Support » Plugin: Wordfence Security - Firewall & Malware Scan » The last rules update for the Wordfence Web Application Firewall was unsuccessfu

  • Please help? I’m getting the following error:
    The last rules update for the Wordfence Web Application Firewall was unsuccessful. The last successful update check was November 11, 2020 3:11 pm, so this site may be missing new rules added since then. You may wait for the next automatic attempt at December 15, 2020 12:58 pm or try to Manually Update by clicking the “Manually Refresh Rules” button below the Rules list.

    When I try to manually refresh, I get the following error: “No rules were updated. Your website has reached the maximum number of rule update requests. Please try again later.” I waited until after the next update check and it is still failing.

    I have read through this entire thread and taken every action:
    https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu/

    * Confirmed user/group match diagnostics Process Owner
    * All Diagnostics have green checkmarks
    * Confirmed 664 on /var/www/html/wp-content/wflogs/rules.php
    * Confirmed 775 on /var/www/html/wp-content/wflogs/
    * Deactivated/reactivated the plugin
    * Deleted/re-enabled .htaccess
    * Ensured correct permissions on .htaccess
    * Disabled Apache ModSecurity
    * Disabled WordPress Sucuri plugin
    * Ensured I am at the latest version (7.4.14)
    * Deleted the rules.php file and allowed it to re-create. It only created a 0kb file with today’s date so I restored the November 11th version.
    * My web server can reach the WFWAF_API_URL_SEC server and page found in init.php. See output below.
    * No curl_exec setting in php.ini
    * Restored defaults (no good, so I reverted my saved options)
    * php-fpm not installed
    * Diagnostics connectivity is good, as is every other diagnostic green checkmark
    * Waited for the Dec 15th deadline to pass and tried again

    root@web01.prod.securecoop.com:/SecureCoop# grep WFWAF_API_URL_SEC /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/init.php
    define(‘WFWAF_API_URL_SEC’, ‘https://noc4.wordfence.com/v1.9/’);
    root@web01.prod.securecoop.com:/SecureCoop# curl -o- https://noc4.wordfence.com/v1.9/
    {“success”:false,”errorMessage”:”Invalid action supplied.”}root@web01.prod.securecoop.com:/SecureCoop#

    The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 25 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @cdevidal and thanks for reaching out to us!

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    Thanks!

    Thread Starter Better Automations

    (@cdevidal)

    Done, thank you.

    Plugin Support WFAdam

    (@wfadam)

    Thanks for sending that @cdevidal

    It looks like they are updating correctly according to the diagnostic.

    This might be a false error. To check, using FTP or file manager, navigate to your wp-content/wflogs and check your rules.php file. When was it last modified?

    Thanks!

    Thread Starter Better Automations

    (@cdevidal)

    root@web01.prod.securecoop.com:/SecureCoop# ls -l /var/www/html/wp-content/wflogs/rules.php
    -rw-rw-r– 1 www-data www-data 345865 Nov 11 15:11 /var/www/html/wp-content/wflogs/rules.php
    root@web01.prod.securecoop.com:/SecureCoop#

    FYI in my comments above, “Deleted the rules.php file and allowed it to re-create. It only created a 0kb file with today’s date so I restored the November 11th version.”

    Plugin Support WFAdam

    (@wfadam)

    That is strange it’s populating with no data.

    A complete re-install of Wordfence might be a good step. It’s always best to make a backup of the site and database before installing/removing plugins, just to be safe.

    Additionally, you can backup your Wordfence settings via the Export option. Navigate to Wordfence > Tools > Import/Export Options and click Export. You can also take note of the current Whitelisted URLs you have in Wordfence > Firewall > All Firewall Options > Whitelisted URLs as these are NOT included in the Import/Export, and will be lost during the re-install.
    Here is what is exported: https://www.wordfence.com/help/tools/import-export/
    During the export, you will be given a long string of text. Keep this safe, you’ll need it in a few minutes.

    After that, enable the option to Delete Wordfence tables and data on deactivation in All Options > General Wordfence Options. You will want to remember to disable this after you reinstall Wordfence again.

    After you enable that option, you can deactivate Wordfence from the Plugins area of your site, then delete it. Next, from the plugins area, search for and re-install Wordfence like normal.

    It will be like setting Wordfence up for the first time. You will need to enter an email address, and then go into Tools > Import/Export Options and paste that string of text into the Import Wordfence Options field and click the button there.

    The firewall will be in Learning Mode by default for 7 days. I would recommend switching this to Enabled and Protected as soon as possible.

    Let me know how this goes!

    Thanks!

    Thread Starter Better Automations

    (@cdevidal)

    Well the error went away BUT /var/www/html/wp-content/wflogs/rules.php is now 0kb. I hit Manual refresh and it’s still empty.

    Also, I cannot seem to change the firewall from Learning to Enabled and Protected? Save changes and it goes back to Learning Mode.

    Plugin Support WFAdam

    (@wfadam)

    Something must be blocking your site from contacting our noc server. Can you reach out to your Hosting Provider to see if anything might be blocking our noc1.wordfence.com and noc4.wordfence.com servers.

    Let me know what they say!

    Thanks!

    Thread Starter Better Automations

    (@cdevidal)

    These are not pingable, either from my server or my laptop at home. Do I need to instead use cURL to test access?

    Server:

    root@web01.prod.securecoop.com:~# ping -c1 noc1.wordfence.com
    PING noc1.wordfence.com (69.46.36.28) 56(84) bytes of data.
    ^C
    --- noc1.wordfence.com ping statistics ---
    1 packets transmitted, 0 received, 100% packet loss, time 0ms
    
    root@web01.prod.securecoop.com:~# ping -c1 noc4.wordfence.com
    PING noc4.wordfence.com (69.46.36.20) 56(84) bytes of data.
    ^C
    --- noc4.wordfence.com ping statistics ---
    1 packets transmitted, 0 received, 100% packet loss, time 0ms
    
    root@web01.prod.securecoop.com:~#

    Home computer:

    C:\Users\cbdev>ping noc1.wordfence.com
    
    Pinging noc1.wordfence.com [69.46.36.28] with 32 bytes of data:
    Request timed out.
    
    Ping statistics for 69.46.36.28:
        Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
    Control-C
    ^C
    C:\Users\cbdev>ping noc4.wordfence.com
    
    Pinging noc4.wordfence.com [69.46.36.20] with 32 bytes of data:
    Request timed out.
    
    Ping statistics for 69.46.36.20:
        Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
    Control-C
    ^C
    C:\Users\cbdev>
    Plugin Support WFAdam

    (@wfadam)

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    I want to see if the reinstall has changed anything. It’s strange that the connections arent going through.

    Thanks!

    Thread Starter Better Automations

    (@cdevidal)

    Sent.

    Plugin Support WFAdam

    (@wfadam)

    I was not able to locate the diagnostic in our inbox. Could you try to send it again?

    Sorry about the delay as well, I didn’t notice the reply.

    Are you still seeing the same issue?

    Thanks!

    Thread Starter Better Automations

    (@cdevidal)

    Sent diagnostics again. Screenshot saying it was sent successfully, and showing the address it was sent to.

    I would say that yes I am still seeing the same issue; I am no longer getting the error since uninstalling/reinstalling, but the rules.php file is still empty.

    Plugin Support WFAdam

    (@wfadam)

    Hello again @cdevidal and sorry about the late reply.

    Right around the time, you reported this issue, we were in the process of migrating the servers that we use for scans and rules. Are you still having this same issue?

    If so, using FTP or file manager, navigate to your wp-content/wflogs and check your rules.php file. When was it last modified? If it’s still empty, make a backup of the wflogs folder, then delete it. Open any page on your site now in the browser, which should reproduce it.

    Let me know the results!

    Thanks!

    Thread Starter Better Automations

    (@cdevidal)

    Still having the issue.

    root@web01.prod.securecoop.com:/SecureCoop# ls -l /var/www/html/wp-content/wflogs/rules.php
    -rw-rw-r-- 1 www-data www-data 0 Dec 30 17:59 /var/www/html/wp-content/wflogs/rules.php
    root@web01.prod.securecoop.com:/SecureCoop# rm -rf /var/www/html/wp-content/wflogs/
    root@web01.prod.securecoop.com:/SecureCoop# 
    
    Browsed the site...
    
    root@web01.prod.securecoop.com:/SecureCoop# ls -l /var/www/html/wp-content/wflogs/rules.php
    -rw-rw-r-- 1 www-data www-data 0 Feb 11 16:10 /var/www/html/wp-content/wflogs/rules.php
    root@web01.prod.securecoop.com:/SecureCoop#
    edemir206

    (@edemir206)

    Hello,

    I’m facing the exact same issue, if I delete rules.php it is created with 0kb. If I click on manually refresh rules it gives me the error Rule Update Failed.

    I can’t ping your NOC servers too.

Viewing 15 replies - 1 through 15 (of 25 total)
  • You must be logged in to reply to this topic.