Hello zmtgf,
we have a fix coming in the next release. It will not fix all instances of this problem but it should fix most of them. The mysqli plugin is required for the fix to work. You can check whether you have mysqli plugin by clicking on "Click to view your system's configuration in a new window" at the bottom of Wordfence page "Diagnostics".
↧
wfasa on "[Plugin: Wordfence Security] Fatal error: Allowed memory size with latest update"
↧
ralphonz on "[Plugin: Wordfence Security] Parse Error"
I'm getting these errors too. On multiple sites but on the same server:
PHP Parse error: syntax error, unexpected ''/(?:' (T_ENCAPSED_AND_WHITESPACE) in /home/mydomain/public_html/wp-content/wflogs/rules.php on line 32
[19-May-2016 13:31:05 UTC] PHP Parse error: syntax error, unexpected ''/(?:' (T_ENCAPSED_AND_WHITESPACE) in /home/mydomain/public_html/wp-content/wflogs/rules.php on line 32↧
↧
wfasa on "[Plugin: Wordfence Security] Parse Error"
Hello both of you,
we now have a bug filed for this. Our internal case number is FB1845. It will be included in one of the upcoming releases. I'll try to get back to you when it's in place.
↧
ralphonz on "[Plugin: Wordfence Security] Parse Error"
this is the line in question:
$this->variables['xssRegex'] = new wfWAFRuleVariable($this, 'xssRegex', '/(?:
↧
ralphonz on "[Plugin: Wordfence Security] Parse Error"
Cheers! That was quick :)
↧
↧
wfasa on "[Plugin: Wordfence Security] Fatal out of memory since update! | PHP = 256m"
Hello jonyfox,
we have a fix coming in the next release. It will not fix all instances of this problem but it should fix most of them. The mysqli plugin is required for the fix to work. You can check whether you have mysqli plugin by clicking on "Click to view your system's configuration in a new window" at the bottom of Wordfence page "Diagnostics".
↧
android1pro on "[Plugin: Wordfence Security] Blocking/throtteling not working"
1) Why not Matt?
Given the high advanced features already built in WF,having something like uploading notepad IP list is only basic necessity that should of been there long before many other features
2) Why the powerful feature of Advanced blocking not working at all,
as every time I tried to enter a new host name and save it, it never shows up on the list of blocked item on advanced blocking page.
Can you manage to fix this once and for all ??
↧
White Fir Design on "[Plugin: Wordfence Security] configCache.php File and wp-checking.php File"
Usually evidence of how the website was hacked would show up in the HTTP or FTP log files for the website, have either of you reviewed those yet?
↧
nikwolf on "deleted WF, found/deleted wordfence-waf.php, now site not loading"
For what it's worth - on my version of WP Multisite, I cannot get anything on the WordFence Options page to save. So checking that box to delete files after WordFence is uninstalled, does nothing for me. I could let it sit with the spinning spokes for an hour and it would not have saved by then.
Also, for some reason, the WordFence assistant plugin I tried, ALSO does not do anything to the db files for WordFence on my multisite install.
So I deleted them manually, and edited my .htacess file so I wouldn't get the wordfence-waf.php error.
↧
↧
mountainguy2 on "[Plugin: Wordfence Security] Blocking/throtteling not working"
Android, if you're asking for a list of top criminal IP addresses to input into Wordfence, that's what the WF option "Participate in the Real-Time WordPress Security Network" is supposed to be taking care of. It's imperfect.
I get a lot of attacks on my websites, and I research what has not been blocked by Wordfence. More times than not the bad IP numbers that slip past Wordfence are already on various well known block lists.
See http://www.tcpiputils.com/browse/ip-address
This is a flaw in Wordrence in my opinion. As things get worse in the bot-apocalypse (which will eventually shut down the whole internet, so be ready with a few good books and tickets to the Med), the block lists become ever more important and at least a couple (or more) need to be integrated into Wordfence.
To be fair, the Wordfence block list is probably amazing -- but it's also a bit disconcerting to see what slips through.
Note, if you want to really get radical, and have "notepad" IP block lists, it's best to just install those your top level server firewall rather than dinking around with Wordfence or .htaccess. Check with ISP tech support. In my case I use IP Tables with front end CSF server firewall.
If you can get access to your server firewall, you might be surprised how many attacks are not directly going after your Wordpress install, but rather are doing brute force attacks on your FTP login at server level. Wordfence does nothing about that. Huge flaw in the system, IMHO.
MTN
↧
mountainguy2 on "[Plugin: Wordfence Security] hacked by Pak Haxor experience"
How you resolved this would be appreciated by the community. AT least a hint. MTN
↧
pilardavis on "[Plugin: Wordfence Security] Update Will Not Install"
When i go to that location it says the file is "inactive". There doesn't appear to be a way to change the file name. Do you mind letting me know how to go about changing it. I hate messing with .php files because in my experience my site always fails afterward. but if you know a way i can give it a try.
↧
pilardavis on "[Plugin: Wordfence Security] Update Will Not Install"
the only way i know of is to change the first part to something like
/<?php
rename("_configCache.php");
?>/
but that seems like it wouldnt work.
↧
↧
wpcsphil on "[Plugin: Wordfence Security] False invalid usernames"
Hello,
I have a new client whose WordFence is blocking a lot of users for attempting to login with invalid usernames - but all the usernames actual exist. They have a custom registration system in an Modal with AJAX, maybe that would be part of the problem?
Thanks much for any help!
Philip
↧
WFBrian on "[Plugin: Wordfence Security] False invalid usernames"
Hi Phillip,
That's a definite possibility. Does the Modal/AJAX method add the users to the Wordpress user database? The Wordpress user DB is where Wordfence looks for existing users. Would it be possible to test by creating a new user via regular Wordpress and see if the block happens with that user?
Thanks,
Brian
↧
realchlorum on "[Plugin: Wordfence Security] WP supercache and Wordfence?"
Thanks tim for your fast answer!
Okay i will do that. Sadly. It would be nicer if it could be only one pluging because the more plugins you use the slower it gets also.
Do you think 3 Secs is a good time for google?
ALso i love the feature that you message me per mail if someone tried or did login in the admin account.
Sincerely,
Realchlorum
↧
wflandon on "[Plugin: Wordfence Security] Wordfence Scan Never Completes"
At the bottom of the Wordfence Diagnostics page, check "Enable debugging mode" and re-run the scan. Paste the last 20 lines or so in the thread. Make sure you remove any sensitive information! Then we will check it out and go from there.
↧
↧
wpcsphil on "[Plugin: Wordfence Security] False invalid usernames"
Thanks much for your help guys. I'm going to setup a duplicate site and see if I can figure it out more. Appreciate the pointers in some possible directions. I know I have pains with LastPass sometimes personally having to submit a couple times on WP logins.
Brian, the system does put them into the standard WP Users system / table. I'm wondering if it's a caching plugin issue as well.
Thanks again, will keep digging!
↧
mikuberries on "[Plugin: Wordfence Security] Extra admin users being displayed."
Someone recommended I post this issue here to try and get it resolved...
I have Wordfence and just received this email...
This email was sent from your website "Lovestarr Notebook [ Dolly Blog ]" by the Wordfence plugin at Wednesday 25th of May 2016 at 01:14:00 AM
The Wordfence administrative URL for this site is: http://www.lovestarr.net/wp-admin/admin.php?page=WordfenceA user with username "admina" who has administrator access signed in to your WordPress site.
User IP: 195.154.60.171
User hostname: 195-154-60-171.rev.poneytelecom.eu
User location: France
I went ahead and blocked the IP, but I'm wondering how the hell it logged into an account that I don't even see exists on my users.php. The only thing I see is this:
Users
All (3) | Administrator (3)
HOWEVER...I do not see any other admins listed besides myself. I went into phpMyAdmin and removed the 2 mystery users, but it is still displaying (3) on the WordPress dashboard.
I have been trying to recover my website from a recent hack/compromise and have managed to secure it for the most part, but I am still having issues such as this.
↧
WFSupport on "[Plugin: Wordfence Security] WP supercache and Wordfence?"
Not really sure about the loading time. I know faster is better but the more you content and functionality include the slower it gets.
Thanks
tim
↧