WordPress.org

Forums

Wordfence Security
Admin Ajax problem (7 posts)

  1. dnaWP
    Member
    Posted 11 months ago #

    The last few days my host's firewall has activated and blocked my IP. After quite a lot of testing of other possibilities (hardware and software) I believe I have narrowed it down to an issue with Wordfence. I have it installed on a number of sites on the same host/server and it is behaving the same way for all of them.

    When I visit the live traffic page it fires off repeated requests to admin-ajax but it is getting back a 404 error - however this doesn't happen all the time, the first time it requests access it is fine - it is just happening on subsequent calls (when it tries to update the page or I try to block an IP for example). The way this problem presents itself is for the red WordFence message on the bottom right to flick up very quickly when I try to do something instead of staying on the screen for longer. When I check the error messages in Chrome - javascript is throwing a 404 error message when it tries to access the ajax file. I believe that over the course of the last days/weeks these 404s have been added up by the host and over time must number of the 100s.

    I haven't tried to block my own IP so I don't believe it is caused by my blocking my own IP! Also I have NOT password protected the wp-admin folder and admin-ajax has normal file permissions.

    Admin-ajax also works fine when called by other plugins.

    And I believe that the only rewrite rule I have to do with wp-admin is as follows:

    RewriteRule ^wp-admin/includes/ - [F]

    I don't think it is a corrupted version of Wordfence - since it is happening on all sites I am using it on.

    The hosting company doesn't have its full complement of staff in today (Saturday) - but they have emailed me the two files that are allegedly causing the problem:

    plugins/wordfence/tmp/.htaccess
    plugins/wordfence/lib/whois/whois.be.php

    I have checked both of these files and neither seem to be any different from the files that are in the version of Wordfence I just downloaded to compare. Perhaps they are just a red herring.

    I do have another security plugin installed (iThemes Security). I have tried disabling it to see if it stops the problem but both the ajax 404 message and eventually the firewall issue with the host are still happening.

    Would appreciate any advice. Thanks.

    https://wordpress.org/plugins/wordfence/

  2. sdayman
    Member
    Posted 11 months ago #

    Have you added your home IP address to the whitelist on the Options page?

  3. dnaWP
    Member
    Posted 11 months ago #

    I do not believe that this is the problem. The "firewall" block is not Wordfence blocking me, but the actual host blocking my IP to the entire shared hosting facility - I can not visit any site that the host is hosting (not just mine!).

    Perhaps I am misunderstanding your question/suggestion. Does Wordfence need admin user to put in an IP address each time they login using a different network. If I am on a train and my IP address changes every so often do I need to keep updating the whitelist to continue to use Wordfence.

    Also I am not sure why Wordfence would need or want to use an IP address of the user each time it wanted to use admin-ajax. Surely checking to make sure that the user is logged in as an admin would be sufficient?

  4. dnaWP
    Member
    Posted 11 months ago #

    Just wanted to correct a mistake I made above, I just doubled checked the error I was/am getting - it is a 403 error (forbidden) when the admin-ajax.php file tries to load up the following script at:

    wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate,utils,json2&ver=3.9.1:4

    The problem seems to happen when a page is "reloaded" or part of a page is reloaded. For the first 10 or so calls to file everything seems fine, and the data is returned fine, then it starts returning the 403 error. :(

  5. sdayman
    Member
    Posted 11 months ago #

    Ah, I see. You think Wordfence is triggering something at your host provider that's blocking you. That shouldn't happen.

    I've had my host completely block my home IP address over excessive SSH/SFTP connections. It clears up after an hour or so.

    Hopefully your host can figure this out.

  6. dnaWP
    Member
    Posted 11 months ago #

    slowly getting to the bottom of this...

    The Live Traffic panel seems to be one of things that is tripping the mod_security - it doesn't like the fact that "Live Traffic" is calling admin-ajax so many times.

    It looks like the host's mod-security is being excessive pernickety about admin-ajax being called every 2 seconds! Reducing the amount of calls that the scripts call or use admin-ajax has hopefully resolved the problems!

    FYI (and for anyone else that might have the same problem) - there is a setting in Wordfence's Options panel (Update interval in seconds (2 is default)) which allowed me to change the interval time.

    Thanks for your help.

  7. sdayman
    Member
    Posted 11 months ago #

    I don't use Live Traffic, but I do have my update interval set to 60. I think it also affects the scan windows.

    Upping your interval should also reduce the load on your server.

Reply

You must log in to post.

About this Plugin

  • Wordfence Security
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic