The last rules update for the Wordfence Web Application Firewall was unsuccessfu

Better Automations
(@cdevidal)

5 years, 2 months ago

Please help? I’m getting the following error:
The last rules update for the Wordfence Web Application Firewall was unsuccessful. The last successful update check was November 11, 2020 3:11 pm, so this site may be missing new rules added since then. You may wait for the next automatic attempt at December 15, 2020 12:58 pm or try to Manually Update by clicking the “Manually Refresh Rules” button below the Rules list.

When I try to manually refresh, I get the following error: “No rules were updated. Your website has reached the maximum number of rule update requests. Please try again later.” I waited until after the next update check and it is still failing.

I have read through this entire thread and taken every action:
https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu/

* Confirmed user/group match diagnostics Process Owner
* All Diagnostics have green checkmarks
* Confirmed 664 on /var/www/html/wp-content/wflogs/rules.php
* Confirmed 775 on /var/www/html/wp-content/wflogs/
* Deactivated/reactivated the plugin
* Deleted/re-enabled .htaccess
* Ensured correct permissions on .htaccess
* Disabled Apache ModSecurity
* Disabled WordPress Sucuri plugin
* Ensured I am at the latest version (7.4.14)
* Deleted the rules.php file and allowed it to re-create. It only created a 0kb file with today’s date so I restored the November 11th version.
* My web server can reach the WFWAF_API_URL_SEC server and page found in init.php. See output below.
* No curl_exec setting in php.ini
* Restored defaults (no good, so I reverted my saved options)
* php-fpm not installed
* Diagnostics connectivity is good, as is every other diagnostic green checkmark
* Waited for the Dec 15th deadline to pass and tried again

root@web01.prod.securecoop.com:/SecureCoop# grep WFWAF_API_URL_SEC /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/init.php
define(‘WFWAF_API_URL_SEC’, ‘https://noc4.wordfence.com/v1.9/’);
root@web01.prod.securecoop.com:/SecureCoop# curl -o- https://noc4.wordfence.com/v1.9/
{“success”:false,”errorMessage”:”Invalid action supplied.”}root@web01.prod.securecoop.com:/SecureCoop#

The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 26 total)

1 2 →

Plugin Support WFAdam
(@wfadam)

5 years, 2 months ago

Hello @cdevidal and thanks for reaching out to us!

Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

Thanks!

Thread Starter Better Automations
(@cdevidal)

5 years, 2 months ago

Done, thank you.

Plugin Support WFAdam
(@wfadam)

5 years, 2 months ago

Thanks for sending that @cdevidal

It looks like they are updating correctly according to the diagnostic.

This might be a false error. To check, using FTP or file manager, navigate to your wp-content/wflogs and check your rules.php file. When was it last modified?

Thanks!

Thread Starter Better Automations
(@cdevidal)

5 years, 2 months ago

root@web01.prod.securecoop.com:/SecureCoop# ls -l /var/www/html/wp-content/wflogs/rules.php
-rw-rw-r– 1 www-data www-data 345865 Nov 11 15:11 /var/www/html/wp-content/wflogs/rules.php
root@web01.prod.securecoop.com:/SecureCoop#

FYI in my comments above, “Deleted the rules.php file and allowed it to re-create. It only created a 0kb file with today’s date so I restored the November 11th version.”

Plugin Support WFAdam
(@wfadam)

5 years, 1 month ago

That is strange it’s populating with no data.

A complete re-install of Wordfence might be a good step. It’s always best to make a backup of the site and database before installing/removing plugins, just to be safe.

Additionally, you can backup your Wordfence settings via the Export option. Navigate to Wordfence > Tools > Import/Export Options and click Export. You can also take note of the current Whitelisted URLs you have in Wordfence > Firewall > All Firewall Options > Whitelisted URLs as these are NOT included in the Import/Export, and will be lost during the re-install.
Here is what is exported: https://www.wordfence.com/help/tools/import-export/
During the export, you will be given a long string of text. Keep this safe, you’ll need it in a few minutes.

After that, enable the option to Delete Wordfence tables and data on deactivation in All Options > General Wordfence Options. You will want to remember to disable this after you reinstall Wordfence again.

After you enable that option, you can deactivate Wordfence from the Plugins area of your site, then delete it. Next, from the plugins area, search for and re-install Wordfence like normal.

It will be like setting Wordfence up for the first time. You will need to enter an email address, and then go into Tools > Import/Export Options and paste that string of text into the Import Wordfence Options field and click the button there.

The firewall will be in Learning Mode by default for 7 days. I would recommend switching this to Enabled and Protected as soon as possible.

Let me know how this goes!

Thanks!

Thread Starter Better Automations
(@cdevidal)

5 years, 1 month ago

Well the error went away BUT /var/www/html/wp-content/wflogs/rules.php is now 0kb. I hit Manual refresh and it’s still empty.

Also, I cannot seem to change the firewall from Learning to Enabled and Protected? Save changes and it goes back to Learning Mode.

Plugin Support WFAdam
(@wfadam)

5 years, 1 month ago

Something must be blocking your site from contacting our noc server. Can you reach out to your Hosting Provider to see if anything might be blocking our noc1.wordfence.com and noc4.wordfence.com servers.

Let me know what they say!

Thanks!
Thread Starter Better Automations
(@cdevidal)

5 years, 1 month ago
These are not pingable, either from my server or my laptop at home. Do I need to instead use cURL to test access?

Server:
```
root@web01.prod.securecoop.com:~# ping -c1 noc1.wordfence.com
PING noc1.wordfence.com (69.46.36.28) 56(84) bytes of data.
^C
--- noc1.wordfence.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

root@web01.prod.securecoop.com:~# ping -c1 noc4.wordfence.com
PING noc4.wordfence.com (69.46.36.20) 56(84) bytes of data.
^C
--- noc4.wordfence.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

root@web01.prod.securecoop.com:~#
```
Home computer:
```
C:\Users\cbdev>ping noc1.wordfence.com

Pinging noc1.wordfence.com [69.46.36.28] with 32 bytes of data:
Request timed out.

Ping statistics for 69.46.36.28:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
Control-C
^C
C:\Users\cbdev>ping noc4.wordfence.com

Pinging noc4.wordfence.com [69.46.36.20] with 32 bytes of data:
Request timed out.

Ping statistics for 69.46.36.20:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
Control-C
^C
C:\Users\cbdev>
```
Plugin Support WFAdam
(@wfadam)

5 years, 1 month ago

Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

I want to see if the reinstall has changed anything. It’s strange that the connections arent going through.

Thanks!

Thread Starter Better Automations
(@cdevidal)

5 years, 1 month ago

Sent.

Plugin Support WFAdam
(@wfadam)

5 years, 1 month ago

I was not able to locate the diagnostic in our inbox. Could you try to send it again?

Sorry about the delay as well, I didn’t notice the reply.

Are you still seeing the same issue?

Thanks!

Thread Starter Better Automations
(@cdevidal)

5 years ago

Sent diagnostics again. Screenshot saying it was sent successfully, and showing the address it was sent to.

I would say that yes I am still seeing the same issue; I am no longer getting the error since uninstalling/reinstalling, but the rules.php file is still empty.

Plugin Support WFAdam
(@wfadam)

5 years ago

Hello again @cdevidal and sorry about the late reply.

Right around the time, you reported this issue, we were in the process of migrating the servers that we use for scans and rules. Are you still having this same issue?

If so, using FTP or file manager, navigate to your wp-content/wflogs and check your rules.php file. When was it last modified? If it’s still empty, make a backup of the wflogs folder, then delete it. Open any page on your site now in the browser, which should reproduce it.

Let me know the results!

Thanks!
Thread Starter Better Automations
(@cdevidal)

5 years ago
Still having the issue.
```
root@web01.prod.securecoop.com:/SecureCoop# ls -l /var/www/html/wp-content/wflogs/rules.php
-rw-rw-r-- 1 www-data www-data 0 Dec 30 17:59 /var/www/html/wp-content/wflogs/rules.php
root@web01.prod.securecoop.com:/SecureCoop# rm -rf /var/www/html/wp-content/wflogs/
root@web01.prod.securecoop.com:/SecureCoop# 

Browsed the site...

root@web01.prod.securecoop.com:/SecureCoop# ls -l /var/www/html/wp-content/wflogs/rules.php
-rw-rw-r-- 1 www-data www-data 0 Feb 11 16:10 /var/www/html/wp-content/wflogs/rules.php
root@web01.prod.securecoop.com:/SecureCoop#
```
- This reply was modified 5 years ago by Better Automations.
edemir206
(@edemir206)

4 years, 11 months ago

Hello,

I’m facing the exact same issue, if I delete rules.php it is created with 0kb. If I click on manually refresh rules it gives me the error Rule Update Failed.

I can’t ping your NOC servers too.

Viewing 15 replies - 1 through 15 (of 26 total)

1 2 →

The topic ‘The last rules update for the Wordfence Web Application Firewall was unsuccessfu’ is closed to new replies.