blocked by Wordfence Security Network

  • Resolved shepsta

    (@shepsta)


    9 years, 5 months ago

    I have something popping up in my logs, trying to determine if its an attack or just random scanning for vulnerabilities. Appears once an hour. Below is an example, all from amazonaws.com variating from ashburn to boardman. Dashed out the site name.

    United States Boardman, United States was blocked by Wordfence Security Network at http://—————–/wp-login.php
    11/25/2016 6:04:54 PM (4 hours 47 mins ago) IP: 54.212.247.166 [block] Hostname: ec2-54-212-247-166.us-west-2.compute.amazonaws.com
    Browser: Firefox version 31.0 running on Win8
    Mozilla/5.0 (Windows NT 6.2; rv:31.0) Gecko/20100101 Firefox/31.0

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter shepsta

    (@shepsta)

    9 years, 5 months ago

    I possibly figured out what it is. The website is on cloudflare. I have “How does Wordfence get IPs” set to use the Cloudflare CF-Connecting-IP. I leave the admin panel open as I’m working on it and I’m thinking maybe cloudflare is trying to cache the admin section? Only thing that doesn’t support that idea is the user agent changes each time, wouldn’t think cloudflare would have random user agents.

    Open to ideas. Thanks

    bluebearmedia

    (@bluebearmedia)

    9 years, 5 months ago

    It’s a bot poking your site for access to the login page…. I get those all over the client sites I manage.

    If it becomes problematic, you can use something like a Hide Login plug-in, then set WF to auto-block any hits to the WP login page. (But only after testing that you can access your custom login page).

    Note: I’m not part of WF admin/support, just a long-time user.

    • This reply was modified 9 years, 5 months ago by bluebearmedia.
    Thread Starter shepsta

    (@shepsta)

    9 years, 5 months ago

    I kinda wondered about that, see it now on another site. Too bad there wasn’t a log that explained why wordfence blocked, would save a lot of questions. It blocks almost instantly, within a second.

    wfalaa

    (@wfalaa)

    9 years, 5 months ago

    Hi shepsta,
    This attempt was blocked by “Wordfence Security Network”, you must have “Participate in the Real-Time WordPress Security Network” option enabled in (Wordfence > Options), reading more about this option on the plugin documentation page would help to understand why this request was blocked.

    Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘blocked by Wordfence Security Network’ is closed to new replies.

Tags