On the Wordfence Options page, try turning on “Disable config caching”, near the bottom of the page. Then, save the settings without making other changes yet. It’s ok if you still get the error message at that point. Then, see if you can change options and save the settings that. If options aren’t saving correctly because of file permissions or certain other issues, this often fixes it.
If that doesn’t help, you can try disabling all other plugins, and changing/saving the Wordfence options after that. We have seen at least one plugin that tried to whitelist its own service in Wordfence, but didn’t do it correctly, which might be the problem here. (If it works, you can turn plugins back on — and if you turn them on one at a time, and try saving Wordfence options in between each one, you can see which one caused the problem.)
If neither of these items helps, can you email me the export tokens, both from the original site, and from the current site? My email address is mattr (at) wordfence.com
Also, just to be sure — when you deactivated iControlWP, you disabled their plugin, and not just the connection to the service, correct?
Paul
(@paultgoodchild)
If you have the latest version of the iControlWP plugin installed, you shouldn’t have any conflicts with Wordfence…
Thanks for the help, Paul! Did a previous version of the iControlWP plugin interact with the Wordfence whitelist at all?
It might be that the other site had an outdated option in the Wordfence settings that were copied to the new site, if so, we should be able to clear that out. (Otherwise, if the iControlWP plugin is up to date on the newer site, it is most likely a different plugin causing the issue.)
Thread Starter
stefhz
(@stefhz)
Thanks @wfmattr (and @paul) – The first steps did not make any difference. And yes, I disabled the plugin, not only the service.
It’s late here and I will do the disable-game tomorrow, and will update here.
Have to say though that I am concerned that disabling won’t make any difference, since the data (any plugin options) are in the DB already. So if some plugin has f’d up my setup, disabling most likely won’t do anything … I may have to go back to a backup and rebuild.
@paul: Yes, always the latest grates 🙂 Thanks for jumping in here.
Will keep you posted.
Thread Starter
stefhz
(@stefhz)
Problem solved, and I have to admit that the source was sitting in front of the screen.
My understanding was that the message was referring to the field “List of comma separated IP addresses to ignore”, and I did not see that there is in fact another field called “Whitelisted IP addresses that bypass all rules” (haven’t quite figured out the difference though).
That other field did in fact contain a ‘0’ which is in fact not a valid IP address. No idea how that ‘0’ got in there, but that’s resolved now.
Thanks again, and sorry for the noise.
Ah, ok, sorry I didn’t catch the difference in your message either. The IPs to ignore are under the Live Traffic section, so those are just excluded from Live Traffic pages. (This way, if you visit a lot of pages yourself during testing your site, you won’t knock all the other traffic off of the list.) The whitelisted IPs apply to the firewall and login security rules, to prevent you (or known crawlers that you don’t want to limit) from getting blocked.
Thanks for following up!