Hi @mms93003, thanks for the information!
When in your FTP or hosting file manager, navigating to your wp-content/wflogs folder and checking for rules.php, does it show as 0kb in size?
It’s often worth checking that permissions on your WordPress site’s directories are 755, and that the process owner is www-data, especially as the connection to retrieve the data looks good on the face of things so the issue could be around the read/write state of the file(s) in this location.
If you have persistent problems with this file/folder, you can bypass this entirely by setting Wordfence to write to the MySQLi storage engine instead of a file if you prefer: https://www.wordfence.com/help/firewall/mysqli-storage-engine/
If the permissions look OK and the data also isn’t being written to MySQLi instead of the file-based method, let me know so that we can look further into it for you.
Thanks,
Peter.
Yes, rules.php is 0kb in size. wflogs/ is 755 and owned by www-data. wp-content/ is 775 and not owned by www-data. Does wp-content/ matter or just wpflogs/?
Not sure if this is related but in Tool -> Diagnostics -> Connectivity there’s this message – Connecting back to this site
wp_remote_post() test back to this server failed! Response was: cURL error 60: SSL certificate problem: certificate has expired
I’m using Cloudflare on this domain.
Hi @mms93003,
I have seen a host’s server IPs reporting an expired certificate before even if directly accessing the site in a browser appears to have one. This can happen sometimes when sites are behind load balancers (for example.) It looks like cURL, which is a PHP module rather than a Wordfence-specific function, is seeing this expired certificate as a blocker to connecting.
Did you originally select “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.”.in Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs?
It’s possible your site IP is either incorrectly stated or not whitelisted in Cloudflare. Check and verify the correct IP was whitelisted in Cloudflare. If you want to verify the sites IP address, navigate to Wordfence > Tools > Diagnostic > Connectivity and you will see “IP(s) used by this server“. Make sure the first IP here is the IP that is whitelisted in Cloudflare.
You may also need to allow our IPs: https://www.wordfence.com/help/advanced/#servers-and-ip-addresses
- Login to Cloudflare
- Go to “Firewall”
- Click the “Firewall Rules” tab
- Click “Create a Firewall rule”
- Name the rule under “Rule Name”
- Set the “Field” under “When incoming requests match…” to “IP Address”
- Enter your site’s IP address under “Value”
- At the bottom, under “Then…Choose an action” change “Block” to “Allow”
- Click “Deploy
Also, if you have Cloudflare’s “under attack” mode enabled too, you could try temporarily disabling that. It’s meant to block automated connections and could be related.
If Cloudflare seems properly configured along with Wordfence, I would certainly speak to your host about the expired SSL certificate message to see if they can find which IP is causing it.
Thanks,
Peter.
