Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all 33108 articles
Browse latest View live

caylean on "[Plugin: Wordfence Security] Can't store content in Widgets in 6.1.4"

April 22, 2016, 5:01 pm
$
0
0

Hello there,
am I alone with this?

But since I have installed WP 4.5 and WF 6.1.4 I am unable to store the content in my Widgets.

Once deactivated ALL plugins I was directly able to store the Content again and so I checked one by one of the few Plugins and once WF is activated, storing is impossible. The save icon appears for unlimited time .. and even if it is gone after minutes of waiting, the Widget is still empty.

Active Plugins
Antispam Bee
Better WordPress Google XML Sitemaps
Clean Image Filenames
EWWW Image Optimizer
JP Widget Visibility
SF Move Login
Simple Trackback Validation
WP Permalauts

Thats all, nothing really fancy I'd say, but even if I activate WF alone, I am no more able to store Widget content.

https://wordpress.org/plugins/wordfence/

Search

WFMattR on "[Plugin: Wordfence Security] Can't store content in Widgets in 6.1.4"

April 22, 2016, 6:38 pm
$
0
0

Hi Caylean,

This might be due to the new firewall -- if you can go to the Firewall page on the Wordfence menu, and switch to Learning Mode, then try making your widget changes again, let me know if that works, or if you still have trouble. After making the edits, you can switch back to Enabled mode. This lets the firewall learn that your edits to the widgets are safe (it depends on the content of what is in your widgets), so you shouldn't have to do this all the time.

More details on learning mode are available here:
Web Application Firewall - How to use Learning Mode

-Matt R

mountainguy2 on "[Plugin: Wordfence Security] SUCCESS WITH FIREWALL 6.1.4"

April 22, 2016, 8:07 pm
$
0
0

I've really slaved over this, but no way I'm going to run security software that isn't chugging along at 100%. So once I'd familiarized myself with everything, I contacted Liquid Web hosting support and it looks like they got everything working after a couple of hours. I have three Wordpress sites on one server, with only one default php.ini file. The tech support guy had to break that down. Here is his summary.

Backup copy the cPanel PHP wrapper script and then I edited the wrapper to check first for a php.ini in the public_html, then if none is found check the user dir, then if none is found to
check in the normal location of the global php.ini. Then I copied the cPanel PHP wrapper script to a more permanent location in case I recompile Apache at some point. Then I created
local php.ini files for the three domains, using the directive needed for each in the corresponding local php.ini file, corrected perms, and restarted Apache.

And so on. It took a few crashed websites and like I said, hours. I hope it's worth it.

MTN

https://wordpress.org/plugins/wordfence/

mountainguy2 on "[Plugin: Wordfence Security] Word fence Firewall install not completing - how it got fixed"

April 22, 2016, 8:09 pm
$
0
0

Sheesh. I just spent 2 hours with Liquid Web hosting support. It appears they got it working, but I'm keeping my fingers crossed!! Check my other posting.

For what it's worth, the same exact thing happened to us while working on these three sites. The tech got #1 working, then when he got #2 working it broke number one. He then seems to have gotten it all fixed, but it was not grade school server management.

The problem we had is that my VPS only has one global configuration for the PHP, which had to be broken down.

MTN

devhalfdata on "[Plugin: Wordfence Security] New Firewall and admin rights"

April 22, 2016, 8:42 pm
$
0
0

Dear Developers.

Seems your new firewall works incorrectly. I'm administrator of my website. If in my dashboard I submit form (through AJAX) which contains JS-code, your firewall blocks such request because of false reaction on XSS. It returns:

A potentially unsafe operation has been detected in your request to this site, and has been blocked by Wordfence. Bla-bla-bla.

Obviously, it's incorrect behavior. You try to protect website against of its administrator. ;-)

I think it's more logical to disable firewall for requests that made by website administrators.

https://wordpress.org/plugins/wordfence/

Han Balk on "[Plugin: Wordfence Security] Cannot delete entries from whitelisted urls"

April 23, 2016, 11:49 am
$
0
0

Me too. Thanks for the update Matt.

dmdcissp on "[Plugin: Wordfence Security] Cannot access Free API key"

April 23, 2016, 12:21 pm
$
0
0

I really like this plugin. If I knew that I could get it to work by purchasing the Pro API key, I would do it however I am reluctant to purchase it without knowing.....

Any opinions???

bonnar on "[Plugin: Wordfence Security] Wordfence could not get an API key from the Wordfence scanning servers when it a"

April 23, 2016, 12:22 pm
$
0
0

I've tried following other forums on this but since updating my Wordfence plugin - nothing is working.

- - - WARNING AT TOP:

Wordfence could not get an API key from the Wordfence scanning servers when it activated. You can try to fix this by going to the Wordfence "options" page and hitting "Save Changes". This will cause Wordfence to retry fetching an API key for you. If you keep seeing this error it usually means your WordPress server can't connect to our scanning servers. You can try asking your WordPress host to allow your WordPress server to connect to noc1.wordfence.com.
- - -

1. The scan won't start
2. The "Congratulations!" box constantly appears asking to 'enter your email' - which makes no difference - it says an email has been sent, but it hasn't.
3. I have no htaccess file in wp-content or wp-content/plugins
4. Workfence Diagnostics all seem okay.
5. NOTHING I configure in wordfence seems to save.

ANY ADVICE... ANYONE?!

https://wordpress.org/plugins/wordfence/

Search

bhSLC on "[Plugin: Wordfence Security] Wordfence conflict with Kallyas theme"

April 23, 2016, 1:47 pm
$
0
0

After painstaking research, I've discovered that the latest WF plugin conflicts with my latest Kallyas (Hogash) theme. I've addressed the issue with Hogash support and they say the issue is yours.

I found one of your threads that discusses putting your site into learning mode in Firewall, making your update and then putting it back into regular mode. For me, when it was in learning mode, I was able to update, but once I returned it back to regular mode, I still couldn't update/publish.

My issue is that when I hit publish (as one would normally do), the page never resolves. It just 'spins' indefinitely. I don't ever get an error message. When I disable Wordfence, or if I put it into learning mode, I'm able to update the page. Re-enable Wordfence, or put it back into standard mode, and it won't update.

I should say that I've had the Kallyas theme for 2 years and Wordfence for some time. They just did a major upgrade to their theme, but the problem isn't wide spread. Why WF would need to learn my site all over again doesn't make much sense to me.

That said, they do happen to have a troubleshooting page that references Wordfence, and here's what they say:

"WordFence causing Page builder not saving data

We love WordFence so we highly recommend using it!

Sometimes the WordFence plugin is restricting Ajax calls in frontend and thus causing troubles with the Page Builder not saving your changes. If you open the developer console you might find a red error static “403 Forbidden – admin-ajax.php”.

Luckily there’s an easy solution. Try accessing WordFence > Options > Other Options > Whitelisted IP and add your own IP address http://hogash.d.pr/10j7q . You can find your IP address using this kind of tool http://www.whatsmyip.org/ "

http://support.hogash.com/documentation/wordfence-causing-page-builder-not-saving-data

Suggestions for a better fix than a blanket whitelist on my IP?

https://wordpress.org/plugins/wordfence/

mountainguy2 on "[Plugin: Wordfence Security] SUCCESS WITH FIREWALL 6.1.4"

April 23, 2016, 2:57 pm
$
0
0

So, I go to check my main website to see how Wordfence is doing. It's deactivated!

Has anyone had Wordfence deactivate on its own? Was pretty alarming.

MTN

mountainguy2 on "[Plugin: Wordfence Security] Is Firewall 6.1.4 supposed to write to htaccess?"

April 23, 2016, 3:14 pm

WFMattR on "[Plugin: Wordfence Security] Scan can't continue - stored data not found after a fork. Got type: boolean"

April 23, 2016, 3:56 pm
$
0
0

Hi tonyt57,

This might be a different issue -- can you make a new post using the form at the bottom of the Wordfence forum here and post the last 10 lines of the "Scan detailed activity" box after a scan fails? (The wordpress.org forum rules ask us to keep each person's issues separate, and it also helps us keep track of open issues, so no one gets skipped in long posts.) Thanks!

-Matt R

WFMattR on "[Plugin: Wordfence Security] Cannot delete entries from whitelisted urls"

April 23, 2016, 3:58 pm
$
0
0

@krko: I don't have an estimate yet, but it will be soon. In the meantime, if you need to remove a whitelist rule that contains special characters, you can edit the rule and replace it's path with a "/" then save the changes -- then you should be able to delete it.

-Matt R

WFMattR on "[Plugin: Wordfence Security] 403 Forbidden"

April 23, 2016, 4:03 pm
$
0
0

Hi mah86,

There are two possibilities -- if you can go to the Firewall and switch the firewall status to Learning Mode, you should normally be able to complete the actions, and they'll be whitelisted for the future, and then you can switch the firewall back to Enabled and Protecting. If you see multiple new entries on the whitelist at the bottom of the Firewall page, you can post a screenshot of what you're seeing (and the name of the slider plugin), and we'll see if it needs a custom whitelist rule.

The second possibility, if the site is hosted on a Windows server, the whitelist entries and firewall status cannot be saved. If that is the case, the issue will be fixed in the next release.

Wordfence is not officially supported on Windows platforms (see https://docs.wordfence.com/en/Wordfence_system_requirements ), but we do address issues when we can.

If necessary, you can add this line to wp-config.php to disable the firewall feature:
define('WFWAF_ENABLED', false);

If you've already enabled the "Extended Protection", add the code to the wordfence-waf.php file instead, just below the "<?php" line.

Other Wordfence features will still work normally in this case.

-Matt R

WFMattR on "[Plugin: Wordfence Security] Scan will not complete"

April 23, 2016, 4:19 pm
$
0
0

Nice -- it's still the most comments I've seen on a single site! That's right that the growing content (and comments) will only make the scans use more memory, so I understand -- I don't know which release the improvements will be in, but I think there will be more time for this soon, now that the new firewall has been released. If you haven't seen it, the blog post about the new version here describes more about the new features, and the 9-month development effort!

-Matt R

Search

WFMattR on "[Plugin: Wordfence Security] 403 on post preview since update"

April 23, 2016, 4:46 pm
$
0
0

I've sent the issue with the urlencode() warning to the dev team, and that should be addressed soon. I'm not certain why these items need to be whitelisted though -- they don't trigger the firewall in a typical installation. Do you use any plugins that affect how pages or posts are saved? Or can you post a list of the plugins you're using?

-Matt R

WFMattR on "[Plugin: Wordfence Security] New Firewall and admin rights"

April 23, 2016, 4:56 pm
$
0
0

Hi,

Thanks for the message -- I will mention this to the dev team, but it is possible for malicious javascript that affects your own site to run in your own browser, if an attacker can get you to load a specially crafted link, so in these cases, blocking the administrator can prevent an attack.

The best way to avoid the messages when using plugins that do normally include code that might be flagged as XSS is to enable learning mode for a while, and do your normal tasks, then switch back to "Enabled and Protecting." There are more details on learning mode here:
How to use Learning Mode

If you like, you can also add your IP to the whitelist on the Wordfence options page, to be able to bypass all rules.

Also, if you don't mind posting the plugin (or builtin function) you were using, and what got added to the whitelist to make it work normally, we can also look at whitelisting it internally, in the future. Thanks!

-Matt R

WFMattR on "[Plugin: Wordfence Security] Fatal error: Allowed memory size exhausted"

April 23, 2016, 5:04 pm
$
0
0

Hi webby1973,

This is probably because some of the scan data is larger than in previous versions, so combined with other plugins' memory usage, the site is reaching the limit. You may be able to increase "How much memory should Wordfence request when scanning" on the Wordfence options page, if it is currently set to 128 MB. (Try 256, if it's not already set that high.)

If this does not help, you may need to ask the host to increase the "memory_limit" in the php.ini file for you. If you have any plugins you're no longer using, sometimes disabling/removing them will also help decrease memory usage during scans, but you might hit the limit again soon. We will be working on decreasing memory usage where possible as well.

-Matt R

WFMattR on "[Plugin: Wordfence Security] Firewall in learning mode learned to whitelist hacking scripts"

April 23, 2016, 5:18 pm
$
0
0

Hi,

Just to follow up, the whitelist bulk editing and preventing whitelisting of hits causing 404s were included in the 6.1.4, the latest release. Thanks for the suggestions.

@gocozumel: It depends on what the whitelist entry is -- you can make a new post using the form at the bottom of the Wordfence forum here, and include the details of what appears on the whitelist, so we can check it out.

Thanks!

-Matt R

WFMattR on "[Plugin: Wordfence Security] Scan can't continue"

April 23, 2016, 5:19 pm
$
0
0

Just following up -- this issue was fixed in 6.1.4 and was related to storage of temporary scan data that affected some sites. If anyone still sees this message (or another scan error), please let us know by making a new post. Thanks!

-Matt R

Viewing all 33108 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>