Replies: 0
One of my client sites has been deleted from my server, and their DNS pointed to their new site. But, I continue to get Wordfence alerts (Woocommerce needs an upgrade).
How can I stop these since they are no longer relevant?
Thanks,
Roger
Replies: 0
So I just realized that a site is generating floods of this type of error when running wfScan:
WordPress database error Unknown column 'SHAC' in 'field list' for query INSERT INTO {prefix}_wfFileMods (filename, filenameMD5, knownFile, oldMD5, newMD5, SHAC) VALUES (
I had all WF tables deleted, and WordFence completely erased and reinstalled with version 6.3.14 to fix the previous “missing fields” database issues, so it should have been 100% clean. Even though it has since been updated to 6.3.16.
Checking into the problem, I think there are two questions/issues.
a) Field SHAC (and one additional for wfFileMods table) was supposedly a version 6.3.6 thing, so why would wfSchema.php for version 6.3.14 and now 6.3.16, which I assumed would carry/install the latest Schema, be missing these fields?
That would allow the ->createAll() to automatically create the necessary table fields from the beginning, rather than relying on later in runInstall() to have to “upgrade” the brand-new tables into correctness.
b) Because of a), the only path to getting correct table(s) is the table upgrades that should not have to happen on a fresh install.
However, runInstall() still has the older issue listed below, which makes it fail to upgrade or insert into certain tables correctly on some installs. Failing to use the right DB prefix if the main domain is no longer on blog-id=1.
Prefix issue:
https://wordpress.org/support/topic/activity-report-email-bad-guys-have-left-the-internet/
also known as your internal incident “FB5929”.
Seems I have to manually fix up the tables and code again. 🙂
Replies: 2
Hi,
I really only want to redirect access for certain countries from my contact page. Is it possible or is Wordfence only capable of blocking the login form and or whole site?
Thanks
Replies: 0
On a brand new install of WordFence, no changes from default, I’m getting “500 – Internal Server Error” when I attempt to edit any WordPress post or page.
Here are my php.ini settings.
max_input_vars = 3000
max_input_time = 120
max_execution_time = 120
memory_limit = 768MWhy would this deny post edit access right when the plugin is activated, with no further config changes?
Replies: 0
Hi, after I installed your plugin, I cannot access my webpage as the webpage keeps displaying the following message
”
This site can’t be reached
The connection was reset.
Try:
Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_CONNECTION_RESET
”
So I have to go to the plugin folder and remove it there. After removing your plugin, every thing comes back to normal. By the way, I am using Wamp server. And the Wamp logo goes gray. Please help me. I want to use your plugin.
Replies: 0
Hi,
Its there a way to allow users with the role of editor to be able to unblock users that have been blocked due to many wrong loggin attempts?
Thank you!
Replies: 0
WordPress 4.8.1
Wordfence 6.3.16
PHP 5.6.31
Linux + Apache Web Server
Hello. I’ve read through the docs here and tried the solutions to no avail: https://docs.wordfence.com/en/My_scans_don't_finish._What_would_cause_that%3F. Specifically I have turned on debugging mode, tried “Start all scans remotely”, made sure memcached and opcache are not installed, verified that wp-admin is not being blocked (/wp-admin/admin-ajax.php is accessible and returns 0). Here is the content of the activity log:
[Aug 17 14:52:07] Ajax request received to start scan.
[Aug 17 14:52:07] Entering start scan routine
[Aug 17 14:52:07] Got value from wf config maxExecutionTime: 12
[Aug 17 14:52:07] getMaxExecutionTime() returning config value: 12
[Aug 17 14:52:07] Starting cron via proxy at URL http://noc1.wordfence.com/scanp/xxx.com/wp-admin/admin-ajax.php?lang=en?action=wordfence_doScan&isFork=0&scanMode=full&cronKey=xxx
[Aug 17 14:52:08] Scan process ended after forking.
I also noticed that on the Tools->Diagnostic page in the “Connecting back to this site” there is the following error:
wp_remote_post() test back to this server failed! Response was: 200 OK<br /> This additional info may help you diagnose the issue. The response headers we received were:<br /> date => Thu, 17 Aug 2017 14:54:09 GMT<br /> server => Apache<br /> x-robots-tag => noindex<br /> x-content-type-options => nosniff<br /> expires => Wed, 11 Jan 1984 05:00:00 GMT<br /> cache-control => no-cache, must-revalidate, max-age=0<br /> x-frame-options => SAMEORIGIN<br /> content-length => 1<br /> content-type => text/html; charset=UTF-8<br />
Replies: 0
Hi,
Two MU WordPress installs where I can activate the Wordfence firewall.
Both websites have correct php.ini and user.ini files where they have:
auto_prepend_file = ‘/home/username/public_html/wordfence-waf.php’
Both websites fail to have the firewall activated.
There is nothing in the error or debug logs.
Help appreciated.
Replies: 0
Hi
The scans keep hanging for my site, I’ve tried the suggested solutions on your website, but the scans don’t complete. This is my initial instalation of this plugin.
Thanks.
Replies: 2
This is a brand spanking new site uploaded yesterday and it has a number of unknown files. We had a lot of trouble uploading this site to a host already chosen by the owner of the site – not one I would have chosen. Anyway these are the unknown files:
wp-includes/theme-compat/comments-popup.php
wp-includes/js/tinymce/wp-mce-help.phpwp-includes/js/tinymce/plugins/wpfullscreen/plugin.js
wp-includes/js/tinymce/plugins/wpfullscreen/plugin.min.js
wp-includes/js/tinymce/skins/lightgray/fonts/readme.mdwp-includes/js/tinymce/skins/lightgray/skin.ie7.min.css
wp-includes/js/tinymce/plugins/media/moxieplayer.swf
wp-includes/functions.php.orig
wp-admin/theme-uploader.php
wp-admin/plugin-uploader.php
wp-admin/uploader/pclzip.lib.php
wp-admin/uploader/upload.php
wp-admin/js/wp-fullscreen.js
wp-admin/js/wp-fullscreen.min.js
wp-admin/includes/upgrade.php.orig
wp-includes/functions.php.orig
wp-admin/plugin-uploader.php
wp-admin/theme-uploader.php
wp-admin/uploader/pclzip.lib.php
wp-admin/uploader/upload.php
wp-admin/js/wp-fullscreen.js
wp-admin/js/wp-fullscreen.min.js
wp-admin/includes/upgrade.php.orig
Replies: 0
Hello, I hope you can help. The scan will not complete, it has done in the past but not recently. I have tried, suggestions from documentation. I don’t see any messages regarding memory.
Thank you very much, I look forward to hearing from you. I have added information which could assist.
I had this message under connectivity on the Diagnostics page:
wp_remote_post() test back to this server failed! Response was: 403 Forbidden<br /> This additional info may help you diagnose the issue. The response headers we received were:<br /> date => Fri, 18 Aug 2017 11:37:22 GMT<br /> content-type => text/html; charset=UTF-8<br /> set-cookie => __cfduid=dc1211bf9cb26ba10e0833a1529815ef71503056242; expires=Sat, 18-Aug-18 11:37:22 GMT; path=/; domain=.allaboutstyle.co.uk; HttpOnly<br /> cache-control => max-age=2<br /> expires => Fri, 18 Aug 2017 11:37:24 GMT<br /> x-frame-options => SAMEORIGIN<br /> server => cloudflare-nginx<br /> cf-ray => 390494ab6cd634d0-LHR<br /> content-encoding => gzip<br />
The information from the activity log is below.
[Aug 18 11:26:39:1503055599.246947:2:error] Scan terminated with error: The scan time limit of 20 seconds has been exceeded and the scan will be terminated. This limit can be customized on the options page. Get More Information
[Aug 18 11:26:39:1503055599.245876:2:info] Wordfence used 1.5 MB of memory for scan. Server peak memory usage was: 43.25 MB
[Aug 18 11:26:38:1503055598.504945:4:info] Calling Wordfence API v2.23:https://noc1.wordfence.com/v2.23/?v=4.8.1&s=https%3A%2F%2Fwww.allaboutstyle.co.uk&k=dac14af38e855fe7c720fc3519410eb40030e88187f370dedfece21bc06c715863d0bd662e26bd677bf71a5c23fedb5be0f702d0eb487f563729a5ea2b3a879d36f59c1f4df73b8e6d3cb73dea3f29db&openssl=268443679&phpv=5.6.22&betaFeed=0&cacheType=disabled&action=record_scan_metrics
[Aug 18 11:26:38:1503055598.320874:10:info] SUM_FINAL:Scan interrupted. You have 1 new issue to fix. See below.
[Aug 18 11:26:38:1503055598.319589:1:info] Scan interrupted. Scanned 2351 files, 7 plugins, 3 themes, 18 pages, 0 comments and 49563 records in 21 seconds.
[Aug 18 11:26:38:1503055598.318226:1:info] ——————-
[Aug 18 11:26:23:1503055583.880138:10:info] SUM_START:Checking for the most secure way to get IPs
[Aug 18 11:26:21:1503055581.864072:10:info] SUM_PAIDONLY:Checking if your site is on a domain blacklist is for paid members only
[Aug 18 11:26:19:1503055579.857797:10:info] SUM_PAIDONLY:Checking if your IP is generating spam is for paid members only
[Aug 18 11:26:17:1503055577.848812:10:info] SUM_PAIDONLY:Check if your site is being Spamvertized is for paid members only
[Aug 18 11:26:17:1503055577.830231:4:info] getMaxExecutionTime() returning half ini value: 300
[Aug 18 11:26:17:1503055577.829195:4:info] Got max_execution_time value from ini: 600
[Aug 18 11:26:17:1503055577.828050:4:info] Got value from wf config maxExecutionTime:
[Aug 18 11:26:17:1503055577.197883:4:info] Calling Wordfence API v2.23:https://noc1.wordfence.com/v2.23/?v=4.8.1&s=https%3A%2F%2Fwww.allaboutstyle.co.uk&k=dac14af38e855fe7c720fc3519410eb40030e88187f370dedfece21bc06c715863d0bd662e26bd677bf71a5c23fedb5be0f702d0eb487f563729a5ea2b3a879d36f59c1f4df73b8e6d3cb73dea3f29db&openssl=268443679&phpv=5.6.22&betaFeed=0&cacheType=disabled&action=log_scan
[Aug 18 11:26:17:1503055577.194639:1:info] Contacting Wordfence to initiate scan
Replies: 1
Hi,
I have this plugin in the site:
https://wordpress.org/plugins/user-blocker/
When I have activated it and tried to log to the “/wp-login”, it gave me these errors:
https://wordpress.org/support/topic/multi-errors-after-activating-plugin/
Now I have returened to the plugin and reactivated it and got this error without the old errors:
Warning: get_class() expects parameter 1 to be object, boolean given in /wp-content/plugins/wordfence/lib/wordfenceClass.php on line 1976
I have no idea what is wrong.
p.s.
wordpress login page also shows an error:
“ERROR: Cookies are blocked due to unexpected output. For help, please see this documentation or try the support forums.”
Replies: 0
I am on a cluster server and not sure I can access php.ini. What do I need to manually add to the HTACCESS File as I can access that?
Thanks
Adrian
Replies: 0
Hi,
I’m looking through my WordFence dashboard and noticed something really weird. Some of the successful logins with my username have come from Cloudflare IP addresses. For example, the 47s are my personal IP, 17s are Cloudflare, and the others are ‘hackers’.
I’m concern because the failed logins with my username suddenly stopped on 8/14/2017. My password is pretty tough (20+ characters mixed with numeric, special character, letters, and so forth) and I change it every week or so. I ran a scan in WordFence and Sucuri. It indicates my site is clean.
Is there anyway to reveal the actual Cloudflare IP address in Wordfence?
Username IP Date Status
XXXX 47 26 mins ago Successful
XXXX 47 10 hours 36 mins ago Successful
XXXX 47 10 hours 48 mins ago Successful
XXXX 47 13 hours 19 mins ago Successful
XXXX 47 22 hours 50 mins ago Successful
XXXX 17 8/16/17 6:10 AM Successful
XXXX 17 8/16/17 2:33 AM Successful
XXXX 17 8/15/17 12:43 AM Successful
XXXX 17 8/14/17 11:30 PM Successful
XXXX 17 8/14/17 3:28 PM Successful
XXXX 10 8/14/17 7:25 AM Failed
XXXX 17 8/14/17 6:41 AM Successful
XXXX 17 8/14/17 4:19 AM Successful
XXXX 17 8/13/17 11:39 PM Successful
XXXX 10 8/13/17 7:25 PM Failed
XXXX 16 8/13/17 7:25 AM Failed
XXXX 16 8/12/17 7:25 PM Failed
XXXX 17 8/12/17 4:17 PM Successful
XXXX 16 8/12/17 7:25 AM Failed
XXXX 10 8/11/17 7:25 PM Failed
XXXX 17 8/11/17 3:00 PM Successful
XXXX 16 8/11/17 7:25 AM Failed
XXXX 17 8/11/17 6:31 AM Successful
XXXX 17 8/10/17 11:00 PM Successful
XXXX 10 8/10/17 7:25 PM Failed
XXXX 17 8/10/17 4:08 PM Successful
XXXX 16 8/10/17 7:27 AM Failed
XXXX 17 8/10/17 3:44 AM Successful
XXXX 17 8/10/17 3:44 AM Failed
that 14 8/9/17 11:06 PM Failed
admin 14 8/9/17 10:53 PM Failed
XXXX 17 8/9/17 10:35 PM Successful
Any advice would be greatly appreciated. Thank you.
Replies: 0
[Aug 18 23:30:05] Scan Complete. Scanned 8918 files, 13 plugins, 1 themes, 43 pages, 0 comments and 35140 records in 31 minutes 15 seconds.
[Aug 18 23:30:08] Wordfence used 20.25 MB of memory for scan. Server peak memory usage was: 35.75 MB
[Aug 18 23:30:08] Notice: Undefined index: wpURL in /home/******/public_html/wp-content/plugins/wordfence/lib/wfScanEngine.php on line 1645 Notice: Undefined index: name in /home/******/public_html/wp-content/plugins/wordfence/lib/wfScanEngine.php on line 1656 0
What to do?
Replies: 1
When I try to active firewall in my website it shows me that “Error saving Firewall configuration”
There was an error saving the Web Application Firewall configuration settings.
Replies: 0
I am sending contact information from my email service (Activce Campaign) into my WordPress site using a webhook.
The webhook pass in contact data using this URL:
https://MyWebsite.com/?trigger=custom-trigger-ABC&key=key-code-123
But the webhook gets blocked by WordFence each time. How do I stop this from happening? I cannot simply whitelist the IP address, because the IP from which the webhook is sent changes each time.
P.S. It’s not the WAF which is blocking the webhook. When the WordFence plugin is active but has the WAF feature disabled, the webhook still doesn’t work. The only time the webhook works is when the WordFence plugin is completely disabled.
Replies: 1
I’ve have seen over the last few days queries look like this:
https://mydomain/?wordfence_syncAttackData=1503137409.6009
https://mydomain.com/?wordfence_syncAttackData=1503145454.4908
from different countries such Canada, Turkey, Ukraine, France etc.
Question:
Is this Wordfence or is this some kind new attack on a new vulnerability in Wordfence?
Replies: 1
The problem is since last Wordfence update to 6.3.16
Start a Wordfence Scan -> it stuck on
[Aug 20 00:19:12]
Comparing core WordPress files against originals in repository
[Aug 20 00:19:12]
Comparing open source themes against WordPress.org originals
[Aug 20 00:19:12]
Comparing plugins against WordPress.org originals
[Aug 20 00:19:12]
Scanning for known malware files
[Aug 20 00:19:12]
Scanning for unknown files in wp-admin and wp-includes
It stuck on for example
[Aug 20 00:20:08] Analyzed 1400 files containing…
If I stop it and start scan again it analyze more, and after few times all files are analised, but then it stuck on:
[Aug 20 00:20:09]
Scanning file contents for infections and vulnerabilities
[Aug 20 00:20:09]
Scanning file contents for URLs on a domain blacklist
…and there is no way to go further :/
My max_execution_time 300
At the top of Diagnostic page:
Warning: posix_geteuid() has been disabled for security reasons in /my-site-home/szkola/wp-content/plugins/wordfence/lib/wfDiagnostic.php on line 257 Warning: posix_getpwuid() has been disabled for security reasons in /my-site-home/szkola/wp-content/plugins/wordfence/lib/wfDiagnostic.php on line 257
Replies: 0
[18-Aug-2017 14:12:11 America/Los_Angeles] Unable to open D:\home\site\wwwroot/wp-content/wflogs/ips.php for reading and writing.
Hi,
Using IIS PHP7.1 and receiving this error. It is timing out the site by the looks of it.
Found this but not sure how to change perms or if this is correct:
https://wordpress.org/support/topic/unable-to-open-wp-contentwflogsips-php/
Thanks in advance