disattivare il plugin l’accesso funziona correttamente

Replies: 0

I have 80+ sites hosted on my SiteGround VPS server. I notice that from time to time, my server goes down and/or it has to autoscale to add one or more CPUs.

My server typically chugs along at needing less than 1 cpu, but I’ve got lots more (8 or 9 due to issues like this). Last night, the server was using less than 1 cpu, when there was a utilization spike and SiteGround added 5 cpus, jumping from 9 cpus up to 14.

https://prnt.sc/Qa7mumgSs6zG

That cost me $50. https://prnt.sc/I-Bpv4odtNpW (emails for each upgrade plus a receipt)

I asked SG support about this. Now…this has been going on for a LONG time, and they always thought it was one site or another going rogue. That’s why I keep 8 CPUs month to month. But this time I got a particularly smart tech who figured out that there was a task executing for each of my sites at the same time.

ALL of my client sites run WordFence, most the free version. They all execute some WordFence task during the same minute (https://prnt.sc/2hqpMIvDrZt2), and BAM…if AutoScale is OFF, down goes my server! And if AutoScale is ON, I get charged an extra $50.

So The SG tech advice was to change the scheduled time for the scans. I went into WordFence to do that, and found that YOU CANNOT CHANGE THE SCAN START TIME ON THE FREE VERSION OF WORDFENCE. https://prnt.sc/UgonDPBMHMLh

So, basically, WORDFENCE, the software that is supposed to PROTECT MY SITES and prevent them from going down, TAKES DOWN MY SERVER.

So my question to WordFence is — what do you have to say about this? Can you make this rescheduling feature available to free users? If no, well…my clients won’t all want to buy the premium version, so I’ll have to find a different solution.

My question to the community is — is there some way to find the scheduled time in the database, or on a cron, or in code, or somewhere else, so that I can vary at what time the scans run on all my sites.

Thank you.

-M

Replies: 0

Hi,

We’re using the free version of Wordfence and have noticed that alert emails are sometimes sent and sometimes not, even for similar security events like blocked IPs with high activity.

We’d like to understand:

• What rules or thresholds determine when email alerts are sent?
• Is it expected that some similar events may not trigger an email?
• Could email deliverability issues (like emails going to spam) affect whether alerts are received?

Any clarification or link to documentation would be appreciated.

Thanks!

Replies: 0

Hi – I have a website that uses both Wordfence and Cloudflare.

Within the last 24 hours, the IP addresses of site visitors as displayed in Wordfence Live Traffic are Cloudflare IP addresses, not the actual IP addresses of the visitors.

This includes my own IP address, which has been changed in Wordfence but appears as normal in Cloudflare. (My IP address is whitelisted, so it appears in Cloudflare’s event / traffic log.

Is this a problem with Wordfence, and if so, how can it be addressed?

Thanks in advance.

Replies: 0

Good day! The following error occurs when a user attempts to administer from a suspicious IP address. version wp 6.8.1

Uncaught Error: call_user_func_array(): Argument #1 ($callback) must be a valid callback, function “smtp_enable_for_gmail” not found or invalid function name in /var/www/aet_home_ru_usr/data/www/aet-home.ru/wp-includes/class-wp-hook.php on line 324

Call stack:

WP_Hook::apply_filters(NULL, array) wp-includes/class-wp-hook.php:348 WP_Hook::do_action(array) wp-includes/plugin.php:565 do_action_ref_array(‘phpmailer_init’, array) wp-includes/pluggable.php:541

wp-content/plugins/wordfence/lib/wordfenceClass.php:7512 wordfence::alert(‘[Wordfence Alert] ae…нистратора’, ‘Пользовате… сайт WordPress.’, ‘207.244.71.84’) wp-content/plugins/wordfence/lib/wfAlerts.php:179 wfAdminLoginAlert::send() wp-content/plugins/wordfence/lib/wfCentralAPI.php:816 wfCentral::sendAlertCallback(‘adminLoginNewLocation’, array, array) wp-includes/class-wp-hook.php:324 WP_Hook::apply_filters(”, array) wp-includes/class-wp-hook.php:348 WP_Hook::do_action(array) wp-includes/plugin.php:517 do_action(‘wordfence_security_event’, ‘adminLoginNewLocation’, array, array) wp-content/plugins/wordfence/lib/wordfenceClass.php:2602 wordfence::loginAction(‘admin_aethome’) wp-includes/class-wp-hook.php:326 WP_Hook::apply_filters(NULL, array) wp-includes/class-wp-hook.php:348 WP_Hook::do_action(array) wp-includes/plugin.php:517 do_action(‘wp_login’, ‘admin_aethome’, WP_User) wp-includes/user.php:138 wp_signon(array, true) wp-login.php:1323