• As of 26-1-18 the latest update to wordfence has stopped functioning in any way that is usable, Wordfence should now be lose termed as a security gimmick because as far as working as a firewall, well that simply is not what this plugin does any more.
    The ability to block IP addresses that reach a URL such as wp-admin simply fails to work.
    The ability to stop bruit force password attempts simply no longer functions.
    The ability to stop bad bots spamming the site with bad url requests no longer functions.
    The ability to stop bad bots excessive page view crawling the site no longer functions.
    The ability to block know vulnerable page exploits no longer functions.

    I am not exactly sure what the DEV team were thinking when they chose to implement the latest version 6.3.22 but my advice would be to stay off the crack pipe.
    The previous version was not broken and had quite and easy navigation path for reporting and getting what you needed done.
    Congratulations you broke a good thing.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Wordfence

    (@mmaunder)

    Hi there.

    Blocking IPs that access specific URLs still works. it’s under Advanced Firewall Options on the Firewall Options page. The option name is still Immediately block IPs that access these URLs.

    Brute force protection is still extremely effective in Wordfence. Nothing about that has changed.

    Rate limiting still functions as it always did.

    The firewall still has the best rules in the business to block known and even several zero day exploits.

    The newest version is 7.0.1 and I think that’s what you’re referring to.

    It sounds like you may be having trouble finding things. If you need help or have any constrictive suggestions about how to improve things, we’d love to help you. Please post in the forums.

    Regards,

    Mark Maunder
    Wordfence Founder/CEO

    Its all well and good for you to say we don’t have a problem and everything is working as intended, this does not change what I have observed in the real work.

    As of today 28-1-2018 blocking an IP that accesses a specific URL still is not working on my site. I have tested this with a proxy and different physical location and IP.

    Rate limiting needs tuning calculation of the rate over 1 minute needs to be reduced to a pre determined number of seconds set by the user. Why? because the use of scripts against websites can result in a flood of Url requests in the first minute.
    On my site there were automated attacks that were flooding URL requests at over 250 per minute from one IP address that were not blocked after the last update, This gives the impression the application is not working, is it a bug or a feature? calculating the rate limit over say 20 seconds as an example would be a better option.

    Maybe the latest influx of 1 star reviews might indicate a problem?

    Am I having trouble with the new UI and finding setting etc? absolutely the new UI is absolutely hopeless.
    EG, running a whois inside the same window slows down the work flow quite considerably.
    Previously clicking on the whois in live traffic view and open in new tab would allow you to process many IP from live traffic view in quite a fast seamless operation. Now its click whois wait for 20 seconds for the iframe to load then do what you need block IP etc then go back to the live view wait for it to refresh. Essentially you are doing one thing at a time and it is quite slow increasing the workflow time. When you have several hundred requests to process this makes the whole task excruciatingly painful.

    Version number I quoted was take from your wordpress.org page. I see that has been updated now.

    Thanks for a great application. I do like you application and I will still continue to use it despite the obvious flaws with the UI. why? because it was once a great application.
    How will we fix the issues I am facing? I am glad you asked.
    What I will do from here is remove the application and all related settings and data from my sites and proceed to set up Wordfenc from scratch.

    Maybe when someone says your application is broken maybe a good idea might be not tell them they are wrong and instead ask a few questions to determine the problems and resolution. But hey im not that good at PR so what would I know.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Zero Protection’ is closed to new replies.