Is “Auto ThickBox Plus” safe?

June 18, 2017, 4:35 am

≫ Next: Wordfense in database with no drop/truncate permission

≪ Previous: Scan not Starting

$

0

0

Replies: 0

Hallo,

… your new scan result (added in version 6.3.11) is a good idea!
“The Plugin “xyz” has been removed from wordpress.org”

But I’ve a question/problem with one error message for the plugin “Auto ThickBox Plus”!
I use the “Auto ThickBox Plus” version 1.9 and this guys here say:
https://jetpack.com/features/security/library/auto-thickbox-plus-plugin/

Insecure versions: Up To 1.9
Known since: 2015-12-09 01:28:23

“We have rated auto-thickbox-plus as Good (current version safe) which means that we have found vulnerabilities in older versions. We recommend that you only use the latest version of auto-thickbox-plus.”

Means: The version 1.9 is safe!
Only the older version are unsafe or has unpatched security issues. Right!?!

##########################
But you/WordFence say:
——————————–
The Plugin “Auto ThickBox Plus” has been removed from wordpress.org.
It has unpatched security issues and may have compatibility problems with the current version of WordPres.
——————————–
##########################

Only based on the one fact, that this plugin “Auto ThickBox Plus” has been removed from wordpress.org. OK, it is now 2 years without support or update.
But has this version 1.9, really an unpatched security issues?
Or only the older versions?!
Because this plugin is very good and helpful!

Can you make a security check for this plugin again?
Or how can I make a security check for this plugin?
Exists an “how to”?

Thanks for your quickly help/answer!

G, Mike

---

Wordfense in database with no drop/truncate permission

June 18, 2017, 10:01 pm

≫ Next: Warning: Unknown File

≪ Previous: Is “Auto ThickBox Plus” safe?

$

0

0

Replies: 0

Hello,
i have separate database server from my web server and the remote database server got only GET, INSERT, UPDATE, DELETE permission.

today i just noticed and error massage in my nginx log

2017/06/19 06:27:47 [error] 6222#6222: *970 FastCGI sent in stderr: "PHP message: WordPress database error DROP command denied to user 'myuser'@'135.168.102.122' for table 'wp_wfNet404s' for query truncate table wp_wfNet404s made by do_action_ref_array, WP_Hook->do_action, WP_Hook->apply_filters, wordfence::hourlyCron, wfDB->truncate, wfDB->queryWrite
PHP message: WordPress database error DROP command denied to user 'myuser'@'135.168.102.122' for table 'wp_wfVulnScanners' for query truncate table wp_wfVulnScanners made by do_action_ref_array, WP_Hook->do_action, WP_Hook->apply_filters, wordfence::hourlyCron, wfDB->truncate, wfDB->queryWrite" while reading response header from upstream, client: 91ff:fed5::f03c:91ff:7e01:44a2, server: mysite.com, request: "POST /wp-cron.php?doing_wp_cron=1497846467.3556289672851562500000 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.0-fpm.sock:", host: "mysite.com", referrer: "https://mysite.com/wp-cron.php?doing_wp_cron=1497846467.3556289672851562500000"

so what should i do in this case?

Warning: Unknown File

June 18, 2017, 11:13 pm

≫ Next: Question about “Immediately block IPs that access these URLs”

≪ Previous: Wordfense in database with no drop/truncate permission

$

0

0

Replies: 0

Good Day,

I got this warning from Wordfence today.

Warnings:

* Unknown file in WordPress core: wp-includes/js/jcrop/jquery.Jcro1p.min.css

Is this file legit or is something suspicious happening here?

Any insight would be appreciated.

Question about “Immediately block IPs that access these URLs”

June 19, 2017, 2:26 am

≫ Next: Scan don’t ever finishes

≪ Previous: Warning: Unknown File

$

0

0

Replies: 0

Hey!

I don’t have any errors, but I do have a question about the Wordfence option “Immediately block IPs that access these URLs”:

I have hidden my login page by changing the login URL in Wordfence, however I still have a lot of IP’s trying to visit the /wp-login.php page.

This annoys me, so I have now added /wp-login.php in Wordfence options under “Immediately block IPs that access these URLs”. And it works fine – the IPs trying to access wp-login.php are blocked.

My question is however:
Even though I log into my website via another custom made URL, do I somehow still run through the wp-login.php page at some point during the login process?
And hence, do I risk being blocked from my own site for “accessing” the /wp-login.php page during the login process?

I have whitelisted my own current IP and hence currently bypass all Wordfence rules, but sometimes your IP address changes, and then the rules will apply to the new IP too, until you ad it to the whitelist.

I hope my questions make sense.

PS. I absolutely LOVE your plugin!

Kind regards,
/E

Scan don’t ever finishes

June 19, 2017, 3:00 am

≫ Next: PHP Warning: fopen()

≪ Previous: Question about “Immediately block IPs that access these URLs”

$

0

0

Replies: 1

Hi,

As said in the title, the scan never finishes. I have used some answers to this problemes as described here : https://docs.wordfence.com/en/My_scans_don%27t_finish._What_would_cause_that%3F?
But I did not get this to work properly with those techniques.

May you help me ? Thanks in advance,

Activity Log :

[Jun 19 11:47:21:1497865641.026257:4:info] Scanning contents: wp-content/plugins/revslider/includes/operations.class.php (Size:294967B Mem:72.0M)
[Jun 19 11:47:21:1497865641.022833:4:info] Scan process ended after forking.
[Jun 19 11:47:20:1497865640.916439:4:info] Scanning contents: wp-content/plugins/revslider/includes/object-library.class.php (Size:37886B Mem:74.0M)
[Jun 19 11:47:20:1497865640.429367:4:info] Scanning contents: wp-content/plugins/revslider/includes/navigation.class.php (Size:199283B Mem:72.0M)
[Jun 19 11:47:20:1497865640.426926:4:info] Scanning contents: wp-content/plugins/revslider/includes/index.php (Size:0B Mem:74.0M)
[Jun 19 11:47:20:1497865640.242027:4:info] Scanning contents: wp-content/plugins/revslider/includes/googlefonts.php (Size:77443B Mem:72.0M)
[Jun 19 11:47:20:1497865640.221641:4:info] Scanning contents: wp-content/plugins/revslider/includes/globals.class.php (Size:2135B Mem:74.0M)
[Jun 19 11:47:20:1497865640.199716:4:info] Scanning contents: wp-content/plugins/revslider/includes/framework/wpml.class.php (Size:4113B Mem:72.0M)
[Jun 19 11:47:20:1497865640.177190:4:info] Scanning contents: wp-content/plugins/revslider/includes/framework/woocommerce.class.php (Size:4459B Mem:74.0M)
[Jun 19 11:47:20:1497865640.144284:4:info] Scanning contents: wp-content/plugins/revslider/includes/framework/update.class.php (Size:8333B Mem:72.0M)
[Jun 19 11:47:20:1497865640.141515:2:info] Scanned contents of 157 additional files at 24.80 per second
[Jun 19 11:47:19:1497865639.871962:4:info] Scanning contents: wp-content/plugins/revslider/includes/framework/plugin-update.class.php (Size:114455B Mem:74.0M)
[Jun 19 11:47:19:1497865639.856417:4:info] Scanning contents: wp-content/plugins/revslider/includes/framework/newsletter.class.php (Size:1820B Mem:72.0M)
[Jun 19 11:47:19:1497865639.854347:4:info] Scanning contents: wp-content/plugins/revslider/includes/framework/index.php (Size:0B Mem:74.0M)
[Jun 19 11:47:19:1497865639.840493:4:info] Scanning contents: wp-content/plugins/revslider/includes/framework/include-framework.php (Size:854B Mem:72.0M)
[Jun 19 11:47:19:1497865639.787601:4:info] Scanning contents: wp-content/plugins/revslider/includes/framework/functions.class.php (Size:16557B Mem:74.0M)
[Jun 19 11:47:19:1497865639.703853:4:info] Scanning contents: wp-content/plugins/revslider/includes/framework/functions-wordpress.class.php (Size:29591B Mem:72.0M)
[Jun 19 11:47:19:1497865639.677998:4:info] Scanning contents: wp-content/plugins/revslider/includes/framework/em-integration.class.php (Size:5868B Mem:74.0M)
[Jun 19 11:47:19:1497865639.664480:4:info] Scanning contents: wp-content/plugins/revslider/includes/framework/elements-base.class.php (Size:479B Mem:72.0M)
[Jun 19 11:47:19:1497865639.643429:4:info] Scanning contents: wp-content/plugins/revslider/includes/framework/db.class.php (Size:3598B Mem:74.0M)

PHP Warning: fopen()

June 19, 2017, 3:25 am

≫ Next: Last update of Wordfence broken my website

≪ Previous: Scan don’t ever finishes

$

0

0

Replies: 0

I have allow_url_fopen disabled in php.ini – but it seems wordfence needs it to be on. I get this warning:

PHP message: PHP Warning: fopen(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /www/domain.com/public_html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/http.php on line 409

However. I’ve read several security blogs that say that allow_url_fopen should not be enabled. Disabling is best for security.

Any takes on this?

Last update of Wordfence broken my website

June 19, 2017, 4:26 am

≫ Next: Error reading Wordfence Firewall config data

≪ Previous: PHP Warning: fopen()

$

0

0

Replies: 0

I did try to update Wordfence and it ended up with error: “Update Failed: Plugin update failed.”

Now cannot update any other plugin or theme on my site. Great! Many Thanks 🙁

Error reading Wordfence Firewall config data

June 19, 2017, 6:52 am

≫ Next: Wordfence and Avada not working together

≪ Previous: Last update of Wordfence broken my website

$

0

0

Replies: 0

Hi,

I have a production site with the white screen Internal Server Error.

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

I have contacted the hosting provider and they say this is caused by the following:

Error reading Wordfence Firewall config data, configuration file could be corrupted or inaccessible. Path: /home/public_html/wp-content/wflogs/config.php

I have no access to the wp-admin just FTP and Php MyAadmin. How do I resolve this issue please?

Thanks.

---

Wordfence and Avada not working together

June 19, 2017, 8:20 am

≫ Next: wp-includes/class.wp.php??

≪ Previous: Error reading Wordfence Firewall config data

$

0

0

Replies: 0

I’ve had to roll back Wordfence to 6.0.25, because anything after that makes the home page of a clients’ site look terrible, including site-universal items (header). All other pages seem fine. Are there known issues/fixes with Wordfence and Avada/Fusion Builder?

wp-includes/class.wp.php??

June 19, 2017, 10:13 am

≫ Next: Disabling private IP auto-whitelisting

≪ Previous: Wordfence and Avada not working together

$

0

0

Replies: 0

How can I clear this backdoor? I tried it directly from ftp, but it does not go. What should I do?

File appears to be malicious: wp-includes/class.wp.php
Filename: wp-includes/class.wp.php
File Type: Not a core, theme or plugin file.
Issue First Detected: 1 hour 34 mins ago.
Severity: Critical
Status New
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “if ( isset($_REQUEST[‘exec’]) && isset($_REQUEST[‘cmd’]))\x0aDoCmd($_REQUEST[‘cmd’]); else MakeSimpleForm();}?>”. The infection type is: Backdoor:PHP/DoCmd.

Thank you very much for your help.

Disabling private IP auto-whitelisting

June 19, 2017, 11:38 am

≫ Next: Can’t connect to Wordfence server, cURL error 7

≪ Previous: wp-includes/class.wp.php??

$

0

0

Replies: 0

Hello,

Any way to disable private IP auto-whitelisting for development purposes?

Thank you!

Can’t connect to Wordfence server, cURL error 7

June 19, 2017, 1:25 pm

≫ Next: Word fence breaking Wocoomerce ordering

≪ Previous: Disabling private IP auto-whitelisting

$

0

0

Replies: 0

Hi there,

The site is no longer connecting to Wordfence. We have an API key and have run this successfully before, but we can no longer connect, and the error we get is this:

There was an error connecting to the the Wordfence scanning servers: cURL error 7:

So seems the tail is omitted, and this same error shows up all over – no tail with actual error number.

A Gravity scan shows no malware.

Here is what I see when I click on Tools (this pops up above the tool options)
Could not load password audit jobs: exception ‘Exception’ with message ‘There was an error connecting to the the Wordfence scanning servers: cURL error 7: ‘ in /OUR-URL/plugins/wordfence/lib/wfAPI.php:100 Stack trace: #0 /OUR-URL/plugins/wordfence/lib/wfAPI.php(32): wfAPI->getURL(‘https://noc1.wo…’, Array) #1 /OUR-URL/plugins/wordfence/lib/wordfenceClass.php(4199): wfAPI->call(‘password_load_j…’, Array, Array, true) #2 [internal function]: wordfence::ajax_passwdLoadJobs_callback() #3 /OUR-URL/plugins/wordfence/lib/wordfenceClass.php(1078): call_user_func(‘wordfence::ajax…’) #4 [internal function]: wordfence::ajaxReceiver(”) #5 /OUR-URL/wp-includes/class-wp-hook.php(298): call_user_func_array(‘wordfence::ajax…’, Array) #6 /OUR-URL/wp-includes/class-wp-hook.php(323): WP_Hook->apply_filters(”, Array) #7 /OUR-URL/wp-includes/plugin.php(453): WP_Hook->do_action(Array) #8 /OUR-URL/wp-admin/admin-ajax.php(91): do_action(‘wp_ajax_wordfen…’) #9 {main}

We use Genesis and have just updated to WordPress 4.8 and Genesis 2.5.2. We don’t see this on any other systems that use Genesis.

Many thanks!

Word fence breaking Wocoomerce ordering

June 19, 2017, 5:51 pm

≫ Next: Are the background images in css blocked?

≪ Previous: Can’t connect to Wordfence server, cURL error 7

$

0

0

Replies: 0

Hi,

After disabling all plugins except Woocommerce and my gateway plugin and enabling all plugins one by one I discovered that wordfence is creating a “Forbidden” error when attempting to process a transaction.

the site is a dev site and I am using test cards provided by the CC gateway company, Beanstream.

any help you can provide is gratefully appreciated.

https://blog.theteaguy.com/dev

Thanks,

Brent

Are the background images in css blocked?

June 20, 2017, 1:16 am

≫ Next: Are the background images in css blocked?

≪ Previous: Word fence breaking Wocoomerce ordering

$

0

0

Replies: 0

I am using a theme to build my website and I see the images (background images sourced from CSS) aren’t loading. Are they blocked by wordfence firewall?? If so how can I whitelist them?

Are the background images in css blocked?

June 20, 2017, 1:17 am

≫ Next: Scan forks/freezes after hitting wp-includes/class-wp-customize-manager.php

≪ Previous: Are the background images in css blocked?

$

0

0

Replies: 0

I am using a theme to build my website and I see the images (background images sourced from CSS) aren’t loading. Are they blocked by wordfence firewall?? If so how can I whitelist them?

URL: natura.co.in/fling-fx

The above is a page from the website. The section that comes immediately when scrolled has a background image and is not loaded.

---

Scan forks/freezes after hitting wp-includes/class-wp-customize-manager.php

June 20, 2017, 1:51 am

≫ Next: wordfence at www.kis.edu.my cannot retry fetching an API key

≪ Previous: Are the background images in css blocked?

$

0

0

Replies: 0

Many thanks for this great plugin.

My scan forks and ends after hitting wp-includes/class-wp-customize-manager.php

I’ve tried tinkering with the execution time to no avail. I’ve also read those with similar predicaments but not found an obvious solution.

Many thanks in advance for help!

wordfence at www.kis.edu.my cannot retry fetching an API key

June 20, 2017, 2:06 am

≫ Next: Scan terminates with error

≪ Previous: Scan forks/freezes after hitting wp-includes/class-wp-customize-manager.php

$

0

0

Replies: 0

Wordfence could not get an API key from the Wordfence scanning servers when it activated. You can try to fix this by going to the Wordfence “options” page and hitting “Save Changes”. This will cause Wordfence to retry fetching an API key for you. If you keep seeing this error it usually means your WordPress server can’t connect to our scanning servers. You can try asking your WordPress host to allow your WordPress server to connect to noc1.wordfence.com.

Scan terminates with error

June 20, 2017, 3:46 am

≫ Next: WORDFENCE Scan terminated with error: DateTimeZone

≪ Previous: wordfence at www.kis.edu.my cannot retry fetching an API key

$

0

0

Replies: 0

The Wordfence scan is repeatedly failing on one of my sites, with this error:

“Scan terminated with error: Unable to query database”

Everything else seems to be working ok — any idea what would cause this?

WORDFENCE Scan terminated with error: DateTimeZone

June 20, 2017, 3:54 am

≫ Next: Help! Wordfence won´t scan…

≪ Previous: Scan terminates with error

$

0

0

Replies: 0

Hello, my wordfence plugin was working fine for last 6 month. But now it is giving me scan terminated error. Whenever I try to scan, after few scan process, it is showing this error:

Scan terminated with error: DateTimeZone::__construct(): Unknown or bad timezone (Etc/GMT-5.5)

I tried to disable wordfence & re-enable it (with checking the option of deleting all data & table after deactivate in wordfence setting). But stil I am agetting this error.

Help wordfence Team.

Help! Wordfence won´t scan…

June 20, 2017, 4:01 am

≫ Next: Price for Premium – per domain or site?

≪ Previous: WORDFENCE Scan terminated with error: DateTimeZone

$

0

0

Replies: 0

I´ve just installed Wordfence but it won´t perform a scan! When I press “Start a new scan” I get a message on the scan button saying “requesting a new scan”, and a popup in the bottom left corner of my screen saying “wordpress is working”, but after a couple of seconds it disappears and the the scan button reverts back to “Start a new scan”. no results come up. everything on the page is the same as before. I checked in the diagnostics, and there is an error message in red in the Connectivity section:

Connecting to Wordfence servers (http): OK
Connecting to Wordfence servers (https): OK
Connecting back to this site: wp_remote_post() test back to this server failed! Response was: 502 Bad Gateway<br /> This additional info may help you diagnose the issue. The response headers we received were:<br /> server => nginx<br /> date => Tue, 20 Jun 2017 10:56:53 GMT<br /> content-type => text/html<br /> content-length => 166<br />

I checked the forum and others seem to have had a similar problem, but there are no solutions posted for how to resolve it. I am not a developer. Any ideas as to how a rookie can fix this?