Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all 33176 articles
Browse latest View live

mountainguy2 on "[Plugin: Wordfence Security] Bot swarm increase?"

July 28, 2016, 7:29 am
$
0
0

I've noticed an obvious increase in my blocked bot attacks over the last few weeks, actually just about doubled! Am wondering if the Realtime Wordfence Security Net is falling short or something? I'm doing just about everything possible to mitigate attacks, but the bombardment is still significant. I've got a pretty robust defense set up, Worfence, can you give us any idea on how your hidden threat blocking (Real Time Security Network) is working these days? Any plans for improvements? I check a sampling of these blocked IPs and they're often known to be bad and on several block lists such as Barracuda or Spamhaus.

Thanks, MTN

https://wordpress.org/plugins/wordfence/

Search

Gus on "We were unable to create the wordfence-waf.php"

July 28, 2016, 7:46 am
$
0
0

Hi,

I've got a problem with the Wordfence Firewall. I've installed it on several websites (root domain) on my server without any issue but now trying to install it on a sub-domain (say xyz.domain.com) and I'm getting this error message:

"We were unable to create the wordfence-waf.php file in the root of the WordPress installation. It's possible WordPress cannot write to the wordfence-waf.php file because of file permissions. Please verify the permissions are correct and retry the installation."

I created the wordfence-waf.php file manually and pasted the content like I usually do. Created and chmoded wp-content/wflogs also. And added the auto_prepend like I normally do on other websites:

php_value auto_prepend_file "/home/domaincom/sd/xyz/htdocs/wordfence-waf.php"

It looks like the Worfence Firewall config script can't find wordfence-waf.php? But it's there.

I've tried to do the same kind of install on a different sub-domain on another domain and I get the same problem.

Config: Ubuntu, Apache 2.4, PHP 5.6.24

Any help would be welcome!
Thanks,
Gus

https://wordpress.org/plugins/wordfence/

cherlihy on "[Plugin: Wordfence Security] Just about to trash Wordfence"

July 28, 2016, 7:49 am
$
0
0

Thanks for your input MTN. I have opened a ticket, so I'll have to wait to see what comes of it.

I too had major issues with their built in caching, and had to turn it off and use a different plugin for that, which produced much better results.

AndyWarren on "[Plugin: Wordfence Security] Wordfence Won't Scan"

July 28, 2016, 8:09 am
$
0
0

I've tried countless times to get Wordfence to run a scan. I received an email saying there were unknown files in my WordPress install, but nothing shows in Wordfence for files that can be fixed. When I click "Start a Wordfence Scan" the little gif spins, and then stops, and nothing happens. No scan at all, just nothing.

This is Wordfence v6.1.12. Thoughts?

https://wordpress.org/plugins/wordfence/

jlbworks on "[Plugin: Wordfence Security] Wordfence and WP Mail Bank"

July 28, 2016, 8:45 am
$
0
0

Wordfence is sending alerts to an email for security alerts, WP mail bank makes it so where all emails sent from site are routed through a designated email so they are not sent to spam. WPMB's email being sent to Security email gets return error because security email is a google group for specified users. Is there a way to force wordfence to work around wp mail bank when sending email alerts?

https://wordpress.org/plugins/wordfence/

donsturgill on "[Plugin: Wordfence Security] Flashing Message on Options Page"

July 28, 2016, 8:58 am
$
0
0

I've a flashing notification at the top of the Wordfence Options Page:

Notice: Undefined index: coreUnknown in /home/histent/public_html/silvercreekclogging/wp-content/plugins/wordfence/lib/wordfenceHash.php on line 141 0

https://wordpress.org/plugins/wordfence/

wfalaa on "[Plugin: Wordfence Security] how to exclude widget content from cache?"

July 28, 2016, 9:23 am
$
0
0

Actually, this line is just a static code, it shouldn't be considered when it comes to caching, will need to look at the main code snippet that control replacing your phone number with a Google one.

Are you using this snippet mentioned here in (Part III > Example 3)?

Thanks.

tsabar on "[Plugin: Wordfence Security] how to exclude widget content from cache?"

July 28, 2016, 9:35 am
$
0
0

actually just the code in part 2, they said i don't need part 3 if i insert the following line of code into part 2:

var google_replace_number="1-800-100-100"; // << Replace with your phone number

Search

wfalaa on "[Plugin: Wordfence Security] Unknown file in WordPress core"

July 28, 2016, 9:41 am
$
0
0

Hi All,
My reply will cover three main questions:

#1 Are these files included in WordPress core?
Short answer, no, they are not.
You can download a recent WordPress version from here and you will find these files do not exist, or check the official WordPress repository on Github.

#2 Why are these files on my server then!?
There are many possibilities here:
- These files may be traces of old WordPress versions that were not removed after an update.
- They could be incorrectly included in a web panel’s one-click installer (cPanel, Plesk etc...)
- On some of your posts above, these files seems to be a backup version of your current WordPress files. I am not sure if this was done manually or by a script run by your web host.
- Finally, your website may have been compromised and the hacker injected these files into wp-admin and wp-includes folders.

#3 What should I do now?
- Ask your hosting provider if you can replace your current WordPress folders / files (except the wp-content folder) with a recent version directly downloaded from WordPress.org.
- You can simply ignore these warnings if your hosting recognizes these files.
- Also keep watching for such files that should be excluded from our searches in future updates to avoid such warnings. Please let us know if you think there is a false-positive result in this list (always compare to the same version of WordPress installed on your website with a pure copy downloaded from WordPress.org).

Thanks.

sylviabass on "[Plugin: Wordfence Security] Dashboard widgets disappear with update"

July 28, 2016, 2:20 pm
$
0
0

Thank you for the response. I checked and do get two mixed content errors. We use https over admin, but not on the public view of the site. One is a CSS request that gets blocked and another is for the favicon. However, I get the same errors when I disable WordFence, yet the Dashboard works as expected. It is only /wp-admin/index.php that has the issue. Other /wp-admin/ pages do not.

cwdv on "[Plugin: Wordfence Security] Unknown file in WordPress core"

July 28, 2016, 3:02 pm
$
0
0

Hello,
I have been using Wordfence for about a year. I recently received a Wordfence Alert email stating:

Alert generated at Tuesday 26th of July 2016 at 10:22:42 AM
Warnings:
* Unknown file in WordPress core: wp-includes/js/index.php

The contents of the file is:
<?php
// Silence is golden.

I was wondering:
Is this a valid file?

If it is not valid, then it is a file likely left over from when my sites were hacked in January 2015. Why is Wordfence just recognizing this file now?

Thanks for your help,
Clint

https://wordpress.org/plugins/wordfence/

Sloppy Buns on "[Plugin: Wordfence Security] ._ Unknown files in WordPress core (Version 6.1.11)"

July 28, 2016, 3:37 pm
$
0
0

Same report for me.

Undefined index: coreUnknown in /home/xxx/public_html/wp-content/plugins/wordfence/lib/wordfenceHash.php on line 141

mountainguy2 on "[Plugin: Wordfence Security] Block User"

July 28, 2016, 4:17 pm
$
0
0

Apologies, I was assuming all this time that one could use this to block _any_ username. Wordfence clearly needs to change that limitation. Now that I look at my own setup, I see I've got a bunch of existing user names in there and of course that was a waste of time on my part!

Meanwhile, you're doing the right thing, limit the number of failed attempts. And use a strong password.

You could also install plugin WPS Hide Login, perhaps that could easily solve the problem?

Wordfence support, is this an existing feature request?

MTN

idealynx on "[Plugin: Wordfence Security] Unknown file in WordPress core"

July 28, 2016, 5:46 pm
$
0
0

I too seem to be a victim of whatever Wordfence is doing, but my warning is a little different than what others have posted. Probably because I'm using a Synology server. This is just a small sampling of the huge list of files I received that were flagged. This ONLY happened after the last Wordfence upgrade.

This email was sent from your website "My Website Name" by the Wordfence plugin.
Wordfence found the following new issues on "My Website Name".
Alert generated at Tuesday 26th of July 2016 at 09:39:27 PM

Warnings:

* Unknown file in WordPress core: wp-admin/@eaDir/about.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/admin-ajax.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/admin-footer.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/admin-functions.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/admin-header.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/admin-post.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/admin.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/async-upload.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/comment.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/credits.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/css@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/custom-background.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/custom-header.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/customize.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/edit-comments.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/edit-form-advanced.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/edit-form-comment.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/edit-link-form.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/edit-tag-form.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/edit-tags.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/edit.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/export.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/freedoms.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/images@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/import.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/includes@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/index.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/install-helper.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/install.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/js@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/link-add.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/link-manager.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/link-parse-opml.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/link.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/load-scripts.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/load-styles.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/maint@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/media-new.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/media-upload.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/media.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/menu-header.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/menu.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/moderation.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/ms-admin.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/ms-delete-site.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/ms-edit.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/ms-options.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/ms-sites.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/ms-themes.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/ms-upgrade-network.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/ms-users.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/my-sites.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/nav-menus.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/network.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/network@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/options-discussion.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/options-general.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/options-head.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/options-media.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/options-permalink.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/options-reading.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/options-writing.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/options.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/plugin-editor.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/plugin-install.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/plugins.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/post-new.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/post.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/press-this.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/profile.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/revision.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/setup-config.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/theme-editor.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/theme-install.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/themes.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/tools.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/update-core.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/update.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/upgrade-functions.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/upgrade.php@SynoEAStream

* Unknown file in WordPress core: wp-admin/@eaDir/upload.php@SynoEAStream

idealynx on "[Plugin: Wordfence Security] ._ Unknown files in WordPress core (Version 6.1.11)"

July 28, 2016, 5:55 pm
Search

wfalaa on "[Plugin: Wordfence Security] Undefined index"

July 28, 2016, 8:00 pm
$
0
0

Hi mhart1956, limoden and Marisa
This notice will not affect the scan activity and you don't have to do anything about it, our dev team will take care of it in next update.

Thanks.

wfalaa on "[Plugin: Wordfence Security] Unknown file in WordPress core"

July 28, 2016, 8:30 pm
$
0
0

@bonaventuradibello thanks!

@magdigit No, this is a different problem, please check my reply here.

@umeweall Please make sure you checked my previous reply here, and in case you don't want to see these warnings any more you can turn off "Scan wp-admin and wp-includes for files not bundled with WordPress" option under (Wordfence > Options => Scans to include) till you check these files (which seems to be just traces of an old WordPress version).

@idealynx That's interesting, can you confirm if the list contains -roughly- all files in wp-admin / wp-includes? this seems to be something specific to Synology server, I will discuss that with our team.

Thanks.

iNetPlanet on "[Plugin: Wordfence Security] Version 6.1.12 Undefined index: coreUnknown"

July 28, 2016, 8:35 pm
$
0
0

Ditto. After update.
Notice: Undefined index: coreUnknown in /var/www...
...wordfence/lib/wordfenceHash.php on line 141 0on line 141 0

wfalaa on "[Plugin: Wordfence Security] how to exclude widget content from cache?"

July 28, 2016, 9:07 pm
$
0
0

I'm not sure who do you mean by "they"?

Please follow the three parts mentioned on this Google help page, and make sure everything is working fine without enabling Wordfence Caching, then re-check with "Basic Caching" turned on, and let me know the whole code you are using.

Thanks.

umeweall on "[Plugin: Wordfence Security] Unknown file in WordPress core"

July 28, 2016, 9:54 pm
$
0
0

O.k., thanks, I will have a talk with GoDaddy about them, as I do have a managed system.

Viewing all 33176 articles
Browse latest View live
Search