Support » Plugin: Wordfence Security - Firewall & Malware Scan » Taming Wordfence and admin-ajax.php

  • For the past month, I’ve been receiving an increasing number of Wordfence / admin-ajax.php complaints. I manage many thousands of WordPress installs so not just tossing this out as a one site complaint.

    It seems admin-ajax.php requests are even overwhelming my client’s VM’s in some cases. There has been talk from my clients on deleting Wordfence entirely as a result.
    Is the security benefit worth the downtime…

    Something seems very wrong in the Wordfence camp.
    Any ideas/recommendations or news on this pressing subject?

Viewing 10 replies - 1 through 10 (of 10 total)
  • common access log example:

    conferencistas/mysite.org:66.160.147.x – – [03/May/2017:09:55:13
    -0700] “GET
    /certificaciones/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronKey=86d6390135660631a6d5ae3
    HTTP/1.1″ 200 0 ”
    http://mysite.org/certificaciones/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronKey=86d6390135660631a6d5ae3
    “WordPress/4.7.4; http://mysite.org/certificaciones

    conferencistas/mysite.org:66.160.147.x – – [03/May/2017:09:55:30
    -0700] “POST
    /certificaciones/wp-admin/admin-ajax.php?action=wordfence_testAjax
    HTTP/1.1″ 200 32 ”
    http://mysite.org/certificaciones/wp-admin/admin-ajax.php?action=wordfence_testAjax
    “WordPress/4.7.4; http://mysite.org/certificaciones

    • This reply was modified 1 year, 5 months ago by  hackrepair.

    Hi,
    I’m not sure if you are hosting these websites on a VPS or a dedicated server you have, or they are on a shared hosting account?
    Also, would appreciate if you have more accurate statistics regarding these “overwhelming” requests?
    In general, you may want to take a look at these suggestions mentioned in this thread which should reduce the server resources usage during scans.

    Let me know how it goes,
    Thanks.

    I am curious about this topic also because everytime I update the content on a clients site I get the popup with a warning about this file: http://www.jennifershannon.com/wp-admin/admin-ajax.php

    It is obnoxious. If I am laying out pages it occurs every time I save and preview, and then when I enter page edit again. Depending on the content I am trying to lay out it can happen up to 40 or 50 times an hour. The only choices are to whitelist it, or dismiss it… I finally whitelisted it but I don’t think that is likely the best option.

    @peonypink this sounds like a totally different case, please switch the firewall status into “Learning Mode” from (Wordfence > Firewall), then perform all the actions you are doing using the page builder, and revert the firewall back to “Enabled and Protecting” after a couple of days for example.

    Thanks.

    We run a few dozen sites and the admin-ajax.php issue mentioned initially above is causing us to rethink our entire use of wordfence.

    Well, for a site I built using Divi Theme, recently I started getting a ‘Divi Builder Timeout’ error message when using the Divi Builder. Within the Java Console I get the message:
    POST ….wp-admin/admin-ajax.php 500 (Internal Server Error)

    When I deactivate WordFence, the issue is resolved.
    What alternatives are there to WordFence?

    (I’m normally happy with WF, but in this case I need to make another plan)

    No resolution to this yet? I tried turning on learning mode and then switching back after doing the required actions. Learning mode or disabling the plugin allows the AJAX posts temporarily, but the URLs don’t end up in the whitelist section (I have a few other URLs marked as “Source: Whitelisted while in Learning Mode.” but no admin-ajax.php urls).

    I also tried adding it to the whitelist manually. Here’s my code:

    $.ajax({
        url : 'https://example.com/wp-admin/admin-ajax.php',  // generated from php admin_url( 'admin-ajax.php' );
        type : 'post',
        data : {
            action : 'my_custom_callback',
            mydata : myDataArray
        },
        // etc...
    });

    And here’s what I tried adding to the whitelist:

    URL: /wp-admin/admin-ajax.php
    Param Type: POST BODY
    Param Name: my_custom_callback

    The error I get is a “400 bad request” error.

    I am not using any caching or compression plugins or systems.

    Seems a pity to abandon using WordFence altogether because of this issue. I see lots of people who still seem to be having trouble with this. Let me know if there is a good solution.

    wfalaa

    (@wfalaa)

    Hi @squarecandy
    This could be a conflict with other plugin installed on your website or something wrong with your request (in the way your wrote your application/plugin), as Wordfence doesn’t respond with “400 bad request” in any of the functions related to the firewall. I would recommend doing some investigations regarding the source of this “400 bad request” and following up from there.

    Thanks.

    txad

    (@txad)

    I am having the same problem. Admin-ajax is getting hit hard and slowing down all our wordpress sites because of Wordfence. I need a solution asap.

    I am having the same issue for several of my sites. Javascript functions that depend on Ajax are getting the 403 error when they try to access /wp-admin/admin-ajax.php

    This is even happening in Learning Mode.

    It doesn’t happen for IP addresses that bypass the rules (admin using my IP can access) and use any of the JS functions that call /wp-admin/admin-ajax.php, but general visitors cannot.

    This is a serious issue for WordFence. At this point my client is leaning toward removing the plugin. I would think that with the amount of issues that I’m finding in my search, someone on the WordFence staff would spend some time to get this issue resolved instead of taking the standard tact that it must be a conflict with other plugins.

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.