Support » Plugin: Wordfence Security - Firewall & Malware Scan » All sites on a server are locked out by WordFence

  • Resolved TBirdie88

    (@tbirdie88)


    I host multiple client sites and my own sites. Wordfence has locked out all admins from all of these sites. I’m locked out, and my clients are all locked out. The server has already been scanned on my end, and CSF disabled and re-enabled to see if my firewall is the issue (it’s not). Is there any reason why WordFence has locked out everyone on our server?

    Please help 🙂

    Thank you.

    (my site is bluemonster.ca ….I can log back into that one again after I got the email link, however, my URL will tell you what my server IP is. WordFence is treating my server like a bot)

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @tbirdie88

    For this site only please send your Wordfence diagnostics report. Please go to the top of the “Diagnostics” tab on the Wordfence “Tools” page. There will be a “SEND REPORT BY EMAIL” button to send the diagnostics report. Enter wftest [at] wordfence [dot] com as the email and tbirdie88 as the forum username please.

    Once you have emailed me the diagnostics report can you reply here to let me know that it has been sent. This is important in the unlikely event that your installation of WordPress is having an issue with sending mail.

    Thread Starter TBirdie88

    (@tbirdie88)

    Hi @wfphil,
    Thank you so much for your response!

    I checked out the live traffic just before sending the report, and it’s showing as “human” rather than “bot”…. but for some reason it says I’m trying to login. I’m not. I’m not sure why there are so many logins. I wasn’t even in my office when it says I’m trying to login lol.

    Thanks again,
    T

    Plugin Support wfphil

    (@wfphil)

    Hi @tbirdie88

    Thank you for the update.

    When you said, “I can log back into that one again after I got the email link, however, my URL will tell you what my server IP is”

    Can you fully clarify what “my URL will tell you what my server IP is” means please as I don’t understand that.

    When you said, “Wordfence has locked out all admins from all of these sites”

    Do you have a screenshot link that you can share of the Wordfence block page including the two timestamps at the bottom of the page.

    Thread Starter TBirdie88

    (@tbirdie88)

    I didn’t want to post my server IP, but by doing a quick search, it can be found by searching the domain 🙂

    I have a screenshot with a time stamp, from May 31, however, I don’t see anywhere to include attachments..?

    It looks like the problem is mysteriously resolved. I’m not sure if my server’s technical team did something, or if it’s just been so many days and now we’re not locked out anymore…?

    I hope this doesn’t happen again. I’d like to know what solved it.

    Thanks 🙂
    Tina

    Plugin Support wfphil

    (@wfphil)

    Hi @tbirdie88

    Thank you for the update that you meant that you didn’t want to share your domain name.

    For the site that you sent the diagnostics for it appears that your hosting provider is using Nginx as a reverse proxy server and it appears you have configured Wordfence set to use the option Use the X-Real-IP HTTP header. Only use if you have a front-end proxy or spoofing may result.

    It is possible that if your hosting provider has configured Nginx to use the X-Real-IP HTTP header then it may not be being set consistently. If that happens then Wordfence will detect all visits to the site as coming from an IP address used by your hosting provider. If a hacker generates a block then everyone will be blocked for the duration of that block until Wordfence is able to detect IP addresses again correctly.

    Thread Starter TBirdie88

    (@tbirdie88)

    Hi @wfphil,

    Sorry for the delay. The funny thing is that I figured it was Nginx since I installed on the server before the issue began (but within the hour, disabled it because it was causing caching issues); however, I was told Nginx wouldn’t cause this issue.

    Going forward, is it best to change a Wordfence setting, or an Nginx setting? Even though Nginx is disabled?

    Thanks again.

    Thread Starter TBirdie88

    (@tbirdie88)

    @wfphil …I heard back about Nginx. I’m told it was “compiled without the http_realip_module”
    I’m not sure what this means. Is Nginx not the problem?

    Plugin Support wfphil

    (@wfphil)

    Hi @tbirdie88

    Thank you for the update.

    Can you send me a new Wordfence diagnostics report. Please go to the top of the “Diagnostics” tab on the Wordfence “Tools” page. There will be a “SEND REPORT BY EMAIL” button to send the diagnostics report. Enter wftest [at] wordfence [dot] com as the email and tbirdie88 as the forum username please.

    Once you have emailed me the diagnostics report can you reply here to let me know that it has been sent. This is important in the unlikely event that your installation of WordPress is having an issue with sending mail.

    Thread Starter TBirdie88

    (@tbirdie88)

    Hi @wfphil, the new one is sent 🙂
    Thank you

    Plugin Support wfphil

    (@wfphil)

    Hi @tbirdie88

    This website is on a server still using Nginx, most likely setup as a reverse proxy server as my browser developer tool reports the server as:

    Server: nginx/1.21.0

    And the PHP variable in your phpinfo() output reports the origin server as:

    SERVER_SOFTWARE: Apache

    I see that Wordfence IP detection appears to be setup correctly so that your Cogeco internet service provider IP address 72.39.164.198 should be shown on the line Your IP with this setting in the How does Wordfence get IPs subsection of the General Wordfence Options section on the All Options page.

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.