Replies: 1
hello.. some domain is mirroring my site.. so the content is same with my website..and if do update, they updated too in real time..
and it seems wordfence not blocking them..
they use dynamic ip..
↧
mirroring site
↧
Wordfence blocking WHM Auto SSL renewal for Comodo
Replies: 1
Hello,
I’ve noticed one of my websites had an expired SSL certificate that hasn’t been renewed by cPanel WHM’s AutoSSL feature.
I’ve checked the auto ssl logs and it said
7:57:43 AM WARN The domain “[my-domain]” failed domain control validation: The system queried for a temporary file at “<a href="http://[my-domain]/.well-known/pki-validation/8DFBC6FD9E88816FD981DF937B869792.txt">http://[my-domain]/.well-known/pki-validation/8DFBC6FD9E88816FD981DF937B869792.txt</a>”, but the web server responded with the following error: 403 (Forbidden). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist.
I’ve searched my htaccess for anything related to comodo and I found this next bit that I’ve removed:
# 5G:[USER AGENTS]
<IfModule mod_setenvif.c>
# SetEnvIfNoCase User-Agent ^$ keep_out
SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out
<limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from env=keep_out
</limit>
</IfModule>The certificate was able to be renewed. Maybe it’s worth checking out the rules so that this doesn’t happen.
↧
↧
Worwordfence generating huge amount of 503 errors
Replies: 0
Hi
since last week I have been trying to solve an issue in my 2 wordpress blogs: Google search console showing a huge increase of 503 errors – 2100 in the newest site and 9000 in the oldest one (has more content) and being unable to reach my sitemaps what is having the effect that many of my posts stopped being indexed. With my hosting support I did troubleshoot possible causes and after a long time of tests yesterday, they told me that found no reason from their part to this issue. So, I decided to deactivate all plugins and test one by one, on Google search console, and sent my sitemap again everytime. And after that, I found that there’s no doubt the culprit is wordfence. After deactivating it Google had no problems in accessing my sitemaps. Now, wordfence is too much important to my sites’s security to just let go of it. So, please, is there a way to fix the problem I did report? perhaps deactivating some options? Because it is a big problem. Google has been reporting, since May but increasing in June and getting worse on July and this month, the URLs that could not fetch on the sites, what represents a decrease in about 1000 visits in one of the sites and 500 in the newest site. I want to keep my visits on the normal pattern and also want to keep Wordfence. So, I appreciate some help. Thanks
↧
What is this ?_wfsf = detectProxy
Replies: 0
hi,I found some people visiting http://abc.com/?_wfsf=detectProxy. What is this address? Will it expose important information? Thank u very much
Ps: I am a Chinese user, if you can not read, I attach the Chinese, if you have time, you can translate the Chinese. Thank you.
我发现有一些人在访问 http://abc.com/?_wfsf=detectProxy . 目前它显示为 0 ,这是什么地址?它会暴露重要信息吗?非常感谢回复。
↧
Caching breaking site?
Replies: 1
I have no idea how this relates to Wordfence, but when I disabled Wordfence the issue went away. When I reenabled, the issue came back. Seemingly randomly a few days ago our site started referencing A.style.css instead of style.css. A couple other CSS stylesheets had A. appended to the name as well. Since we don’t have a A.style.css, it broke all of our child theme styling (which is what style.css referenced). I disabled the plugin and it all came back. Does this make sense for Wordfence? I didn’t think there was any caching being done with this plugin, but this is weird…
↧
↧
User with admin name
Replies: 0
Despite enabling Wordfence to prevent users with the name ‘admin’ to set up an account, someone has done exactly that. I deleted the account, and a scan shows no problems at this stage. Firstly I’d like to know HOW someone was able to set up a user account, so I can prevent it happening again. I’m checking now with Google to see if the site has been blacklisted and whether there has been any malicious code added. What I’d like to know, as soon as possible, is how they were able to get past Wordfence’s defense? How do I prevent this happening again, and whether the pro version guarantees against this level of attack?
↧
WF reporting admin username as non-admin
Replies: 0
Received this e-mail:
This email was sent from your website “HBS Financial Group, Ltd.” by the Wordfence plugin at Friday 11th of August 2017 at 09:44:58 AM
A non-admin user with username “my username” signed in to your WordPress site.
User IP: “my IP”
User hostname: pool-“my IP”.bltmmd.fios.verizon.net
User location: Baltimore, United States
I logged in & used my regular credentials as the Admin. WF reports it as a non-admin user
↧
Parse error
Replies: 0
HI,
I keep getting the following error:
Parse error: syntax error, unexpected end of file in /home/hibisvmp/public_html/wp-content/wflogs/rules.php on line 1361
Renamed the Wordfence plugin folder and could get into the site, but the moment I try reinstall or activate it the problem comes back.
Please advise.
Regards
Carl
↧
Wordfence leaves a mess in the database
Replies: 2
Hi,
I have been hit by this issue several times in the past. If the server ran out of memory/disk space or such the database would be fine except for wordfence issues. I have seen several pages telling the problem is with the environment. This time I have hit the issue without any memory/disk space error.
I have been using the plugin in other sites on the same server. The problem is only with this specific site. After installation I see only 3 tables –
| sbqte_wfKnownFileList |
| sbqte_wfNotifications |
| sbqte_wfPendingIssues |
The rest are not getting created. I do not know if I can create the tables using another site where it is installed successfully. I tried to export the settings as well but since the tables are not creating it would not let me save any options.
I am circling in a loop where it keeps popping the message for the tour incessantly.
What I have tried so far?
$ mysqlrepair -o -u root -pXXXX dbname
Manually deleting the tables –
wp_wfBadLeechers
wp_wfBlockedIPLog
wp_wfBlocks
wp_wfBlocksAdv
wp_wfConfig
wp_wfCrawlers
wp_wfFileMods
wp_wfHits
wp_wfHoover
wp_wfIssues
wp_wfLeechers
wp_wfLockedOut
wp_wfLocs
wp_wfLogins
wp_wfNet404s
wp_wfReverseCache
wp_wfScanners
wp_wfStatus
wp_wfThrottleLog
wp_wfVulnScanners
as suggested in some of the posts.
Moving the files under – /var/lib/mysql/dbname/
$ mv /var/lib/mysql/dbname/wp_wf* /tmp/
A complete reset as suggested in the link below is not possible since I can’t save the options –
I wish since the problems related to the database are so frequent, these problems are fixed for good or the corruption of the database avoided. If lets say the disk space is not sufficient can the wordfence plugin not be writing to the database? The other plugins don’t break so bad. I know a disk space issue should not occur but if it did the plugin should handle it more gracefully.
This time the issue is not with space even. I am not able to install wordfence on this site and it is part of my wpcore list. I keep seeing the annoying message that it is better installed. Each time I try to install I lose so much time.
If I use another database and manage to populate some of the tables, it allows me to save the options. After enabling the delete tables on deactivate, I tried deactivating and reactivating. It got reset. The tables went but never came back.
The notification keeps showing up always –
Wordfence could not get an API key from the Wordfence scanning servers when it activated. You can try to fix this by going to the Wordfence “options” page and hitting “Save Changes”. This will cause Wordfence to retry fetching an API key for you. If you keep seeing this error it usually means your WordPress server can’t connect to our scanning servers. You can try asking your WordPress host to allow your WordPress server to connect to noc1.wordfence.com.
The /var/log/apache2/error.log is full of messages talking about missing wordfence tables.
I am disabling the plugin for now. Hoping it should be easier than this to fix the problem. I have spent last 3 hours debugging this issue and this is not the first time I have been hit by the wordfence tables issue.
If anything I would think the problem could be with the setup of the permissions for the database but then I don’t understand why those 3 tables are getting created and not the rest.
Please advise. Any help on this is greatly appreciated.
Thanks in advance,
Mayank
- This topic was modified 1 hour, 14 minutes ago by mayankrungta.
↧
↧
feature request: change login url
Replies: 0
hello, since WF allows to update whenever you change login URL to avoid brute force, why don’t you implement the possibility to do it within WF instead of having to tweak the code or add another plugin ?
↧
Why Do I see rest-api/fileds show up in my Wordfence scans
Replies: 0
Off and on I see several files in the rest-api directory show up in Wordfence scans as ‘unknown’. Are these false positives or is there a reason to be concerned these files have been compromised?
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/fields/class-wp-rest-user-meta-fields.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/endpoints/class-wp-rest-post-types-controller.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/endpoints/class-wp-rest-posts-controller.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/endpoints/class-wp-rest-revisions-controller.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/endpoints/class-wp-rest-settings-controller.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/endpoints/class-wp-rest-taxonomies-controller.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/endpoints/class-wp-rest-terms-controller.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/endpoints/class-wp-rest-users-controller.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/fields/class-wp-rest-comment-meta-fields.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/fields/class-wp-rest-meta-fields.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/fields/class-wp-rest-post-meta-fields.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/fields/class-wp-rest-term-meta-fields.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/endpoints/class-wp-rest-post-statuses-controller.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/endpoints/class-wp-rest-controller.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/endpoints/class-wp-rest-comments-controller.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/endpoints/class-wp-rest-attachments-controller.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/class-wp-rest-server.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/class-wp-rest-response.php
Unknown file in WordPress core: wp-includes/SimplePie/rest-api/class-wp-rest-request.php
↧
Hidden? Login Issues
Replies: 0
After a lapse of memory, I mis-typed the password to log into my WordPress backend. Wordfence did it’s job, and locked me out. Unfortunately my IP seems to be permanently blocked.
The situations is as follows:
– I can still access the backend going through ManageWP
– My IP is not listed under “Blocking”, nor “Blocked” under ‘Live Traffic’, but is shown in “Locked Out”.
– Browser cache has been cleared, and the situation is consistent amongst Chrome, IE, and Brave.
– Logging in from other IP’s is fine
– I prefer not resetting the databases via WF Assistant as there are many IP’s already carefully set up to be restricted.
Thank you in advance.
↧
recommended addition to .htaccess blocks websiteremote updating
Replies: 2
The setup for the site is a wordpress install in a separate directory (/cm)
I added the lines recommended by wordfence to help reinforce my site.
The problem is that the extra coding blocks the updating service of websiteremote.
.htaccess file is:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://my-domain.com/$1 [R,L]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /cm/
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /cm/index.php [L]
</IfModule>
If I remove the first 3 lines, my websiteremote updating service works, but am I making the site vulnerable to attack (again)
Wordfence v.6.3.16 installed
↧
↧
Country Blocking
Replies: 0
I have all but a few countries blocked.
But I’m still getting hits from lots of countries I’ve blocked?
Why is that?
↧
Wordfence Live Traffic unable to work
Replies: 1
Hey there,
Recently the Live traffic function for Wordfence is working fine.
However, recently the Live traffic tab view is unresponsive.
I have other websites running Wordfence plugin and all seems to be running fine. I have tried uninstalling or deactivating the plugin, but neither seems to be working. The other functions of Wordfence is functioning well, Wordfence Dashboard and Scan etc. Wordfence plugin is up to date as well.
Please advice me on this.
Kindly find the link for the image attached for better reference: https://1drv.ms/i/s!Ai3uwVtbSehut7QeqacCoGaeC6WxHQ
↧
SyncAttackData query parameters
Replies: 0
I understand that WordFence schedules sync procedures at times.
But that should not make link parameters like this
?wordfence_syncAttackData=[microtime #]
show up in the page content, for GoogleBot or anyone else to find. When you clamp this parameter to the home-page, GoogleBot finds it.
Now I have Google registering this goofy thing as a potential parameter to site front-pages, and GoogleBot visiting with that parameter, which require clean-up in Search Console.
Adding site-unrelated, strange query args to call addSyncAttackDataAjax() is NOT a good idea, I think.
↧
WordFence scans won’t complete.
Replies: 1
Hi,
My scans keep hanging for our site, I’ve tried a bunch of different things including adjusting memory limit, etc… but nothing seems to work. They worked last week but all of a sudden have quit…
Any help would be much appreciated!
Thanks,
Darren
↧
↧
404 errors become 500 errors with Wordfence
Replies: 1
Hi all,
I just installed Wordfence and immediately noticed an issue. Without Wordfence WordPress picks up any 404 errors and displays the properly formatted 404 error page that comes with my theme. With Wordfence activated all 404 errors turn into 500 errors with ugly server-generated pages that don’t provide any help to the visitor.
Does anyone know how I can get the 404 pages to display properly with Wordfence activated? Thanks in advance!
Cheers, Wouter
↧
wp-task flagged as suspicious
Replies: 1
Wordfence has flagged a file in my installation as suspicious: wp-task.php. It’s in the root directory with the rest of the WordPress core files. It was installed at the beginning of the the year, along with several other files that appear to be part of the standard WordPress installation.
The file doesn’t appear to be part of the basic WordPress install, but removing it causes the site to crash (I get an error indicating the file is needed).
I have been using Wordfence for many months and this is the first time the file has been flagged. The installation is regularly updated.
Is this indeed a suspicious file? Is it possibly part of a plugin?
↧
WordFence Activity Report
Replies: 0
This is kind of a general question, but one I need to ask because I keep noticing it happen.
Ok so the WordFence Activity Report the I receive via email for the domains on which I have WF installed (I have a few that are premium and more that are free), in the Section titled: RECENTLY BLOCKED ATTACKS, I see they show time / date and then IP/ACTION. Under the IP / ACTION column I sometimes notice something was blocked for a plugin – except that domain that I receive the email notice for doesn’t even have that plugin…
Am I not understanding this? Is the Recently Blocked Attacks on the Activity email based on blockages on all sites worldwide so that we see what WordFence has been able to block for the week or is this supposed to be Recently Blocked Attacks on say plugins on my specific domain of which the email is sent about. If the later (my specific domain) is correct, then something isn’t right, because like I mentioned it’s listing blockages for plugins that my domain doesn’t even have….
Anyone know about this?
Thank you in advance for anyone’s time!!
↧