BobIMG on "[Plugin: Wordfence Security] Malware in Cache File only"
I have a site where I get a warning roughly every 24 hours about malware being on the site. In looking at the file it is always in the cache file. This is an example of the format, although the actual...
View ArticleBarnez on "[Plugin: Wordfence Security] Massive Hit from - over 50 IP Addresses"
@Mark Many thanks for highlighting the risks of the Sucuri approach to locking down a dynamic IP address I posted above.
View ArticleBarnez on "[Plugin: Wordfence Security] Fatal error: Allowed memory size with...
@Oddly Active In the Developers tab of each plugin on wordpress.org you can find zip files of the recent plugin versions. You could upload 5.1.4 into your plugins list, activate it and see if it...
View Articleshawnwyatt on "[Plugin: Wordfence Security] Use with Stealth Login Page plugin"
I have many websites with the full version of this plugin. Like others, I'm seeing the continuous hitting of the login page with names like "admin" (of course, I don't use that). Wordfence is certainly...
View Articlewebdevvt on "[Plugin: Wordfence Security] Ddos login attempts using username ''"
Yes that is a blank user name in single quotes and no way to block it using the common names comma separated string. Tried using a double comma in the string but it was edited out. Login attempts are...
View Articlewebdevvt on "[Plugin: Wordfence Security] Ddos login attempts using username ''"
I can log in to the site after briefly taking it offline, but have no current fix. Once the common culprits like admin and administrator were eliminated, the attack moved on to the blank user login...
View ArticleTheSeoGuy on "[Plugin: Wordfence Security] NEW Administrator Added - IP from...
This morning I received an alert message from Wordfence that an Administrator had signed into Bora-Bora-Insider.com as follows: A user with username " " who has administrator access signed in to your...
View Articlemountainguy2 on "[Plugin: Wordfence Security] Massive Hit from - over 50 IP...
I'm not sure how the guys at my managed server did it, but they set it up so only whitelisted IP numbers can access the admin side. That was our first step at true security (other than the basics such...
View ArticleFred on "[Plugin: Wordfence Security] Ddos login attempts using username ''"
I'm having a similar issue. A botnet is attempting log-ins with empty usernames. So far, over 1800 in the last 12 hours, all from different IPs. The problem is that even though I have maximum emails...
View ArticleFred on "[Plugin: Wordfence Security] Tons of emails being sent, .htpasswd...
I'm getting botnetted right now, and even though I have maximum emails per hour set to 1, I am getting an email every time a bot fails to log in (all with empty usernames). Now I could turn off...
View Articlesdayman on "[Plugin: Wordfence Security] 2 step authentication with Google's...
Is this what you're looking for? https://wordpress.org/plugins/google-authenticator/
View Articlesdayman on "[Plugin: Wordfence Security] Wordfence live traffic security...
Here's my Blocked IP list. In my Options, I block invalid usernames for 60 days. https://dl.dropboxusercontent.com/u/609598/misc/Blanks.png
View Articlesdayman on "[Plugin: Wordfence Security] NEW Administrator Added - IP from...
It sounds like someone else had a similar problem: http://wordpress.org/support/topic/admin-no-name-added?replies=3
View Articlesdayman on "[Plugin: Wordfence Security] Falcon Engine not caching homepage"
Is your homepage part of WordPress? With a URL of /blog/, it sounds like WordPress may be a subdirectory.
View Articleascom on "[Plugin: Wordfence Security] Falcon Engine not caching homepage"
The homepage is part of WordPress.
View Articlewebdevvt on "[Plugin: Wordfence Security] Ddos login attempts using username ''"
I would like wordfence to automatically add these ips to the deny list but there is no way to add a blank user name to the list, or just default deny the user name, preferably, both
View Articlesdayman on "[Plugin: Wordfence Security] Falcon Engine not caching homepage"
Now I'm just guessing… WF Caches are recalled via .htaccess. Since you say the cached file exists, it makes me think something in .htaccess is preventing this. Granted, I don't have the footer turned...
View ArticleFred on "[Plugin: Wordfence Security] Ddos login attempts using username ''"
Agreed. Also, I'm not sure why .htpasswd isn't keeping the bots at bay. Are they hitting a different URL than wp-login.php to trigger the Wordfence alerts?
View Articlesdayman on "[Plugin: Wordfence Security] Tons of emails being sent, .htpasswd...
If you're the only person who uses wp-login, add this to the bottom of .htaccess: <Files wp-login.php> order deny,allow allow from xx.xx.xx.xx (replace with your home IP address) deny from all...
View Articlegreghark on "[Plugin: Wordfence Security] memory"
What is the minimum memory you can set for Wordfence? I believe by default maximum memory Wordfence is set to 256 megabytes. Thanks, Greg https://wordpress.org/plugins/wordfence/
View Article