wfpeter
Forum Replies Created
-
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] quiz makerHi @mathijsvdbeek, thanks for getting in touch.
As far as we’re aware, the free version of Quiz Maker wasn’t affected. The slug “quiz-maker-pro” doesn’t clash and their free plugin doesn’t share, or overlap with, the vulnerable version ranges for other plugins using the slug “quiz-maker” on our Threat Intelligence page.
Are you getting this information from your Wordfence scan result with the free version of Quiz Maker installed? If so, did you ever have the Pro version and revert back? Feel free to share the full scan message for us here if you think something is being reported in error.
Many thanks,
Peter.Hi @george-self, thanks for reaching out!
If automatic rules updates have been working fine up until 25th June, file and database permissions are likely to be OK unless something has changed at the host’s end recently.
Manually removing the wp-content/wflogs folder’s contents via FTP or your host’s file manager should stand a good chance of solving the issue. A local file may have become corrupt and Wordfence will attempt to recreate them automatically within 30 minutes (usually much sooner).
Let us know how that goes,
Peter.That’s great news @highperformerteams! Thanks for keeping us posted on the results of your tests.
Peter.
Hi @upshift-86, I’m sorry to see that.
It sounds like it could be connected to IP detection being incorrectly set for your site, so every visitor is detected as the same IP. This means that legitimately triggered blocks for somebody else will block all visitors including yourself.
- Please use FTP/SFTP or any file manager your web host provides via their administration panel.
- Look inside the /wp-content/plugins/ directory and rename the wordfence directory to wordfence.bak. This will deactivate Wordfence and allow you to login.
- The Wordfence Assistant plugin (downloadable via this page) can be installed to clear your site’s blocks when you are unable to access it via the recommended methods shown in our documentation: https://www.wordfence.com/help/blocking/troubleshooting/#if-you-locked-yourself-out.
Once you’ve regained access, you can rename the wordfence.bak folder back to wordfence again and try to resolve the issue long-term:
- Take note of your own IP on your device: https://www.whatsmyip.org.
- Head over to Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs and reference the area under that section that says Detected IPs and Your IP with this setting.
- See if any of the options there when picked accurately reflect your IP. If one does that isn’t currently selected, don’t forget to hit the SAVE CHANGES button in the top-right after you’re done.
- If none of the options accurately reflect your IP, you may need to speak with your host to ensure the visitor IP is being sent to the site correctly.
Your server configuration might require a certain header like
CF-Connecting-IP(for Cloudflare) to be used for IP detection, or a trusted proxy to be specified (scroll down slightly from this link to learn more): https://www.wordfence.com/help/dashboard/options/#general-wordfence-optionsLet us know how you get on,
Peter.Forum: Reviews
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Good PluginGreat to see, @johero1974! Thanks for your positive review of Wordfence.
Peter.
Hi @highperformerteams, thanks for sending that over.
Something seems to be overriding
max_execution_timeas it’s reported as50000in your diagnostic rather than the figures we’ve both discussed. We do cap how long a scan stage will run even if that number is excessive, but changing Wordfence > All Options > Performance Options > Maximum execution time for each scan stage to8can help.Your list at Wordfence > All Options > Advanced Scan Options > Exclude files from scan that match these wildcard patterns is quite extensive. Whilst that list shouldn’t cause a failed scan, removing them is best in this case as I’m assuming they weren’t added manually.
Also try:
- Select Use low resource scanning and set Time limit that a scan can run in seconds to 0 (which will limit a scan to 3 hours)
- Disabling Wordfence > All Options > General Options > Scan images, binary, and other files as if they were executable
Thanks again,
Peter.We’re delighted to hear that Wordfence has been actively protecting your site @realgraphicsdk and that you came here to leave us a five-star review. Your opinion will also help other site administrators choose our plugin!
You can reduce the number of access attempts (if you wish) in Wordfence > All Options > Brute Force Protection.
Peter.
Hi @ryrossitto! Thanks for your question.
Wordfence is not a page cache or session cache, so it is not designed to cache visitor sessions in the way a caching plugin might. However, Wordfence can log request and security-event data as part of features like Live Traffic, firewall/blocking activity, login security events, alerts, and — if enabled — Audit Log / Wordfence Central.
Depending on configuration, this data can include items such as IP address, request path/URL, user/login-related events, blocked requests, and other security-relevant request details. Audit Log data for relevant events may also be transmitted to and stored in Wordfence Central.
For a HIPAA-regulated site, we recommend reviewing Wordfence settings with your compliance/security team.
We cannot determine HIPAA compliance for a customer’s environment, but Wordfence should be treated as a security tool that may process request/security metadata depending on configuration.
Many thanks,
Peter.Hi @yatgirl,
I would be more inclined to think that’s the test tool as Googlebot likely won’t have AWS as its origin. If there are no Live Traffic entries for Googlebot under regular operation of the site, it may suggest Wordfence isn’t the reason for the block.
Let us know whether Wordfence > All Options > Advanced Firewall Options > Allowlisted Services has “Google Search Engine” checked and Wordfence > All Options > Rate Limiting > How should we treat Google’s crawlers is set to “Verified Google crawlers will not be rate-limited“.
If those settings seem fine and Live Traffic doesn’t show any examples, I would see if any of the actual services attempting to read robots.txt (not the AWS test tools) provide more detail about the 503s. The response may contain HTML or other content that show the specific error text. Wordfence sends a branded block page, so that’d be useful to rule Wordfence in or out as the cause.
Let us know what you find out,
Peter.Hi @afwebdev, thanks for reaching out about this.
We already support PHP 8.5, but there are a few deprecation notices such as these to address. They are already scheduled for an upcoming version of Wordfence, so should stop appearing naturally once the updates roll out.
Many thanks,
Peter.We could try altering some more scan settings, but I’m mindful that I’ve not seen your site configuration in more detail yet. It may allow me to provide more specific instructions to see your diagnostic report. You can send that to wftest @ wordfence . com from the top of Wordfence > Tools > Diagnostics. Click on “Send Report by Email”.
Please add your forum username where indicated and let me know again once you’ve sent it as the inbox is unmonitored.
Thanks again,
Peter.Hi @yatgirl, thanks for reaching out!
As the difference between a 200 and 503 seems consistent with Wordfence being disabled/enabled at this stage, you should be able to see the full reasoning in your Live Traffic page immediately after running one of the tests above while Wordfence is enabled. Wordfence logs all blocks it makes here and you can filter by “Blocked” if you like too.
You may find a specific firewall rule or Wordfence setting stated here. The block reason is shown in red text. Feel free to paste that reason here if you’re unable to manually allowlist it using the “ADD PARAM TO FIREWALL ALLOWLIST” button on the Live Traffic page, or by changing the setting within the plugin’s options.
Many thanks,
Peter.Hi @jgold723, thanks for getting in touch!
There are usually 3 possible firewall rules involved when somebody uploads a file to your site: “Malicious File Upload“, “Malicious File Upload (Patterns)”, or “Malicious File Upload (PHP)“.
There are layers to how uploaded files are checked by Wordfence. False-positives can occur from time-to-time as documents or image files can easily match malicious PHP code patterns when viewed as plain text. If you turn off the rule that you’ve been seeing in Live Traffic via Wordfence > All Options > Advanced Firewall Options > Rules, a different stage of the checking process will still scan the files and be able to flag legitimate issues in future.
Many thanks,
Peter.Hi @bizcomweb, thank-you for your question.
There’s no option to restrict sites currently, so if you add a team member, it should provide access to all of the sites the team owner has added to Central.
If you’re able to send the email address only of the “Team Owner” Central account to wftest @ wordfence . com, we can certainly look into why that might not be the case for you.
Please put your forum username in the email’s subject and let me know here once you’ve sent it, as the inbox is unmonitored.
Many thanks,
Peter.We’re glad to see that @aghuser! We truly appreciate your 5* review based on Wordfence’s effectiveness at keeping your site safe.
Peter.