Support » Plugin: Wordfence Security - Firewall & Malware Scan » How to know what caused block?

  • Resolved kalico

    (@kalico)


    Hi,

    One of my users was plagued by a WordFence 403 error every time she tried to update a WPDM post. I found her IP address listed in the “Top IPs Blocked” list on /wp-admin/network/admin.php?page=WordfenceWAF (the Firewall page), and whitelisted it…so she’s fine now. But I’d really like to know what was happening that caused this. I was hoping to find a way to see the individual IPs that have been blocked, and the reason why. Am I missing it somewhere?

    Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfdave

    (@wfdave)

    Hi @kalico,

    Can you look under Wordfence -> Tools -> Live Traffic:

    From here, click Show Advanced Filters, select IP for the dropdown, =, and type her IP address in the field.

    For example: https://i.imgur.com/tByJPFi.png

    You should now be able to see all the connection rows from her IP address. If you expand a row, it should tell you the reason why she was blocked.

    Let me know what it says, and I’ll walk you through on how to whitelist this, so that other users won’t be blocked.

    Dave

    kalico

    (@kalico)

    Thanks so much for the quick reply. I think this is a record-breaker for wp.org 🙂

    I found an entry where she was blocked, based on your great instructions. Here is what it says:

    Activity Detail
    NAMW in CITY, United States left https://xxxxxxxxx/wp-admin/post.php?post=10607&action=edit and was blocked by firewall for WordPress <= 5.0 – PHP Object Injection via Meta Data & Authenticated File Delete at https://xxxxxxxx/wp-admin/post.php
    2/22/2019 12:41:51 PM (4 hours 9 mins ago)
    IP: 67.186.119.89 Hostname: c-67-186-119-89.hsd1.il.comcast.net
    Human/Bot: Human
    Browser: Chrome version 0.0 running on Win10
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36

    Plugin Support wfdave

    (@wfdave)

    Hi again,

    Can you try going into Wordfence -> All Options -> Rules, click Show All Rules, then scroll down and uncheck Object Injection?

    For example: https://i.imgur.com/Mqo7ofZ.png

    After that, click on Save Changes in the top-right corner and see that works.

    Dave

    kalico

    (@kalico)

    Thanks Dave. I have done that, and I guess I’ll un-whitelist her IP, and then see if she can complete her task. I’ll have to wait until next week, as she’s gone for the weekend now. Thanks for your help. I’ll update on Monday. Hope your weekend is good!

    Plugin Support wfdave

    (@wfdave)

    Sounds good! Have a great weekend!

    Lemme know if it works out or not.

    Dave

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘How to know what caused block?’ is closed to new replies.