Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all 33337 articles
Browse latest View live

Loss of my admin access because of Wordfence!

April 6, 2018, 5:57 am
$
0
0

Replies: 0

Hello, I installed Wordfence on my WordPress site and I was happy with the service it gave me to the point that I wanted to buy the premium. But three days ago I suddenly lost admin access to my site. I quickly found that Wordfence was the culprit, and I recovered my access by disabling it. Since every time I try to reactivate Wordfence, it redirects me to a page 404. I reinstalled, but it’s always the same, it does not want to activate!
My host does not feel responsible for the problem and tells me that when Wordfence “hangs”, its own PHP code returns a result “null” and restart the PHP engine attached to the hosting account. (Which means nothing for me !)

I’m using Worpress 4.9.5 with the Kleo theme and Buddypress. I tried to run my site with Wordfence as the only plugin and the problem persists.

Can someone help me solve this problem? I would really like to use the premium version for its ability to block certain country, my site being only for my city!

Regards,
Julie

Search

Unable to open ips.php for reading and writing.

April 6, 2018, 7:50 am
$
0
0

Replies: 1

Dear Developers!

I’ve encountered the following problem:

There is function named ‘open’, which tries to open log files, located in
wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php, class wfWAFAttackDataStorageFileEngine.

When it tries to open the file for reading, and it has insufficient privilege, it throws an error.
The thing is, the file reading/writing privileges would let the code to open, but because of the ownership, it can’t. I’ve seen readability checks all over in the plugin source code, would it be possible, to check the file readability here as well? To change the file’s ownership is not an option in my case, and because of this issue, the plugin generates a lot of php error log.

Plugin version: 7.1.1
Line number in the source code: 852

I would change this line:
$this->fileHandle = @fopen($this->file, ‘r+’);

To this:
if(is_readable($this->file)){
$this->fileHandle = @fopen($this->file, ‘r+’);
}

Thanks in advance!

Free Wordfence scan missed hacked code in favicon.ico file

April 6, 2018, 2:09 pm
$
0
0

Replies: 0

I admin a WP site with the free version of Wordfence plugin. It was hacked last week, I installed Wordfence (it had had iThemes security before). I scanned, removed bad files. I checked the server files a couple times since then via FTP, nothing suspicious. Then today, it started redirecting to payday loan sites AGAIN. Aaarrgh! Ran Wordfence again, found similar files to last time, deleted them, re-uploaded wp_config.php to replace again-hacked wp_config.php.

Then I started poking around on my own on the server files for anything suspicious. I found an odd-looking file here: /wp-content/languages/favicon_0b57d5.ico. Huh? No favicon files should be here, and is there usually a /languages directory there? I added .txt file extension to the file and opened it, and sure enough, full of hacky-looking code. So I deleted the /languages directory and the .ico file.

So just to say, Wordfence missed this file in its scan, and it may have been the culprit for reinfecting the site. I know I have the free version of Wordfence, not the paid one, but the fact this file was missed in the scan is disappointing. And also just wanted to let others know to look for files with .ico extensions anywhere they shouldn’t be. Change the file extension, open in a text editor and see if they are malware code.

  • This topic was modified 2 hours, 23 minutes ago by Miss Taddie.

Wordfence could not register

April 6, 2018, 11:29 pm
$
0
0

Replies: 0

Wordfence could not register with the Wordfence scanning servers when it activated. You can try to fix this by deactivating Wordfence and then activating it again, so Wordfence will retry registering for you. If you keep seeing this error, it usually means your WordPress server can’t connect to our scanning servers, or your wfConfig database table cannot be created to save the key. You can try asking your host to allow your server to connect to noc1.wordfence.com or check the wfConfig database table and database privileges.

Wordfence > Tools > Diagnostics

Connecting to Wordfence servers (https)
wp_remote_post() test to noc1.wordfence.com failed! Response was: cURL error 35: SSL connect error

Connecting back to this site
wp_remote_post() test back to this server failed! Response was: cURL error 35: SSL connect error

Cannot clear plugin needs update

April 7, 2018, 8:48 am
$
0
0

Replies: 0

WP Rocket came out with an update and seems Wordfence is not clearing the update warning after this plugin has been updated. I tried clearing all cache and ignoring but still stating one plugin needs update and assuming it’s still the one in question…Not sure which plugin will be the issue..TY for any guidance..

Wordfence plugin deactivated and lost after an update

April 7, 2018, 10:16 am
$
0
0

Replies: 0

I recently installed a Wordfence plugin on a website I am developing, but when I logged in recently the WordPress dashboard said the plugin had been deactivated and the file did not exist. This happened at about the time that Wordfence’s version 7.12 appeared. The plugin no longer appears in the list of plugins on my dashboard.

I have tried to reinstal the plugin but when I do so, I get the reply, “Installation failed: Destination folder already exists.” So it exists, and yet it has been deactivated (not by me) and the plugin is not listed on my dashboard.

I am new to WordPress and do not understand what is going on. What can I do either to reactivate the existing plugin, or to delete it and reinstal it? Or is my only choice to instal a different security plugin instead?

Block access to registration page in addition to login

April 7, 2018, 11:36 am
$
0
0

Replies: 0

Hi all,

I just upgraded WordFence to premium for a community site I’m working on that uses BuddyPress and bbPress. We wanted to do country blocking to prevent spam signups from likely sources.

I’m just blocking access to the login page, but I was wondering if there’s an easy way to add a block to the registration page as well. I’d prefer to prevent them from creating accounts at all if possible.

Thanks.

What Happens if We Disable Wordfence Cookies?

April 8, 2018, 12:27 am
$
0
0

Replies: 0

There is an option “Disable Wordfence Cookies” in All Options page.

I read its documentation and it seems its related to Live Traffic and country blocking.

I have already disabled Live Traffic and I don’t use Country blocking, so does it mean I should enable this option?

I want to know does disabling wordfence cookies improve website performance? If yes, will disabling cookies affect wordfence functionality?

I want to stay on safe side, I want Wordfence to work properly. So I’m confused whether should I disable wordfence cookies or not?

Search

locked out

April 8, 2018, 1:32 am
$
0
0

Replies: 0

I am grateful for WP in general, and wordfence is great, but I am just getting annoyed for having my sites locked up constantly, it’s a hassle, so perhaps you have a suggestion.

After server change: “could not register with the Wordfence scanning servers””

April 8, 2018, 3:02 am
$
0
0

Replies: 0

I have just moved a site to a new server, and am now getting the message:

“Wordfence could not register with the Wordfence scanning servers when it activated.”

I have tried de-activating and re-activating but no effect. I tried to toggle the “Remove stuff from database on de-activation”, but of course it won’t save.

On the Wordfence Tools Page < Diagnostic Tab I see a warning

! Wordfence Config Ability to save Wordfence settings to the database. (ie: FAIL)

Other sites on the same server run Wordfence with no issues.

What is my next course of action?

Unable to accurately detect IPs

April 8, 2018, 7:49 am
$
0
0

Replies: 1

Hi,
When first installed a couple of weeks ago we were not getting this warning. Beginning on April 6 it showed up but I don’t understand the details and troubleshooting information provided by the plugin. Can you please provide guidance on how I rectify this problem. Site is hosted with Bluehost.

Thank you.

Wordfence on 2 WordPress Installs (main site & test site

April 8, 2018, 4:39 pm
$
0
0

Replies: 0

I have two WordPress installations. They are exact copies of one another. One is my main site and the other is a test site. I have the Wordfence plugin installed on both. I just logged into my test site WordPress dashboard for the first time and it is asking me to optimize the word fence firewall.

A dialog box pops up and says this: To make your site as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP setting called auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP setting is currently in use, and is including this file: /home/associat/public_html/wordfence-waf.php

Question #1: The file above is for my main site. Shouldn’t that file be in the directory for my test site since that is the WordPress install I am currently logged on to?

Also on the dialog box it says: You can proceed with the installation and we will include this from within our wordfence-waf.php file which should maintain compatibility with your site, or you can opt to override the existing PHP setting.

Question #2: Then it has a toggle button that says include/Override. I assume I click include, correct?

Then it says: NOTE: If you have separate WordPress installations with Wordfence installed within a subdirectory of this site, it is recommended that you perform the Firewall installation procedure on those sites before this one.

Question #3: I don’t understand the above note. Do I need to do anything here?

Sorry I am very new to this just want to make sure I fully understand what I’m doing.

Fatal error Allowed memory size

April 9, 2018, 12:09 am
$
0
0

Replies: 0

Hey guys, I’m having issues with wordfence scan at the moment. All of my scans are failing due to a fatal error stating allowed memory size of 128000000 bytes exhausted.

I have done the usual php memory increase in wp-config, .htaccess, php.ini to no avail.

I have attached a Wordfence memory benchmarking log below. As you can see, the php.ini memory limit is set to 256, I have configured wordfence to request 512M on start. But it still fails at 120M.

The limit of 256M is confirmed by the Wordfence diagnostic screen under WordPress Settings. This is showing 256M WP_MEMORY_LIMIT and 256M WP_MAX_MEMORY_LIMIT.

I have also spoken to the hosting company, who confirmed their upper limit is 256M. the PHP.ini setting is configured by the hosting company.

Any assistance greatly appreciated.

—–

Wordfence Memory benchmarking utility version 7.1.2.
This utility tests if your WordPress host respects the maximum memory configured
in their php.ini file, or if they are using other methods to limit your access to memory.

–Starting test–
Current maximum memory configured in php.ini: 256M
Current memory usage: 14.00M
Attempting to set max memory to 512M.
Starting memory benchmark. Seeing an error after this line is not unusual. Read the error carefully
to determine how much memory your host allows. We have requested 512 megabytes.
Tested up to 20.00 megabytes.
Tested up to 25.00 megabytes.
Tested up to 30.00 megabytes.
Tested up to 35.00 megabytes.
Tested up to 40.00 megabytes.
Tested up to 45.00 megabytes.
Tested up to 50.00 megabytes.
Tested up to 55.00 megabytes.
Tested up to 60.00 megabytes.
Tested up to 65.00 megabytes.
Tested up to 70.00 megabytes.
Tested up to 75.00 megabytes.
Tested up to 80.00 megabytes.
Tested up to 85.00 megabytes.
Tested up to 90.00 megabytes.
Tested up to 95.00 megabytes.
Tested up to 100.00 megabytes.
Tested up to 105.00 megabytes.
Tested up to 110.00 megabytes.
Tested up to 115.00 megabytes.
Tested up to 120.00 megabytes.
<br />
<b>Fatal error</b>: Allowed memory size of 128000000 bytes exhausted (tried to allocate 116391968 bytes) in <b>/websites/co/cobpc.org.au/wp-content/plugins/wordfence/lib/wordfenceClass.php</b> on line <b>4504</b><br />
<br /><b>Fatal error</b>: Allowed memory size of 128000000 bytes exhausted (tried to allocate 116391968 bytes) in <b>/websites/co/cobpc.org.au/wp-content/plugins/wordfence/lib/wordfenceClass.php</b> on line <b>4504</b><br />

  • This topic was modified 42 minutes ago by itcobpc.

Hostinger And Wordfence Issue

April 8, 2018, 9:30 pm
$
0
0

Replies: 0

https://imgur.com/a/VXzXa

All my wordpress websites hosted on Hostinger are giving the above mentioned issue. It’s weird because the scan completes fine but only the inital connection to wordfence servers isn’t happening.

I have 4 websites on hostinger (all have this issue). I have more websites on Bluehost and Godaddy which don’t have the issue. All websites have the same wordfence/cloudflare settings. I’ve tried every possible configuration change at my end to fix it but haven’t been able to so far.

The moment I clone a perfectly fine Bluehost website to Hostinger this issue occurs again so it definitely is a Host related issue. I tried getting in touch with Hostinger support, they were kind enough to switch the servers of my accounts but even after the switch this issue persists. I bought Hostinger package just 2 weeks ago but so far haven’t been able to get this wordfence issue sorted.

Any help would be greatly appreciated. Thanks

  • This topic was modified 5 hours, 44 minutes ago by ragzybwp73.
  • This topic was modified 5 hours, 44 minutes ago by ragzybwp73.

exceeded the maximum number of page requests per minute for humans

April 9, 2018, 2:17 am
$
0
0

Replies: 0

Hi,

We lunched a new subdomain today, and around 400 users visited our site in a short period of time.

They all denied access and got this warning:
“Exceeded the maximum number of page requests per minute for humans”.

What can be the reason?

Search

Some HTML characters incorrectly printed in emails

April 9, 2018, 4:16 am
$
0
0

Replies: 0

In emails generated by Wordfence, the apostrophe in my site’s name (…”Christopher’s”…) is converted into ' whereas it should stay as a ‘ symbol.

WordPress-generated emails correctly print it as an apostrophe symbol (‘).

Wordfence not identify the location of visitors

April 9, 2018, 8:58 am
$
0
0

Replies: 0

Hi,
Since the previous update Wordfence does not identify the location of the countries of visitors in section livetraffic, and does not work the section Whoislookup

Had the plugin installed on several pages but as these features are still not working in this new update, remove the plugin 2 of my pages, I hope you can solve that problem because they were two good options that had the plugin

Regards

Wordfence could not register with the Wordfence scanning servers

April 9, 2018, 3:41 pm
$
0
0

Replies: 0

Dear sirs

I have installed wordfence on a multisite wordpress instance but I haven’t being able to connect to the wordfence servers.

I have tried to connect using telnet on both port 80 and 443 and the connection works.

I tried to connect using curl and it works using por 80 (http) buy when using port 443 I get the error:

curl https://noc1.wordfence.com/
curl: (35) TCP connection reset by peer

I am trying to connect from IP 50.97.114.103. I have doble checked the server firewall and there is no rule stopping traffic to noc1. I have also disabled the local firewall and tested the connection again with the same error

I have deinstalled the plugin. Deleted all wf tables from the DB (manually) and deleted the wflogs directory with no avail.

Any help you can provide us will be appreciated.

Regards,

Felipe Borrero
Operations Director
Calipso Comunicaciones S.A.

Cant find the warning message

April 9, 2018, 6:38 pm
$
0
0

Replies: 1

Hi I found this warning on my website through the plugin and know how to fix it but cant find the warning in the admin to fix it now.

I have been through all the options.

Would you mind letting me know under what tab it is? Thanks

Warning: You are running the LiteSpeed web server and Wordfence can’t determine whether “noabort” is set. Please verify that the environmental variable “noabort” is set for the local site, or the server’s global External Application Abort is set to “No Abort”.

Wordfence blocked Admin login

April 10, 2018, 5:03 am
$
0
0

Replies: 0

Hello,

The wordfence plugin blocked my Admin account.

When I fill log & pass I receive message:
INSECURE PASSWORD: Your login attempt has been blocked because the password you are using exists on lists of passwords leaked in data breaches. Attackers use such lists to break into sites and install malicious code. Please reset your password to reactivate your account.

But using lostpassword function I cannot reset my Admin password, because I receive the message “Не удалось отправить письмо.
Возможная причина: на сервере отключена функция mail().”

It means “Cant’send the message. Possible reason: server don’t use mail delivery()”

That’s why I can’t work with my website 3 days already. How I can disable this function through ISP Manager or to reset passwords in other way?

Thanks in advance!

Viewing all 33337 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>