I filed a report for the question and get the dev team to look. I'll let you know what they find or have one of them answer you here.
tim
I filed a report for the question and get the dev team to look. I'll let you know what they find or have one of them answer you here.
tim
We haven't had any other reports of that not working. Those define statements are added in the wp-config.php right?
I'm going to try and put this on my schedule to test tomorrow or Friday morning.
Thanks
tim
Way odd. Glad they ain't bothering you anymore :)
tim
Hi
So is it all warnings about this one file wp-content/uploads/2014/02/expérimentation-et-matière-14-222x160.jpg ?
Or are there others?
tim
Tested this and I can see that when I add the ip to whitelist and have box checked for emailing when an admin signs on an email is sent. IP bypass does not work for this. I'll make a note and file a bug report and post here when the dev team gets to it.
The only reason I can think of is what if someone steals your credentials? Then the only way you'd know they were accessing the site, hopefully because you don't share your credentials, right?) was if we sent you an email. Believe it or not, this happened on a site I managed a few years back to another admin's account.
tim
Paul
your hotlinking policy wont let me view the picture. :( But good catch on the firewall stuff. I think the only one I block is marked "if 404's for known vulnerable URL's exceed:" Throttling actually handles it much easier. If you say throttle more than 90 hits a minute, we allow the first 90 requests to go through then return a 503 error for each hit for the rest of the minute. Since the error means the server is overloaded, it tells the visitor 'slow down' and doesn't mess up your google ranking because google sees it and chills out and waits to recrawl the site.
Let me know what jetpack says. I think there was a few problems with it lately, but not related to working with our plugin that I can recall.
tim
Still not working. I get email alerts to attempted logins/lockouts, but only see my own activity in "all hits" tab and my own administrative logins in logins/logouts tab. Nothing else shows.
Can you cat the file and see what it says? Post the contents here.
Thanks!
tim
So, on the live traffic pages you only see your ip address?
tim
And only the IPs I've blocked the last couple of days show in the list.
So, let me just get clear on this.
Is that correct?
tim
Can you look on that page with the java console open and see if you see any errors in red?
https://www.java.com/en/download/help/javaconsole.xml
tim
Yes
Hi,
I second that! I would love it if Wordfence also prevented fake sign ups.
Thanks for a great service!
I can't get the console to open on the page. I can only get it to open on the "Verify Java" screen that is at java.com. I've tried with 2 different computers on 2 different versions of windows/java/web browsers. And on different websites.
Thanks for testing. I agree that you won't get notice when someone logs in with stolen credentials. The person still has to be logging in from the same IP though, since it's a by pass based on IP.
Another option could be to make a checkbox next to the whitelist rule that says: Also include administrator login messages.
Michael
Files sent :)
Same thing just happened to me. I don't use Wordfence though.
The only change I was able to observe is that the Contact Form7 plugin auto deactivated and i couldn't re-activate,delete,re-install it or any of my other plugins until all the file permissions had been changed back again!!
On the chance that additional supporting voices might help, I'm also looking forward to something from Wordfence that would prevent fake sign-ups. Those guys are driving me nuts, as I'm having to ban them manually...ever day.
It's gotten so annoying that I'm looking for an additional (and hopefully temporary plugin that can address the problem in the meantime. I already know that whatever I find, you guys will ultimately do it better..>:)
Thanks,
Steve
This is showing up once a day in the error log on one my sites
PHP Fatal error: Call to undefined function wp_create_nonce() in /home/xxx/wp-content/plugins/wordfence/lib/wfUnlockMsg.php on line 4