Replies: 0
Hi,
Last week, my webhost has update my server to PHP7.0 & MySql 5.5.
I’ve updated wordpress to 4.7.2 version
Since then all of my websites crash every 2 days. The have to reboot the sql server to make them work again.
Today, they finally find that it can come from Wordfence. Because when i have deactivated it, the guy saw that the memory usage become normal. Am i the only one with this problem?
It was working ok before that.
I have 6.3.0
Replies: 0
Hellos,
Hellos,
I’ve run the Wordfence plugin on my multisite WP install for a few months and it’s been working fine. Now I get the following error on the Wordfence Option page in WP Admin:
“Wordfence could not get an API key from the Wordfence scanning servers when it activated. You can try to fix this by going to the Wordfence “options” page and hitting “Save Changes”. This will cause Wordfence to retry fetching an API key for you. If you keep seeing this error it usually means your WordPress server can’t connect to our scanning servers. You can try asking your WordPress host to allow your WordPress server to connect to noc1.wordfence.com.”
When I try to save the Options page, the first error I get is:
An error occurred
Please enter a number for the amount of Live Traffic data to store.
When I enter the number 1000 in the applicable field and try to save the Options page again, I get:
Please reload this page
You selected a config option that requires a page reload. Click the below to reload this page to update the menu
[Reload page]
When I hit ‘Reload page’, I’m back to an Options page with empty values. The API key error is still there, plus this one:
Wordfence Live Activity: Error writing value for adminUserList (MySQLi error: [1146] Table ‘cluetik21_wp4.wp_wfConfig’ doesn’t exist)
I already once uninstalled and then re-installed the plugin. Now I’m going in circles. What is a man to do?
Thank in advance
Replies: 0
Hi,
I host some sites on cPanel/WHM running Apache and nginx via the cPanel Engintron plugin and have recently started switching the config of individual sites to use PHP-FPM as well. Everything has worked fine except that these sites are now stuck on basic firewall protection.
I go through the firewall setup for enhanced protection again (as I am prompted to do), selecting “Apache + CGI/FastCGI” (which is what WordFence autoselects for me). It seems to work (no errors or warnings) but after waiting five minutes it’s still on basic protection.
I’ve also tried using the “NGINX” server config option but that likewise has no effect.
I’ve checked the .user.ini file and I see the auto_prepend_file directive is in there, and the wordfence-waf.php file exists in the public_html folder.
I’ve also tried adding the auto_prepend_file PHP directive to a new php.ini file, just in case, but that makes no difference (it should be using .user.ini anyway as I am on FastCGI under PHP 5.6).
The docs suggested I check for any overruling auto_prepend_file value in the PHP-FPM pool php.ini but in that file this directive has a blank value, so I gather that is no problem.
So I’m not sure what else to try. Any suggestions?
Thanks!
Peter.
Replies: 0
I use Comet Cache. For non-logged in visitors I have aggressive caching where it essentially becomes static files. However, due to Wordfence, some SetCookie stuff is being added where each visitor appears to be a different thing, which is why the cache now contains more files than needed. Is there a way to circumvent this?
Secondly, WF is adding inline JS to my code. Can I prevent this please? Is there some JS we can enqueue in our themes, and have it minified and served as a part of the whole pack?
Thank you
Replies: 1
Today morning I tried to install wordfence through my website greatwall.lk
Suddenly it showed an error message and failed to activate the plugin. From that onward I could not log into my website and the wordpress dashboard. Pls log into http://www.greatwall.lk to see the error message. But in the cpanel, in the plugins folder the wordfence folder is not there…pls help me to resolve this. I want to remove all the files related to wordfence from my site
Replies: 0
Hi
I’m getting the following memory error only when using PHP version 7 or above.
PHP version 5.6 does not produce an error.
I’ve seen this discussed before but not regarding PHP 7 only.
Scans run fine.
Wordfence Memory benchmarking utility version 6.3.1.
This utility tests if your WordPress host respects the maximum memory configured
in their php.ini file, or if they are using other methods to limit your access to memory.
–Starting test–
Current maximum memory configured in php.ini: 512M
Current memory usage: 38.00M
Setting max memory to 90M.
Starting memory benchmark. Seeing an error after this line is not unusual. Read the error carefully
to determine how much memory your host allows. We have requested 90 megabytes.
Fatal error: Allowed memory size of 94371840 bytes exhausted (tried to allocate 67108872 bytes) in …
Can you help, thanks?
WordPress 4.7.2
Wordfence 6.3.1
Apache Version 2.4.25
Replies: 0
Hello everyone,
I would like to know where can I find a guide to help me configure the latest WordFence version. There are a few online but mostly for other versions.
Thank you for any possible help.
Replies: 0
We use a plugin that works with Woocommerce called Webgility that allows our orders, customers and inventory to flow between woocommerce and quickbooks on a local computer. Wordfence would block the connection, what would be some recommended settings to allow the flow of data between the two systems? Would we add a whitelisted IP of the host computer?
Replies: 1
If you think my English is poor, you get to bark at Google 🙂
Word Fence lock me out from logging at times.
I get an HTTP 404 when I should log in to my WordPress blog.
How must I do to be able to log in:
– I go into the website and rename the folder wordfence to worfenceXXX.
– Goes to log in, type in my information and click enter.
– I’ll have blank page with an HTTP 404, update a few times
– Goes to log in again, enter my information and click enter.
– Now I’m signed in.
– I go into the website and changing the name of the folder wordfenceXXX to wordfence.
– Now you can log in with wordfence
My question:
1. Why is it like this?
2. How fixes it so it does not become an HTTP 404
Replies: 0
Hi for security reasons I “hide” wp-admin (using htacess) and I have a custom /wp-admin/ = /customadmin/
The url http://mydomain.com/customadmin/admin-ajax.php?action=wordfence_testAjax returns WFSCANTESTOK but the Wordfence scan doesn’t initiate.
Any ideas?
Replies: 0
I just noticed that two of my latest blog posts have been hacked and replaced with something along the lines of “Hacked by so-and-so – [picture of a dragon]”.
I have a free version of WordFence running reporting no issues.
I clearly have no idea how they replaced the content of the two blog posts, but I do know the following:
Any ideas how to protect against this type of an attack in the future?
Replies: 0
Hi team!
I’ve got an interesting problem. I’ve got a site where the web application firewall is in learning mode, and users are getting blocked for:
“Reason: POST received with blank user-agent and referrer”
Click here to view the error message.
The weird thing is that this is specifically NOT enabled in the WF options:
Click here to view.
Any help that you can offer? As I understand it, since the option is not enabled, users should not be getting blocked for it. And, as I understand it, since the WAP is in learning mode, it shouldn’t be blocking any users for any reason yet.
Can anyone give me guidance on how to resolve this without removing wordfence entirely? Using wordfence 6.3.0.
All the best,
Kristopher
Replies: 0
I have the following warning from Wordfence;
File appears to be malicious: wp-content/cache/object/201/00a/20100a430fed5771552ee479c00eb317.php
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “eval”;a:2:{i:0;s:5:”EAPLq”;i:1;s:35:”/[^a-z\/'”]eval\([^\)]+[‘”\s\);]+/i”;}s:15:”preg_replace /e”;a:2:{i:0;s:5:”G85F2″;i:1;s:47:”/preg_replace\s*\(.+[\/\#\|][i]*e[i]*[‘”].+\)/i”;}s:9:”auth_pass”;a:2:{…”. The infection type is: Suspicious eval with base64 decode..
I have deleted this file (and one very similar that appears with it) but they keep returning.
Any thoughts?
Thanks
Phil
Replies: 0
I don’t need to know the total number of attacks that WF has blocked worldwide. Please give us the option to remove it. At the very least move it to the bottom. A chart for my specific site is much more applicable to me, not global.
Replies: 0
Hello, I cannot get a scan to finish. I have already disabled SSL configuration and changed the max execuion time. Sometimes I get the error right at the beginning and others it gets to analyze 2800 out of 3300 files indexed. I hope yu can help me. Thanks
Replies: 0
I can’t seem to complete scans on a particular site. The activity logs gets stuck on: Analyzed 400 files containing 5.56 MB of data so far but not always the same spot. I find that if I check the browser inspector initially while the scan is running everything is fine and no errors. However if I check after the scanner appears to be stuck for a while, I see a 404 for admin-ajax.php. Is this the hosting environment?
I have 256M memory_limit and very little plugins on this site while another runs with tons of plugins, page builders, seo tools, tracking scripts etc with only 40M memory_limit and scans complete just fine. Do you think it’s possible the host is specifically watching admin-ajax.php and resetting connections that go beyond some threshold?
I have chosen the low resource scanning method as well but same result. Any help is appreciated.
Replies: 0
When a scan is run, there are suspicious files and it says they are probably left over from an older installation. When I delete these files, the site crashes. Please advise.
Replies: 0
After deleting a suspicious file found during a scan (wasn’t part of a core or theme file) the site dashboard is completely blank. The site itself is showing up and working but I can’t access the dashboard. No error, just blank. I have tried deleting the plugin, re-uploading it, messing with my .htaccess file (although I don’t know what I’m doing there! and restored it to the previous state). Not sure what else to try and very frustrated.
Replies: 0
Hello,
Just downloaded the plugin for evaluation. When I click the Activate link, the admin portal site spins for several minutes and then I get a 504 error.
I’m running CentOS Linux in the AWS cloud with WP 4.3.8.
Replies: 0
I have started to see this message
Fatal Error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 127752792 bytes) in /home/…../public_html/wp-includes/class-requests.php on line 752
I’m trying to see the problem, but can’t find it.
Can anyone help?