Support » Plugin: Wordfence Security - Firewall & Malware Scan » Conflict with Yoast SEO Author archives redirect

  • Resolved brit77

    (@brit77)


    In Yoast SEO settings, there is an option to disable Author archives which makes author archive pages redirect to the homepage. With WordFence installed (confirmed, with only these two plugins enabled), then instead of redirecting to the home page, it goes to a 404 page at the author archive URL (i.e. domain.com/?author-3). When I disable WF, then the redirection occurs as expected.

    Turn out this is due to the WordFence option: “Prevent discovery of usernames through ‘/?author=N’ scans, the oEmbed API, the WordPress REST API, and WordPress XML Sitemaps”

    I would like to keep this option checked to prevent accessing usernames via the various methods, but I would also like to keep author archives disabled and redirecting to home via Yoast (I just noticed that my sites’ automated blog notification emails link to the author archive, so it is not ideal to have this go to a 404). Is there any way to achieve this via WordFence? Do I need to take this up with Yoast?!

    Thanks!
    Sarah

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @brit77 and thanks for reaching out to us!

    Usually, Wordfence will only respond with a 403(Firewall) or 503(Rate-Limiting or Brute Force Protection) if it’s a Wordfence directive that is blocking the request. A 404 would make me think that something in Yoast isn’t working with Wordfence properly.

    Are you seeing anything show up in the Wordfence > Tools > Live Traffic page when this request hits the 404 pages? If so, we might be able to look a little deeper at it, if not, then it has to be something within the Yoast plugin that is redirecting incorrectly or conflicting with Wordfence.

    Let me know what you do find, as I am interested in the results!

    Thanks again!

    Thread Starter brit77

    (@brit77)

    Hello @wfadam, and thanks for taking a look at this for me.

    No, I don’t see anything in Live Traffic.

    The 404 is probably because the author archives are disabled in Yoast, so in a sense, it is expected. But additionally, the expected behavior is that the author archive URLs should be redirecting to the homepage, but WordFence is preventing the redirect when the “Prevent discovery of usernames” setting is enabled.

    I’d like to keep the other benefits of keeping this option checked while also having Yoast disable the author archives/redirecting them to home. Is this possible?

    Plugin Support WFAdam

    (@wfadam)

    If you disable the setting, does it seem to start working again? Still strange to see a 404 being populated. Have you reached out to Yoast at all about this issue? It should be anything that Wordfence is blocking since the error is a 404.

    Let me know what you find!

    Thanks!

    Thread Starter brit77

    (@brit77)

    Yes, if I disable the setting, then go to http://www.domain.com/?author=3, it redirects to the homepage (as Yoast SEO says it should). When I enable the WF setting, then “/?author=3” goes to the 404 page. (I have confirmed this happens with all my sites)

    To check all variables, I tested all combinations of these settings and found that WordFence is indeed the issue (see #2).

    1. (default WordPress behavior) Yoast: Author archive ENABLED; WF: “Prevent Discovery” OFF
    Result: author archive URL “/?author=n” redirects to clean author URL “domain/author/username”
    2. (no Yoast, just WF) Yoast: Author archive ENABLED; WF: “Prevent Discovery” ON
    Result: author archive URL “/?author=n” goes to 404; clean author URL “domain/author/username” goes to author archive page
    3. (expected Yoast behavior, no WF) Yoast: Author archive DISABLED; WF: “Prevent Discovery” OFF
    Result: author archive URL “/?author=n” AND clean author URL “domain/author/username” redirect to homepage
    4. Yoast: Author archive DISABLED; WF: “Prevent Discovery” ON
    Result: author archive URL “/?author=n” goes to 404; clean author URL “domain/author/username” redirects to homepage

    So, the issue appears to be with how WF handles the numbered author archive URL, regardless of Yoast; and this is preventing Yoast from redirecting both versions of the author archive URLs to home.

    I only found this to be a problem when I noticed that my sites’ automated email notifications link to the “/?author=n” author archive URL which lands on a 404, so ideally Yoast would be able to redirect this to home AND I could still keep the WF option turned ON to take advantage of the protections it offers!

    Hope this helps!

    Plugin Support WFAdam

    (@wfadam)

    I did some testing with this and as far as I can tell, there is no simple way around this issue. Both plugins want to make different changes to how the author=N requests are handled.

    If you’re comfortable editing code, you could add this line to your theme’s functions.php (assuming you’re using a child theme, and not modifying a theme where you will lose changes when it updates):

    remove_action('request', 'wordfence::preventAuthorNScans');

    This worked when I tested it in a theme. It essentially allows only the author=N queries to be ignored and handled by Yoast, while the other items that option blocks are still covered.

    Let me know if this helps!

    Thanks again!

    Thread Starter brit77

    (@brit77)

    It works for me too…wonderful! I’ll be sure to insert this code for each of my sites. I appreciate you taking the time to investigate and for finding a fix! Thank you!
    -Sarah 🙂

    Plugin Support WFAdam

    (@wfadam)

    Great news! Glad we could get this working!

    Thanks again for your patience!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Conflict with Yoast SEO Author archives redirect’ is closed to new replies.