Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all 33109 articles
Browse latest View live

wordfence-waf.php 500 error

April 22, 2018, 11:21 pm
$
0
0

Replies: 0

I installed wordfence 7.1.3 but I didn’t configure auto_prepend_file . When I deleted wordfence, there were 500 errors on the site. Check the log is this:

PHP message: PHP Fatal error: Unknown: Failed opening required '/data/wwwroot/xxx.xxx.com/wordfence-waf.php' (include_path='.:/usr/local/php54/lib/php') in Unknown On line 0" while reading response header from upstream, ......

However my php.ini configuration is like this auto_prepend_file =
Wordfence-waf.php is not configured.

I’m using nginx and there is no .htaccess file.

How can I fix this error? Thank you

Search

wp-config.php WP_HOME nott honoured

April 23, 2018, 1:05 am
$
0
0

Replies: 0

Hi guys,

I’m in the middle of migrating a number of sites and use temporary hostnames, though define (‘WP_HOME’,’https://migration.domain.com’) in wp-config.php

Almost everywhere this override is honoured, apart from in the “issues in last scan”, the original hostname is used there. This may be on purpose as the scan was done on the original machine but I think it’s worth mentioning anyway.

There’s an operational risk involved here, I was sent to the original site and all of a sudden working on my production site… may be best to check for the WP_HOME/URL override and do your clever business with that.

Best of luck,
Hi_o

Premium Wordfence on development/staging site

April 23, 2018, 8:41 am
$
0
0

Replies: 0

Hello,

We are looking at suggesting the premium version for a client site. We, however, may have 3 sites:

1) The live site.
2) A staging/development site (perhaps on a separate server).
3) A site on a test server for when the server is being upgraded.

I wanted to know if we can install the 1 premium license on the above variations of the site so that we can test them all with a working version of Wordfence premium, but that only site (1) will ever be the live site using a premium license.

Thank you in advance.

Bharat

Blocked malicious file uploads: celebrate or worry?

April 23, 2018, 8:49 am
$
0
0

Replies: 0

My Bluehost WordPress sites were hacked a few weeks ago, probably almost surely due to a keylogger virus on my desktop computer. The hacker had created a new admin user named “header” on my sites (which I deleted literally minutes after creation thanks to WordPress’s e-mail notification). Everything is cleaned now (new O/S, new passwords, used GitHub to restore malicious files, installed Wordfence).

Now, I get WordPress update e-mails every so often, and the reports all usually have multiple instances of this:

Blocked for Malicious File Upload (PHP)

There are never any recently changed files detected by Wordfence other than normal file updates, such as updates to Wordfence itself.

My instinct is to high-five myself since, after all, these upload attempts are BLOCKED. I am certain that the continuing activity is all automated bots relying on various admins who don’t know what they’re doing – the bots don’t detect or care that my site is now clean, so they continue to treat my site as if it were still infected.

However, even after searching in forums, I can’t seem to find out if there is any chance an error like this could signal some lingering infection. That is, can these PHP upload attempts take place on a normal WordPress site, or can they only take place on an infected one? I wish the Wordfence e-mails made this more clear.

I feel it’s unlikely that my sites are still infected, but I just wanted to be 100% sure, and the Wordfence report e-mails are, in my opinion, a bit too vague when it comes to the error messages. I think it would be helpful if the errors at least had links to pages that went into more detail about all the things the error could mean and what core WP files the hackers were unsuccessfully using. I repaired every file that was reported to be infected by either Wordfence or Bluehost, and as I mentioned above, the only files that are ever recently changed are from normal plugin/Wordpress updates.

General Options – IP detection

April 23, 2018, 9:25 am
$
0
0

Replies: 0

We don’t seem to be able to set up so that IPs are being detected properly.

We were advised by our hosting company that the original client IP is served using HTTP_X_FORWARDED_FOR header and that PHP references this using the following $_SERVER var: $_SERVER[‘HTTP_X_FORWARDED_FOR’].

WordFence options have been set to: “Use the X-Forwarded-For HTTP header.” But IPs are still not being recorded accurately, and scans are producing the error: “Unable to accurately detect IPs”

Any suggestions on where to look next / how to resolve?

Thanks

WordFence giving scan results from old server

April 23, 2018, 10:40 am
$
0
0

Replies: 0

I have just noticed that the WordFence scan results are not from the current site/server, it is showing results from an old copy of the site which was hosted elsewhere.
There is ZERO chance of any confusion here because it was on a windows server previously, it is now on Linux, and the paths are completely different.

e.g. here is one alert

Old WordPress core file not removed during update: wp-admin/C/home/mydomain.com/wwwroot/wp-content/plugins/duplicator-clone/tmp/jobs/job_2018-01-11_22-58-17_local_backup_files

As you can see the path is a windows path, so doesn’t exist, also the plugin and folder doesn’t exist as I have deleted it weeks ago.

The site on the old server still existed, so I went and deleted it, and now the WordFence scan won’t run. So I assume that every time it runs it was running on the old server not the current one, although I am not sure how.

Nonsensical SSL Notification

April 23, 2018, 11:18 am
$
0
0

Replies: 0

On upgrading to 7.1.3, Wordfence sent me this odd notification via email.

Your site is using an OpenSSL version (1.0.1) that is no longer supported by Wordfence and needs to be updated. We recommend using the newest version of OpenSSL but will currently support OpenSSL versions as old as 1.0.1. Version checks are run regularly, so if you have successfully updated, you can dismiss this notice or check that the update has taken effect later.

This seems to be saying that Wordfence does not support OpenSSL 1.0.1 and also that the minimum OpenSSL version Wordfence supports is 1.0.1. What is the actual minimum supported version?

White Screen for Firewall

April 23, 2018, 2:15 pm
$
0
0

Replies: 0

I can access all screens and options within the Wordfence plugin except for the Firewall and Blocking screens. When I click on those links all that shows is a white screen. It used to work fine a few months ago, and there have been no new plugins installed.

I have the latest version of WordPress & Wordfence. I have uninstalled Wordfence, removed the database tables and re-installed and ran into the same issue.

Linux server
PHP 5.6
max_execution_time 30
max_input_vars 1000
memory_limit 128M
post_max_size 8M

Search

Unable to connect to WordFence servers.

April 24, 2018, 12:23 am
$
0
0

Replies: 0

WordFence scans have started to fail with the error message “[APR 24 07:13:35] Scan terminated with error: There was an error connecting to the Wordfence scanning servers: cURL error 28: Connection timed out after 10002 milliseconds”

However, WordFence diagnostics says:

Connecting to Wordfence servers (http)
OK
Connecting to Wordfence servers (https)
OK
Connecting back to this site
OK – xxx.xxx.xxx.xxx

I had a similar problem in the past that I fixed by upgrading PHP to 7.1, which is the latest version my host supports.

  • This topic was modified 1 minute ago by clivedyson.

Failing to report Plugin update includes Security Fixes

April 24, 2018, 2:13 am
$
0
0

Replies: 0

Hello,

We’re noticing an increase in the amount of plugin updates that are not being marked as “Security Fix” in our wordfence emails (“Problems found on http://www.example.co.uk“).

The most recent occurrence of this was the uk-cookie-consent plugin.
This updated from 2.3.9 to 2.3.10 after a security vulnerability was patched.

Changelog:
2.3.10
Fixed: fixed security vulnerability identified by James Boughey

We maintain a large client base and rely on these emails to quickly determine if the update needs to be applied immediately (Security related) or if it can be put on hold temporarily (Feature update).

Kind regards

Another plugin file name is getting renamed to .suspected

April 24, 2018, 3:05 am
$
0
0

Replies: 0

Hi,

I am using wordfence on my WordPress website. Recently my site got hacked and now I removed the hacked files by scanning the website using this plugin. However, now my another plugin’s (Amazon-web-services) file got renamed to .php.suspectedevery time. I rename it back to .php and after some hours it again renamed back to .suspected. And this causes the site to go down. When I searched online, it showed this happens due to the security plugin and I have only one which is this plugin on my website.

Please help to find out what is happening?

Real-time IP Blacklist

April 24, 2018, 4:30 am
$
0
0

Replies: 0

Hi, With the real-time ip blacklist, doesn’t Cloudflare do something similar with its premium WAF feature? I’m just wondering if there’s a difference between what Wordfence and Cloudflare do in this regard? Thanks

Wordfence reporting wrong countries

April 24, 2018, 8:15 am
$
0
0

Replies: 0

Hi

My wordfence is reporting wrong countries, when I checked the following IP on abuseIPDB it reported IP as Singapore, yet wordfence reported it as Ireland, can anyone shed some light on this please

Ireland Dublin, Ireland visited
24/04/2018 15:52:13 (18 minutes ago)
IP: 52.164.242.167 Hostname: 52.164.242.167

AbuseIPDB
52.164.242.167
microsoft.com
Country Singapore

Blank page after updating products since 7.1.3

April 24, 2018, 2:19 pm
$
0
0

Replies: 0

After having updated version 7.1.3 of Wordfence Security I have the following situation:

After submitting an update to a product, the site returns to a blank page.

After disabling the plugin, it worked perfectly wordpress.

I have products added through the backend REST API, which occurs properly. I then customize like any other product addition would – but when I hit update, all I get is a blank page.

There are four entries in my access log – all with response code 200… but a blank page as a response.

A similar issue (I would dare say the SAME issue) was reported and the user was suggested to switch to learning mode. I have switched to Learning mode, and it did not solve the problem.

The Wordfence Web Application Firewall cannot run.

April 24, 2018, 10:58 pm
Search

403 Forbidden

April 25, 2018, 1:03 am
$
0
0

Replies: 1

I’ve installed a brand new install of WordPress in a subdirectory /subdir, and installed MainWP Dashboard. After activating MainWP Dashboard, I am taken to /subdir/wp-admin/admin.php?page=mainwp-setup where I receive a message:

403 Forbidden
A potentially unsafe operation has been detected in your request to this site.

The site @ /subdir does not have Wordfence installed, but the site in the web root does.

How do I whitelist the page /subdir/wp-admin/admin.php?page=mainwp-setup in the web root Wordfence?

“Roboto” Google Webfont on every WordPress admin page?

April 25, 2018, 3:19 am
$
0
0

Replies: 0

We have two installations of Wordfence 7.1.3 on WordPress 4.9.5 with completely identical visible Wordfence settings at “All Options”.

The first (older, several times updated upto 7.1.3) installation does the following, the second (new installed 7.1.3) one does not.

The current user IP address and browser information is sent to a third party server fonts.googleapis.com on each and every WordPress admin page.

Reason is this code:

WF 7.1.3, lib/wfOnboardingController.php:61

/**
* Enqueues the scripts and styles we need globally on the backend for onboarding.
*/
public static function _enqueue_scripts() {
wp_enqueue_style(‘wordfence-font’, ‘https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i,900,900i’, ”, WORDFENCE_VERSION);

How can we configure the first installation so that it does not include this on every WordPress admin page any more?

Is there an “onboarding” or similar setting somewhere?

This might be an issue for #gdpr-compliance as well.

500 error when Wordfence enabled -new thing

April 25, 2018, 4:25 am
$
0
0

Replies: 0

All of a sudden I cannot enable wordfence on one of my sites. There are RANDOM 500 errors. Memory limit is set to 256. This site shares hosting with another site and both had wordfence installed. Only one reacted like this. As long as wordfence is disabled there are no 500 errors. Please advise.

Prepend.php

April 25, 2018, 6:07 am
$
0
0

Replies: 0

Wordfence wants to run through .auto_prepend_file but it’s saying it is already in use.

“To make your site as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP setting called auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP setting is currently in use, and is including this file:

/usr/share/php/prepend.php” – I don’t know this file and Google does not either. Anyone know what I should do?

Wordfence Install failure

April 25, 2018, 7:04 am
$
0
0

Replies: 0

Wordfence could not register with the Wordfence scanning servers when it activated. You can try to fix this by deactivating Wordfence and then activating it again, so Wordfence will retry registering for you. If you keep seeing this error, it usually means your WordPress server can’t connect to our scanning servers, or your wfConfig database table cannot be created to save the key. You can try asking your host to allow your server to connect to noc1.wordfence.com or check the wfConfig database table and database privileges.

Viewing all 33109 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>