Replies: 0

So just installed WF – latest version and I had to increase the memory to 128M via php.ini file.

scan run and finished ok this time..

but now I get this, below, what is best course action?

* Unknown file in WordPress core: wp-admin/css/colors/blue/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/coffee/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/ectoplasm/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/light/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/midnight/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/ocean/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/php.ini
* Unknown file in WordPress core: wp-admin/css/colors/sunrise/php.ini
* Unknown file in WordPress core: wp-admin/css/php.ini
* Unknown file in WordPress core: wp-admin/images/php.ini
* Unknown file in WordPress core: wp-admin/includes/php.ini
* Unknown file in WordPress core: wp-admin/js/php.ini
* Unknown file in WordPress core: wp-admin/maint/php.ini
* Unknown file in WordPress core: wp-admin/network/php.ini
* Unknown file in WordPress core: wp-admin/php.ini
* Unknown file in WordPress core: wp-admin/user/php.ini
* Unknown file in WordPress core: wp-includes/ID3/php.ini
* Unknown file in WordPress core: wp-includes/SimplePie/Cache/php.ini
* Unknown file in WordPress core: wp-includes/SimplePie/Content/Type/php.ini
* Unknown file in WordPress core: wp-includes/SimplePie/Content/php.ini
* Unknown file in WordPress core: wp-includes/SimplePie/Decode/HTML/php.ini
* Unknown file in WordPress core: wp-includes/SimplePie/Decode/php.ini
* Unknown file in WordPress core: wp-includes/SimplePie/HTTP/php.ini
* Unknown file in WordPress core: wp-includes/SimplePie/Net/php.ini
* Unknown file in WordPress core: wp-includes/SimplePie/Parse/php.ini
* Unknown file in WordPress core: wp-includes/SimplePie/XML/Declaration/php.ini
* Unknown file in WordPress core: wp-includes/SimplePie/XML/php.ini
* Unknown file in WordPress core: wp-includes/SimplePie/php.ini
* Unknown file in WordPress core: wp-includes/Text/Diff/Engine/php.ini
* Unknown file in WordPress core: wp-includes/Text/Diff/Renderer/php.ini
* Unknown file in WordPress core: wp-includes/Text/Diff/php.ini
* Unknown file in WordPress core: wp-includes/Text/php.ini
* Unknown file in WordPress core: wp-includes/certificates/php.ini
* Unknown file in WordPress core: wp-includes/css/php.ini
* Unknown file in WordPress core: wp-includes/customize/php.ini
* Unknown file in WordPress core: wp-includes/fonts/php.ini
* Unknown file in WordPress core: wp-includes/images/crystal/php.ini
* Unknown file in WordPress core: wp-includes/images/media/php.ini
* Unknown file in WordPress core: wp-includes/images/php.ini
* Unknown file in WordPress core: wp-includes/images/smilies/php.ini
* Unknown file in WordPress core: wp-includes/images/wlw/php.ini
* Unknown file in WordPress core: wp-includes/js/crop/php.ini
* Unknown file in WordPress core: wp-includes/js/imgareaselect/php.ini
* Unknown file in WordPress core: wp-includes/js/jcrop/php.ini
* Unknown file in WordPress core: wp-includes/js/jquery/php.ini
* Unknown file in WordPress core: wp-includes/js/jquery/ui/php.ini
* Unknown file in WordPress core: wp-includes/js/mediaelement/php.ini
* Unknown file in WordPress core: wp-includes/js/php.ini
* Unknown file in WordPress core: wp-includes/js/plupload/php.ini
* Unknown file in WordPress core: wp-includes/js/swfupload/php.ini
* Unknown file in WordPress core: wp-includes/js/swfupload/plugins/php.ini
* Unknown file in WordPress core: wp-includes/js/thickbox/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/langs/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/charmap/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/colorpicker/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/compat3x/css/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/compat3x/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/directionality/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/fullscreen/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/hr/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/image/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/lists/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/media/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/paste/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/tabfocus/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/textcolor/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wordpress/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpautoresize/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpdialogs/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpeditimage/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpembed/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpemoji/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpgallery/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wplink/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wptextpattern/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpview/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/skins/lightgray/fonts/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/skins/lightgray/img/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/skins/lightgray/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/skins/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/skins/wordpress/images/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/skins/wordpress/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/themes/modern/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/themes/php.ini
* Unknown file in WordPress core: wp-includes/js/tinymce/utils/php.ini
* Unknown file in WordPress core: wp-includes/php.ini
* Unknown file in WordPress core: wp-includes/pomo/php.ini
* Unknown file in WordPress core: wp-includes/random_compat/php.ini
* Unknown file in WordPress core: wp-includes/rest-api/php.ini
* Unknown file in WordPress core: wp-includes/theme-compat/php.ini
* Unknown file in WordPress core: wp-includes/widgets/php.ini

Replies: 0

Hi there,

I have a rather fresh installation (Apache, MariaDB, php7) of all recent versions but I am still having troubles:

Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 1052672 bytes) in /var/www/html/wp-content/plugins/wordfence/lib/wordfenceScanner.php on line 272

No matter the change in timeout, stages, memory. It never goes through, quite annoying since it is supposed to be the all in one solution here ;-D

Kind regards,
SVTX

• This topic was modified 9 hours, 21 minutes ago by  SVTX. Reason: Added WP version

Replies: 0

A site of mine has been hacked. Wordfence found no problems. GOTMLS Anti-Malware plugin scan found that the wp-content/plugins/index.php was full of malicious code. How has WF missed this?

Replies: 0

Hello WordFence

Have you considered adding a captcha to wp-login.php?

I appreciate that from within WordFence > Options > Login Security Options
that I can reduce the number of failed logins to something low;
such as 3 failed attempts and then the IP Address would be locked out for 1 hour or longer.

But I was wondering if a captcha on wp-login.php would thwart a brute force attempt by a bot on its very first attempt rather than the third or tenth etc.

I know there are captcha plugins available, I felt it made sense for WordFence to offer this as part of a holistic solution.

Best Regards

Replies: 0

Rule Update Failed

No rules were updated. Please verify you have permissions to write to the /wp-content/wflogs directory.

File permission for the directory are 775
changed to 777 same message
rules.php file permissions are 664
ips.php 660
config.php 660
attack-data.php 660
.htaccess 664

VPS running -CentOS 6 + cPanel

When I installed and then activated I received this error message.
Warning: curl_exec() has been disabled for security reasons in /home/aehageman/public_html/arkansascongenitalheartdefectcoalition.org/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/http.php on line 329

The site in the public_html directory is working.
I followed the instructions and attempted to configure all the wordpress installs in sub-directories first. All of these have the same issue.

I copied the rules file to the wflogs directory with no luck.
Changed the firewall status also.

Most of this was done after spending over and hour reading documents file.
https://docs.wordfence.com/index.php?title=Special%3ASearch&profile=default&search=pull+down+rules&fulltext=Search

deactivated all plugins
cleared cache

I keep getting hacked by a spammer/ hacker. They send out 5000 emails per day,my server limit.
We can find their files and remove them (maybe). but they keep getting back in.

We are attempting to lock down each WP install first, with WordFence.

Thank you.

Replies: 0

Hi,
Since upgrade Wordfence to 6.2.8
I have this error at the end of a successful scan.
Warning: mysqli_query(): (HY000/2013): Lost connection to MySQL server during query in /xxxxxxx/wp-db.php on line 1877 0
Best regards,

Replies: 0

Good day. When I try to update my Wordfence plugin, it says

“The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions. tmp/.htaccess.bak, lib/.htaccess.bak”

What do I do?

Replies: 0

This morning, I received an Wordfence Activity email stating that I had two recently modified files:

December 19, 2016 2:39pm

wp-content/wflogs/config.php

December 18, 2016 6:13am

wp-content/wflogs/attack-data.php

I don’t believe that I personally modified these files, so is this something I should be worried about?

Replies: 0

I’ve noticed in the last week or so, even though I have /wp-login.php set as a “Immediately block IPs that access these URLs” option, there are a number that are still getting through without being blocked…

Sample from the Live Traffic:

India Chennai, India tried to access non-existent page http://XXXXXX.com/wp-login.php
2016-12-19 6:25:20 AM (9 hours 58 mins ago)   IP: 117.241.72.85 [block]   Hostname: 117.241.72.85
Browser: Firefox version 0.0 running on Win7
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1

Romania Zarnesti, Romania tried to access non-existent page http://XXXXXX.com/wp-login.php
2016-12-19 5:46:03 AM (10 hours 38 mins ago)   IP: 86.123.179.56 [unblock]   Hostname: 86-123-179-56.dynamic.brasov.rdsnet.ro
Browser: Firefox version 0.0 running on Win7
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1

These should be coming up as “Blocked for accessing a banned URL”, but they’re not… however, *some* are getting blocked properly… strange, no?

Replies: 0

Hello – I’m dealing with a very curious issue here. In my Wordfence > Firewall settings, under “Whitelisted URL’s” I am seeing a whitelisted URL that looks like this:

Param Created Source User IP Action

/wp-admin/options-general.php request.body[ad_code_bottom_1] 12/14/2016, 9:54:21 AM Whitelisted while in Learning Mode. MY ADMIN ACCOUNT MY IP ADDRESS

/wp-admin/admin-ajax.php request.fileNames[files][0] 12/17/2016, 3:01:27 AM Whitelisted while in Learning Mode. – 89.248.172.121

The first parameter is my own whitelist action.

I would like to call attention to the second parameter. I did not at any time specify that “request.fileNames[files][0]” parameter be whitelisted on my site, but it seems as if the attacker (89.248.172.121) has whitelisted it himself. How is this possible? I absolutely do not want users to be able to add whitelisted URL’s.

Additionally, look at this report to see how notorious this URL is in terms of attacking WP sites: https://www.abuseipdb.com/check/89.248.172.121

Thoughts?

~ BT

Replies: 0

Is there a way to specify how Wordfence generates the URLs in the emails that it sends out (Wordfence activity email, for example)? I’ve renamed my admin directory so that bots don’t hit it over and over and renamed my login page. I also only link to the non-www version of my site. When I get the Wordfence emails, all the links are http://www.xsitenamex.com/wp-admin so they don’t work when you click them (it 404’s as intended). It would be nice if there was some way to set the admin URL in Wordfence so that the links are https://xsitenamex.com/siteadmin, for example.

Is there a way to change this?

Replies: 1

Hi,
I received a plugin update from Wordfence this morning.
And I follow the advice.
But Now I receive an error message and I am not able to open the site.
The message says:
Fatal error: Can’t use function return value in write context in /home1/rgeenen/public_html/myindoworld.com/wp-content/plugins/ewww-image-optimizer/bulk.php on line 740

Any advice please.
For your info, I do not know coding.
I am 80 years and know only to work on my website.
My site is called http://www.MyIndoWorld.com
Plugin is ewww-image optimizer.

Please help,
Ronny
Ron@MyIndoWorld.com

Replies: 0

Hello,
There is a crawl or something like this and want to scan my site.
I see this in live traffic:
mydomain/?wordfence_syncAttackData=1482235768.15
IP: 164.132.12.213
Hostname: ip213.ip-164-132-12.eu

What is it?

Replies: 0

Hi,

I have my own VPS and a few wordpress sites with wordfence installed. I am getting a lot of alerts from CSF in WHM for suspicious processes taking a long time for each website. These are using files: wp-content/wflogs/ips.php, wp-content/wflogs/config.tmp.xxxxx wp-content/wflogs/attack-data.php

I thought these files were used by the firewall, but even with the firewall disabled something is still accessing these files and taking a long time causing suspicious process alerts.

Can you please shed some light on what these files are used for, if it is normal behaviour even with the firewall disabled, and how to stop the processes over-running.

Thanks.

Replies: 0

This started to happen when I updated wordpress 4.7 and wordfence 6.2.8

Please help, already checked diagnostic, running on godaddy

[Dec 20 14:34:19:1482244459.011278:4:info] Scan process ended after forking.
[Dec 20 14:34:17:1482244457.070288:4:info] Starting cron via proxy at URL http://noc1.wordfence.com/scanp/corexcellfitness.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=467b4e298042c6349550ba2
[Dec 20 14:34:17:1482244457.066411:4:info] Test result of scan start URL fetch: array ( ‘headers’ => Requests_Utility_CaseInsensitiveDictionary::__set_state(array( ‘data’ => array ( ‘date’ => ‘Tue, 20 Dec 2016 14:34:16 GMT’, ‘server’ => ‘Apache/2.4.23’, ‘x-powered-by’ => ‘PHP/5.4.45’, ‘pragma’ => ‘no-cache’, ‘expires’ => ‘Wed, 11 Jan 1984 05:00:00 GMT’, ‘cache-control’ => ‘no-cache, must-revalidate, max-age=0’, ‘x-frame-options’ => ‘SAMEORIGIN’, ‘set-cookie’ => array ( 0 => ‘PHPSESSID=89c7a5cce953a4995fd6d175c8de5716; path=/’, 1 => ‘wfvt_36625676=5859416904289; expires=Tue, 20-Dec-2016 15:04:17 GMT; path=/; httponly’, 2 => ‘wordpress_test_cookie=WP+Cookie+check; path=/’, 3 => ‘wordpress_f8e68ebce46d361bf427ac2978efa919=+; expires=Mon, 21-Dec-2015 14:34:17 GMT; path=/wp-admin’, 4 => ‘wordpress_sec_f8e68ebce46d361bf427ac2978efa919=+; expires=Mon, 21-Dec-2015 14:34:17 GMT; path=/wp-admin’, 5 => ‘wordpress_f8e68ebce
[Dec 20 14:34:14:1482244454.419793:4:info] getMaxExecutionTime() returning half ini value: 60
[Dec 20 14:34:14:1482244454.419361:4:info] Got max_execution_time value from ini: 120
[Dec 20 14:34:14:1482244454.418920:4:info] Got value from wf config maxExecutionTime:
[Dec 20 14:34:14:1482244454.417969:4:info] Entering start scan routine

Replies: 0

I am seeing a hit almost every few minutes (almost all random international countries) in live traffic that show a few different page visits per hit with some variation of the following:

mydomain.com/xmlrpc.php
mydomain.com/wp-login
mydomain.com/401.shtml
(and then usually it shows the wp-login attempt again and then the 401.shtml one more time).

Do you know how I can stop this? I was thinking of adding something like:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !.*example.com.* [NC]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ – [F]
</IfModule>

To the top of my .htaccess, would that help? Any suggestions?

Also is Wordfence making them reach the 401.shtml page or is that for a different reason?

I know my WordPress version is old (we are in the process of trying to update it) but in the meantime I wanted to figure out a fix.

Thank you for your help.

Replies: 0

I think maybe someone cloned my website. Can anyone verify this?

WARNING: the store2.sellerpeak.tk site may have phishing plugins active!
I have never seen the store2.sellerpeak.tk URL before, and a copy of my website appears there, but with all the product picture links broken.

Here is the email I received from wordfence:
============================
This email was sent from your website “(MY REAL WEBSITE)” by the Wordfence plugin at Monday 19th of December 2016 at 01:30:15 AM
The Wordfence administrative URL for this site is: http://store2.sellerpeak.tk/wp-admin/admin.php?page=Wordfence

A user with username “admin” who has administrator access signed in to your WordPress site.
User IP: 162.158.30.12
User hostname: 162.158.30.12
User location: Muscat, Oman

NOTE: You are using the free version of Wordfence. Upgrade today:
– Advanced features like IP reputation monitoring, country blocking, an advanced comment spam filter and cell phone sign-in give you the best protection available
– Remote, frequent and scheduled scans
– Access to Premium Support
– Discounts of up to 90% for multiyear and multi-license purchases

Click here to upgrade to Wordfence Premium:
https://www.wordfence.com/zz1/wordfence-signup/

—
To change your alert options for Wordfence, visit:
http://store2.sellerpeak.tk/wp-admin/admin.php?page=WordfenceSecOpt
To see current Wordfence alerts, visit:
http://store2.sellerpeak.tk/wp-admin/admin.php?page=Wordfence

=========================

Replies: 0

The files wp-config-sample.php and readme.html are flaged as modified from original, but they are not.
they are only the french version of the files. Language is fr.fr

Replies: 0

Hey there

I’m having troubles uploading images to the site on the front end (for vendors). The image tries to upload and fails displaying the following message “An error occurred in the upload. Please try again later.”

and then the console show its trying to call this..
http://tbreds.net/wp-login.php?redirect_to=http%3A%2F%2Ftbreds.net%2Fwp-admin%2Fasync-upload.php&reauth=1

I’ve tried disabling ALL the plugins but it still fails.

I’ve also checked a few other forum threads like this and this but still no luck.

I’d be happy to attach some screen shots of the console if that would help

Replies: 0

Morning,

I was wondering if you could please help.

I have recently installed Wordfence on a WordPress, as the great features and reviews made it ideal as a security plugin. The scheduled scan seems to get stuck on the following sections:

– Comparing core WordPress files against originals in repository.
– Scanning for known malware files.
– Scanning for unknown files in wp-admin and wp-includes.

The scan seems to analyse just a few files, then it gets stuck on this section.

On the first scan, Wordfence found the potential issues below, but I have asked the host provider and they have conducted a security and they couldn’t find any malware, so I have selected the ‘ignore issues’ on Wordfence.

– Unknown file in WordPress core: wp-admin/uploader/pclzip.lib.php
– Unknown file in WordPress core: wp-admin/uploader/upload.php
– Unknown file in WordPress core: wp-admin/theme-uploader.php
– Unknown file in WordPress core: wp-admin/plugin-uploader.php
– Unknown file in WordPress core: wp-admin/includes/upgrade.php.orig

I have checked that the most up to date version of Wordfence has been installed, as well as the most up to date version of WordPress, plus there should be more than enough memory available.

On another website, there was an issue with the scans not completing, but this was eventually resolved, as it was an issue with the amount of memory available.

Kind regards,
FBIR