Hey @elivi,
It looks like something is blocking POST requests to admin-ajax.php which is found in the wp-admin directory. Do you have anything blocking access to the directory, perhaps an htaccess in the wp-admin directory blocking access?
You might also check for a plugin and theme conflict by disabling them and switching to a WordPress default theme.
Please let me know how it goes.
Thanks,
Gerroald
Thread Starter
elivi
(@elivi)
Hey,
Thanks, I solved the connectivity error that was due to the fact that I had blocked access to wp-admin by IP without adding the code that allows ajax functionality.
But I still have the problem regarding optimizing Wordfence. When I click on “Click here to configure” button or “Optimize Wordfence Firewall”, nothing happens, just a white pop up without any text shows up on the screen. I have not found anybody having this issue on the forum. Can you suggest how to start optimizing the firewall in this case?
Hey @elivi,
Happy to hear you were able to resolve the connection issue.
Regarding the Firewall issue, it sounds like there might be a conflict either with the theme or one of the plugins you’re using, could you try temporarily switching to a default theme if you’re not already using one and disabling all other plugins then reactivating them one by one to see if the issue persists?
To do so I recommend the Health Check & Troubleshooting plugin which allows you to disable all plugins and switch to a default theme, but only for your user.
Please let me know what you find.
Thanks,
Gerroald
Thread Starter
elivi
(@elivi)
Hello,
I installed Health Check & Troubleshooting plugin, disabled all other plugins, reactivated them, but I still have the issue with optimizing Wordfence, nothing has changed.
Could it be that there is something wrong with the plugin?
Thread Starter
elivi
(@elivi)
Hey @elivi,
Did you check to see if there are any errors in either the Network or Console tabs? If so, can you please share screenshots of them here?
Are you able to share who you’re hosting with?
Thanks,
Gerroald
Thread Starter
elivi
(@elivi)
Hi,
Yes, there are errors. Please see the screenshots from console here: https://imgur.com/a/2DPsVK8
It is Siteground hosting.
Do you have an idea how to solve this?
Hey @elivi,
We’ve seen similar issues with SiteGround. I’d suggest reaching out to them to see if they can identify what’s blocking the Firewall connection. It could be a security rule that’s enabled such as mod_security.
Please let me know what they say.
Thanks,
Gerroald
Thread Starter
elivi
(@elivi)
Hey!
As I am using Bulletproof Security plugin as well, it seems that the the issue was solved by allowing browser access for the local host to access the wp-config.php file. By default that line of code was commented in BPS .htaccess code. So when that line of code was uncommented, I was able to start optimizing Wordfence.
The wp-config.php file should NOT be allowed to be accessed via a Browser. It sounds like you have a bigger problem if allowing Browser access to your wp-config.php file made things work. The wp-config.php file should ONLY be accessible internally (file system API) and not externally (HTTP).
-
This reply was modified 6 years, 7 months ago by
AITpro.
Thread Starter
elivi
(@elivi)
A part of the default BPS code looks as follow:
# DENY BROWSER ACCESS TO THESE FILES
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
# To be able to view these files from a Browser, replace 127.0.0.1 with your actual
# current IP address. Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1
# Note: The BPS System Info page displays which modules are loaded on your server.
<FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)”>
Order Allow,Deny
Deny from all
#Allow from 127.0.0.1
</FilesMatch>
Now I have the following code and it is possible to optimize the Wordfence:
<FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)”>
Order Allow,Deny
Deny from all
Allow from 127.0.0.1
</FilesMatch>
Do you recommend commenting out this line of code:
Allow from 127.0.0.1
?
Something is definitely wrong with your server configuration if that works. That htaccess code is only designed to prevent Browser access to those files (HTTP) and not block those files internally (file system API). Post a link to your website so I can check it with some online tools to see what might be going on.
Ok something odd is going on. Using a few different online tools I am seeing a Google Cloud IP address for your website/server > 34.90.49.24. This may be a DNS record problem. ie old DNS record that needs to be deleted.
Other relevant Info:
It appears that you may have an NGINX reverse Proxy server. Do you know if you have an NGINX reverse Proxy server?
You are using the Cloudflare Proxy.
You may be using the Wordfence Proxy.
If you are using 3 different Proxies there is a very good chance of problems occurring. Technically an NGINX reverse proxy is an internal proxy so it would not count as a third proxy, but it does add additional complexity to your overall config.
-
This reply was modified 6 years, 7 months ago by AITpro.
