dobby14
Forum Replies Created
-
Hello wfphil,
now I am puzzled. Because – when I tried to login to my admin board (via the secure login provided by the ManageWP dashboard as I always do) it now worked again. So there seems to be no problem after all. But a few days before it was. Very strange.What I’ll do:
I’ll remember your advice in case the problem will occur again.
I’ll wait until the staging plugin bug will be fixed and try to set up a staging site to experiment with the influence of different plugins to the performance of wordfence.
And I hope this will enable me to find out which plugin might cause these confusion.
Thanks for all your efforts!
HelmutHello wfphil,
I talked to the WP Staging plugin developers. They said it’s a bug, and they will try to resolve it.But now I have the same problem as a month before: I just wanted to login to my admin board with the correct password and didn’t succeed. I didn’t change anything in my homepage or in any plugin, didn’t make any change in Wordfence, but I fot the following mail from Wordfence:
This email was sent from your website “Bibelwelt” by the Wordfence plugin at Wednesday 19th of April 2017 at 10:13:35 PM
The Wordfence administrative URL for this site is: https://bibelwelt.de/wp-admin/admin.php?page=Wordfence
A user with username “hs-14_bw-wp” who has administrator access signed in to your WordPress site.
User IP: 2003:dd:fbc1:1f00:6497:68f3:90d:5924
User hostname: p200300DDFBC11F00649768F3090D5924.dip0.t-ipconnect.de
User location: Giessen, GermanyAnd I didn’t even enable any “login security options”.
What can I do to login to my admin board again? Can the makers of Wordfence do something about it?
With sad regards
HelmutThank you for your efforts.
Will you inform me when it is fixed – or will there be an update?Hello wfphil,
I installed WP Staging and tried to create a staging environment for my homepage.But now there is a new problem. The process didn’t succeed, but I got an endless row of (always the same) failure messages which only stopped when I cancelled the whole process:
DB has been cloned successfully
[13-04-2017 15:26:07] Fail: Replacing site url has been failed. DB Error: Table ‘db639225031._qnqpWzxToptions’ doesn’t exist
[13-04-2017 15:26:09] Fail: Replacing site url has been failed. DB Error: Table ‘db639225031._qnqpWzxToptions’ doesn’t exist
[13-04-2017 15:26:11] Fail: Replacing site url has been failed. DB Error: Table ‘db639225031._qnqpWzxToptions’ doesn’t exist
[13-04-2017 15:26:12] Fail: Replacing site url has been failed. DB Error: Table ‘db639225031._qnqpWzxToptions’ doesn’t exist
[13-04-2017 15:26:14] Fail: Replacing site url has been failed. DB Error: Table ‘db639225031._qnqpWzxToptions’ doesn’t exist
[13-04-2017 15:26:17] Fail: Replacing site url has been failed. DB Error: Table ‘db639225031._qnqpWzxToptions’ doesn’t exist
…
and so on… I cancelled the rest.What I don’t understand: There really is no table “_qnqpWzxToptions” in my database, only “qnqpWzxToptions” without the “_”. (I checked it looking into my MySQL database.) Why does WP Staging try to copy a non-existing table?
Hello wfphil,
I’m sorry, but I never made up a clone of my website. The plugin ManageWP allows me to clone my website (based on the backups they store every night), mainly for restoring my website in case of having been hacked or to migrate my website to another server. And then there is a third option:“Create a copy of this site on any server with MySQL database and FTP information.”
Could I now
1. set up a new database and
2. create a new subdomain like test.bibelwelt.de and
3. use the option mentioned above with
4. my existing FTP access code
for cloning my website on my subdomain?Or is there another – may-be easier – way to clone a website?
I ask that precisely because I don’t want to crash anything… 😉
Hello wfphil,
it’s the ManageWp-Worker plugin which I use not only to backup my site but also to login securely to my admin dashboard. But I can’t see how this would have a negative effect to the login process combined with Wordfence.I even contacted ManageWP before I installed Wordfence and they answered: “ManageWP does primarily allow you to manage your websites, and we do have a tool to keep tabs on your website security, it does not prevent possible threats and having plugins such as WordFence is highly recommended. We also recommend that you whitelist all our IP addresses within WordFence settings in order to prevent any interference with our communication to your website.”
As to your question: I disabled these plugins:
Autoptimize / Cache Enabler / Datenbank bereinigen und optimieren.But I am just asking myself: When installing Wordfence – did I make a mistake, so that I couldn’t login to my own backend again? Is there an option which I should not have choosed, a hook that I should not have set?
At first I had asked me, if I should have whitelisted my own IP adress. But obviously that cannot be so, for most users have often changing IP addresses, and so have I. And I’d like to think that Wordfence normally should not lock out someone who tries to login with the correct password.
So are my thoughts…
HelmutHello wfphil,
this is the list of my installed and activated plugins:1&1 WP Assistent | WordPress Setup Wizard | Version 2.1.0 | Von 1&1 Internet SE
Antispam Bee | Version 2.7.0 | Von pluginkollektiv
Autoptimize | Version 2.1.0 | Von Frank Goossens (futtta)
Cache Enabler | Version 1.2.0 | Von KeyCDN
Datenbank bereinigen und optimieren | Version 4.2.1 | Von CAGE Web Design | Rolf van Gelder, Eindhoven, Niederlande
ManageWP – Worker | Version 4.2.16 | Von ManageWP
Scroll to Anchor | Version 0.4.2 | Von Bego Mario Garde
Simple Custom CSS | Version 3.3 | Von John Regan, Danny Van Kooten
SSL Insecure Content Fixer | Version 2.2.3 | Von WebAware
SubHeading | Version 1.8.1 | Von StvWhtly
ThemeZee Toolkit | Version 1.0.5 | Von ThemeZee
Wordfence Security | Version 6.3.5 | Von Wordfence
WP Edit Pro | Version 4.4.2 | Von Josh Lobe
WP Media folder | Version 4.1.1 | Von Joomunited
WP Nav Menu Cache | Version 2.1 | Von oneTarek | Details ansehen
WP Revision List | Version 1.1.5 | Von Pete Nelson (@GunGeekATX)
WP Smush | Version 2.6.2 | Von WPMU DEV
Yoast SEO | Version 4.5 | Von Team YoastThank you for all your efforts!
HelmutHello wfphil,
everything correct except #2, sentence 2: After renaming the Wordfence directory, Wordfence does NOT send emails saying that I, as s user, have logged in.Hello wfphil,
yes, I have installed Wordfence again – but without setting the hook for “Enable login security”.And here is the contents of my htaccess file (but I left out most of the lines which only set 301 redirects from my homepage in a former design to the actual one):
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE image/svg+xml
</IfModule><IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css A2419200
ExpiresByType text/x-component A2419200
ExpiresByType application/x-javascript A2419200
ExpiresByType application/javascript A2419200
ExpiresByType text/javascript A2419200
ExpiresByType text/x-js A2419200
ExpiresByType text/html A3600
ExpiresByType text/richtext A3600
ExpiresByType image/svg+xml A3600
ExpiresByType text/plain A3600
ExpiresByType text/xsd A3600
ExpiresByType text/xsl A3600
ExpiresByType text/xml A3600
ExpiresByType video/asf A2419200
ExpiresByType video/avi A2419200
ExpiresByType image/bmp A2419200
ExpiresByType application/java A2419200
ExpiresByType video/divx A2419200
ExpiresByType application/msword A2419200
ExpiresByType application/vnd.ms-fontobject A2419200
ExpiresByType application/x-msdownload A2419200
ExpiresByType image/gif A2419200
ExpiresByType application/x-gzip A2419200
ExpiresByType image/x-icon A2419200
ExpiresByType image/jpeg A2419200
ExpiresByType application/json A2419200
ExpiresByType application/vnd.ms-access A2419200
ExpiresByType audio/midi A2419200
ExpiresByType video/quicktime A2419200
ExpiresByType audio/mpeg A2419200
ExpiresByType video/mp4 A2419200
ExpiresByType video/mpeg A2419200
ExpiresByType application/vnd.ms-project A2419200
ExpiresByType application/x-font-otf A2419200
ExpiresByType application/vnd.ms-opentype A2419200
ExpiresByType application/vnd.oasis.opendocument.database A2419200
ExpiresByType application/vnd.oasis.opendocument.chart A2419200
ExpiresByType application/vnd.oasis.opendocument.formula A2419200
ExpiresByType application/vnd.oasis.opendocument.graphics A2419200
ExpiresByType application/vnd.oasis.opendocument.presentation A2419200
ExpiresByType application/vnd.oasis.opendocument.spreadsheet A2419200
ExpiresByType application/vnd.oasis.opendocument.text A2419200
ExpiresByType audio/ogg A2419200
ExpiresByType application/pdf A2419200
ExpiresByType image/png A2419200
ExpiresByType application/vnd.ms-powerpoint A2419200
ExpiresByType audio/x-realaudio A2419200
ExpiresByType image/svg+xml A2419200
ExpiresByType application/x-shockwave-flash A2419200
ExpiresByType application/x-tar A2419200
ExpiresByType image/tiff A2419200
ExpiresByType application/x-font-ttf A2419200
ExpiresByType application/vnd.ms-opentype A2419200
ExpiresByType audio/wav A2419200
ExpiresByType audio/wma A2419200
ExpiresByType application/vnd.ms-write A2419200
ExpiresByType application/font-woff A2419200
ExpiresByType application/vnd.ms-excel A2419200
ExpiresByType application/zip A2419200
</IfModule><IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>AddHandler x-mapp-php5.5 .php
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule># END WordPress
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+?)/+$ http://%{HTTP_HOST}/$1 [R=301,L]RewriteEngine on
Redirect 301 /category/interreligion/ https://bibelwelt.de/category/interreligioeser-dialog/
Redirect 301 /category/religion/ https://bibelwelt.de/category/religion-und-weltanschauung/
Redirect 301 /html/77mal.html https://bibelwelt.de/70-mal-7-mal-vergeben/
…
[further Redirects 301]
…
Redirect 301 /html/body_index.html https://bibelwelt.de/# Wordfence WAF
<Files “.user.ini”>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files># END Wordfence WAF
Hello wfphil,
the grandchildren had a nice day with us and are at home with their parents again.#your question: I didn’t then even receive the Standard WordPress login error, because my password was OK. They just showed me the login window once more to login again.
Then we deleted all wf-files in the mysql-database, and immediately, I could login into my backend again.
And the login goes on working – but, as I said, I didn’t yet “Enable login security” as an option in Wordfence.
I got the email before I disabled wordfence, not when I had renamed it.
But now I will go to rest – tomorrow very early two of our grandchildren will need our baby sitting…
So good night for today
HelmutHello wfphil,
a friend who has some IT experience just helped me (in a two hours teamviewer session) to get into my backend again. The solution was: not only rename the wordfence-plugin folder, but also the wflogs folder with filezilla, and then delete all entries of wordfence in the mysql-database.BUT: I don’t dare to ENABLE LOGIN SECURITY in Wordfence again, because I don’t know why my own login with the accurate password was not accepted. As I have no static IP adress, there is no usw of putting my IP adress onto the whitelist. Do you have any idea, why wordfence had locked myself out?
Best regards, Helmut
Hello wfphil,
I just re-re-named the Wordfence plugin and tried again to login to my backend and instantly received an e-mail: “[Wordfence Alert] bibelwelt.de Admin Login” with following content:This email was sent from your website “Bibelwelt” by the Wordfence plugin at Wednesday 22nd of March 2017 at 10:33:30 AM
The Wordfence administrative URL for this site is: https://bibelwelt.de/wp-admin/admin.php?page=Wordfence
A user with username “hs-14_bw-wp” who has administrator access signed in to your WordPress site.
User IP: 2003:dd:fbc3:4800:a00b:6c53:9687:c921
User hostname: p200300DDFBC34800A00B6C539687C921.dip0.t-ipconnect.de
User location: Giessen, GermanyI get no Wordfence message on my admin login page, but why should wordfence react with such an e-mail if it is not wordfence locking me out?
I definitely use no other plugins with login restrictions.
When I activated wordfence I did not put my own IP adress on the whitelist, and I suppose that is the reason why I am locked out. But renaming wordfence doesn’t solve my problem; I remain locked out, only the e-mail message above then doesn’t come.
Hello tclaffy,
thank you for answering. But I’m not so fit with doing things in the database. So I don’t really know, what I should do with “wp_wfblocks”. And I only assume that I would find the _wf tables in my SQL database (with PHPMyAdmin)? But I fear, messing around with the database could end in an new catastrophe… 😉
Or can you make clear what I should do to a German “wordpress layman” who has some difficulties with special English vocabulary, too?