PS: I otherwise totally love wordfence and have rated 5-stars, etc.
🙂 Thanks!
I’ll check and see if its something that can be done and get back to you. I’ll also ask, if not, can we implement something like that in the future, at least to include an explanation by the admin of the site that locked them out.
Would that help?
tim
Yes, that would be immensely helpful. Thank you for responding so quickly too.
Do we have any movement on this?
It is very frustrating as most of my site users are from Japan 🙁
Its been placed in our internal system as a feature request. Security is ever changing and new threats emerge all the time. We spend most of our time adding signatures and researching ways to combat malware. We do take requests seriously and have implemented many of them where feasible. I will update the request to make sure the dev team knows people are asking for it.
tim
Is there anything stopping me from modifying the HTML page or is that signed too?
Just the usual reasons: when a new version of WordFence is upgraded, your changes could get overwritten, so keep a backup locally and be prepared to re-do the changes at every upgrade / WordFence release.
Also, WordFence will tag it as a security alert that it is changed from the official version in the WP Plugin repository, but I suppose you could tell WordFence to ignore it as long as you check that it is just your changes.
I don’t know if WordFence would have any other issues with you changing that file … if you have a sandbox or non-production / non-live site, you could try it and see how it goes … if you keep a copy of the original file, the worst you would have to do is re-upload the original file via FTP to restore everything (so, probably also backup everything, files, database, JIC)
It seems like it really would not be that difficult to add a filter hook, and/or make it a replaceable function (as in theme functions).
WordFence may claim that they don’t have time, but they added A LOT of other dashboard bells and whistles (that broke SSL, exposed private logins to everyone) and that aren’t as useful as a clearly defined lockout message that is specifically targeted for the audience of the website would be. IMO, anyway.
Thanks for the additional info snowboardmommy 🙂
Yes, I do have an local WordPress installation on my PC for testing.
But personally, I cannot understand how this isn’t being given priority? Imagine if I didn’t speak English as a first language and I registered for a really cool site. Entered my username wrong accidentally and get locked out – You’d feel pretty helpless that’s for sure.
Do I have to ask for a refund on my yearly fee’s?
Oh wait, i didn’t actually sign up nor pay for it :E
A basic issue like this and lack of movement on it is certainly deterring me from even considering paying for this service at this point
I totally agree; I think the WordFence team perhaps just has not had to deal with their own locked out message or the general public who get confused by it. I ended up raising the number of attempts allowed just so that people wouldn’t get that page as often; which sort of defeats the whole point, but I’ve got enough customer support as it is.
Obviously, with WordFence working hard to keep our websites and the Internet in general safe, people are going to encounter that screen and they should be encountering a version of it that makes sense for the website that they are interacting with; foreign language translation is an essential part of the WordPress community.
If you do customize that page successfully, please consider offering your translation to the WordFence team. Translation for plugins tends to be a “community effort” since plugin developers, like most people, are not usually fluent in more than 2 or 3 languages.
… and it will signal that successful communication with our website members is also an important security consideration.
