Title: zzzaaabbb's Replies | WordPress.org --- # zzzaaabbb [ ](https://wordpress.org/support/users/finlanderid/) * [Profile](https://wordpress.org/support/users/finlanderid/) * [Topics Started](https://wordpress.org/support/users/finlanderid/topics/) * [Replies Created](https://wordpress.org/support/users/finlanderid/replies/) * [Reviews Written](https://wordpress.org/support/users/finlanderid/reviews/) * [Topics Replied To](https://wordpress.org/support/users/finlanderid/replied-to/) * [Engagements](https://wordpress.org/support/users/finlanderid/engagements/) * [Favorites](https://wordpress.org/support/users/finlanderid/favorites/) Search replies: ## Forum Replies Created Viewing 13 replies - 1 through 13 (of 13 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Jetpack - WP Security, Backup, Speed, & Growth] Deactivate automatic plugin updates](https://wordpress.org/support/topic/deactivate-automatic-plugin-updates/) * [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [8 years, 10 months ago](https://wordpress.org/support/topic/deactivate-automatic-plugin-updates/#post-9295782) * re: the setting at wordpress.com showing as “disabled” .. * That might be misleading, that it shows or showed as disabled. On my wordpress. com dashboard, it also showed as disabled, per plugin, but on hover it said something about connection was not being allowed. And, the area at the top for enabling all the plugins, in bulk, to have auto-updates was greyed-out. Together, those two symptoms indicated something else interfering with those controls. * _Then_, I noticed in Debug (on site Jetpack admin) that I did not have a clean connection to Jetpack. One of the tests was not passing re: the site being connected to Jetpack at wordpress.com. That may have been caused by the major Jetpack upgrade. That would explain the odd appearance and behavior of the controls at wordpress. com for the plugins’ auto-update slider (and not being able to move it back and forth). * _So_, I disconnected and reestablished the primary Jetpack connection to the site, and that error was resolved. Now, on wordpress.com, each plug-in has a normal-looking On/Off slider with the label Active. * _In other words_, prior to fixing the “Jetpack connection” to the site, the fact that the plugins showed as Disabled on wordpress.com may have been meaningless. The ACTIVE setting (reflected on your site and stored at wordpress.com) may have been controlling, causing your updates. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Jetpack - WP Security, Backup, Speed, & Growth] Deactivate automatic plugin updates](https://wordpress.org/support/topic/deactivate-automatic-plugin-updates/) * [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [8 years, 10 months ago](https://wordpress.org/support/topic/deactivate-automatic-plugin-updates/#post-9295482) * [@jjbte](https://wordpress.org/support/users/jjbte/), * Perfect. Great work! * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Jetpack - WP Security, Backup, Speed, & Growth] Deactivate automatic plugin updates](https://wordpress.org/support/topic/deactivate-automatic-plugin-updates/) * [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [8 years, 10 months ago](https://wordpress.org/support/topic/deactivate-automatic-plugin-updates/#post-9293309) * [@jjbte](https://wordpress.org/support/users/jjbte/) * Same thing happened to me. Highly aggravating. I thought that there might be a switch in the database for it but could not locate it. Is the setting only stored at wordpress.com? * See images below for the reason that I cannot turn it OFF at wordpress.com. * This needs to be fixed. We cannot operate our sites if we cannot turn this OFF.( Fixed means that we need to be able to revert it back to OFF, not a “workaround” fix.) * Thank you. * In site admin on the domain: * ![site-admin](https://i0.wp.com/s15.postimg.org/z3hauw323/site-admin.png?ssl= 1) * In wordpress.com jetpack dashboard for plugin management: * ![wordpress.com-admin](https://i0.wp.com/s13.postimg.org/ce7zi1g93/wordpress. com-admin.png?ssl=1) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Wordfence has blocked Cloudflare IP address](https://wordpress.org/support/topic/wordfence-has-blocked-cloudflare-ip-address/) * [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [8 years, 10 months ago](https://wordpress.org/support/topic/wordfence-has-blocked-cloudflare-ip-address/page/2/#post-9288255) * Great work, [@sohrabrika](https://wordpress.org/support/users/sohrabrika/)! Thank you for compiling the list of Cloudflare IP ranges. * I would use a “comma” or a “new line” _but not both_. Using both might interfere with parsing correctly. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Wordfence has blocked Cloudflare IP address](https://wordpress.org/support/topic/wordfence-has-blocked-cloudflare-ip-address/) * [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [8 years, 10 months ago](https://wordpress.org/support/topic/wordfence-has-blocked-cloudflare-ip-address/page/2/#post-9288220) * Thanks for clarification, [@wfalaa](https://wordpress.org/support/users/wfalaa/)! Understood. * My site is now working fine with Cloudflare IPs. Thank you for your help. * Here is a summary of possible solutions discussed in this thread: - mod_cloudflare on Apache server (**_if_** your hosting company supports/allows it) - Cloudflare plug-in for WordPress - WF option “How does Wordfence get IPs” — set to Use CF “CF-Connecting-IP” (** _if_** Cloudflare is sending that header) - WF option “trusted proxies” list (**_if_** “X-Forwarded-For” header contains both CF and remote visitor IP) - WF option “Whitelisted IP addresses that bypass all rules” (using range multi- brackets such as in list provided by [@sohrabrika](https://wordpress.org/support/users/sohrabrika/)) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] .htaccess modified?](https://wordpress.org/support/topic/htaccess-modified/) * Thread Starter [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [8 years, 10 months ago](https://wordpress.org/support/topic/htaccess-modified/#post-9285035) * Thank you for clarification! * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Wordfence has blocked Cloudflare IP address](https://wordpress.org/support/topic/wordfence-has-blocked-cloudflare-ip-address/) * [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [8 years, 10 months ago](https://wordpress.org/support/topic/wordfence-has-blocked-cloudflare-ip-address/#post-9285009) * Thanks for your reply. * I actually _did_ go ahead and use the trusted proxies section, so that millions of Cloudflare IPs would be ignored in the “X-Forwarded-For” header. * ![trusted-proxies](https://i0.wp.com/s16.postimg.org/gn1tm92wl/trusted-proxies. png?ssl=1) * The trusted proxies option allows CIDR, so that a single CIDR range (104.16.0.0/ 12) that covers 1 million+ IPs can easily be handled. (But I see that doing so may not be necessary, because the IP in that header is the visitor IP, not Cloudflare’s IP. It would only _potentially_ be necessary if the IP in that header is Cloudflare’s IP.) * Here is the image of the section that you requested: * ![wordfence diagnostics IPs](https://i0.wp.com/s22.postimg.org/4uog9fzox/wordfence- ip-diags.png?ssl=1) * Re: my other question: * I was primarily referring to syntax, for being able to input all of Cloudflare’s IPs in the WF option “Whitelisted IP addresses that bypass all rules.” * It would not be feasible to input Cloudflare’s IPs in that section, _**unless** this works_: * 104.[16-31].[0-255].[0-255] * If that ^^ does not work in WF, then you would have to do this: * 104.16.0.[0-255] ..etc ..etc 104.16.255.[0-255] 104.17.0.[0-255] ..etc ..etc 104.17.255.[0-255] ..etc ..etc * ..which is not feasible for the average person to input. It would be 4096 lines. * ![bracket-ranges](https://i0.wp.com/s21.postimg.org/lm1lr4r6v/bracket-ranges. png?ssl=1) * So, all this started with wondering how to get Cloudflare’s IPs input to the WF option “Whitelisted IP addresses that bypass all rules.” * I saw that WF does allow that type of [grouping of range brackets in IPv6](https://docs.wordfence.com/en/Wordfence_options#Whitelisted_IP_addresses_that_bypass_all_rules), in order to identify larger ranges, so if WF also allows grouping of range brackets for IPv4, i.e., 104.[16-31].[0-255].[0-255], _then it would be possible to get all of Cloudflare’s IP addresses into_ “Whitelisted IP addresses that bypass all rules”? * ![cidr-to-ip-range](https://i0.wp.com/s24.postimg.org/5q3zmweh1/cidr-to-ip-range. png?ssl=1) * **Summary:** * This quest initially started with simply wanting to whitelist Cloudflare’s IPs. Then, I saw that there might be a syntax problem with getting millions of Cloudflare’s IPs input into the WF whitelist option. After that, I saw that I could use Cloudflare’s CIDR range in trusted proxies, but it appears that it’s not needed there, because the “X-Forwarded-For” header is using the visitor’s IP, not Cloudflare’s IP. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Really Simple CAPTCHA] PHP Warnings: stat(), unlink(), chmod()](https://wordpress.org/support/topic/php-warnings-stat-unlink-chmod/) * [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [8 years, 10 months ago](https://wordpress.org/support/topic/php-warnings-stat-unlink-chmod/#post-9281026) * Thanks for your post, [@howdy_mcgee](https://wordpress.org/support/users/howdy_mcgee/). I am having the exact same problem. * It might be related to browser caching. When the Warnings are throwing on a page access or soft page refresh, if I do a CTRL+F5 (full/hard refresh), then the Warnings do not throw. You can test browser-caching settings in the various places that it might be enabled, such as your caching plug-in or Cloudflare’s config. * function generate_image is what triggers the function cleanup (where these calls are made). That should only happen when a page with captcha is loaded, so I am confused about why the Warnings are throwing on blog post pages, and not on the Contact Form page, because I don’t have the captcha module installed on blog post pages .. * Possibly unrelated, but in the past I have had similar trouble with Cloudflare’s Auto Minify feature. I am going to turn it off and wait and test. * Author: any clues here? - This reply was modified 8 years, 10 months ago by [zzzaaabbb](https://wordpress.org/support/users/finlanderid/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] .htaccess modified?](https://wordpress.org/support/topic/htaccess-modified/) * Thread Starter [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [8 years, 10 months ago](https://wordpress.org/support/topic/htaccess-modified/#post-9280328) * Thanks for your reply. * Correct, I manually added the prepend line to my php.ini. The automated process could not find the site-specific php.ini, because it is one directory up from‘ public’ and in a directory called conf. * Correct, the admin interface did not do it for me, and, yes, I am looking at . htaccess in public root. * Presumably, no alteration to .htaccess is needed (none was made), when prepend line is added manually to php.ini? That was my guess, and my original post was to confirm that suspicion, if true. * But if public root .htaccess should have been modified under those conditions, please let me know if should do it manually. Again, though, things seem to be working fine. - This reply was modified 8 years, 10 months ago by [zzzaaabbb](https://wordpress.org/support/users/finlanderid/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Wordfence has blocked Cloudflare IP address](https://wordpress.org/support/topic/wordfence-has-blocked-cloudflare-ip-address/) * [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [8 years, 10 months ago](https://wordpress.org/support/topic/wordfence-has-blocked-cloudflare-ip-address/#post-9279393) * > So, I don’t know, but is this syntax possible to represent a range: 104.[16- > 31].[0-255].[0-255] ?? * Or maybe the correct method for whitelisting Cloudflare IPs is to use the “** trusted proxies**” section of WF Options, rather than the whitelist section in WF Options? * CIDRs are allowed in the “trusted proxies” section, so the [list of Cloudflare CIDR IPs](https://www.cloudflare.com/ips/) could simply be copied and pasted? * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Wordfence has blocked Cloudflare IP address](https://wordpress.org/support/topic/wordfence-has-blocked-cloudflare-ip-address/) * [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [8 years, 10 months ago](https://wordpress.org/support/topic/wordfence-has-blocked-cloudflare-ip-address/#post-9279350) * [@wfalaa](https://wordpress.org/support/users/wfalaa/) * Please describe if it is possible to whitelist Cloudflare’s IP ranges, when at least one of the ranges is this in CIDR: 104.16.0.0/12 * That is over one million IP addresses (1,048,576 to be exact), that go from 104.16.0.0 to 104.31.255.255 * So, I don’t know, but is this syntax possible to represent a range: 104.[16-31].[ 0-255].[0-255] ?? * I am just guessing at that. Is that a real way of writing a range, to conform to Wordfence range syntax. If not, then it would not be feasible to whitelist Cloudflare’s IPs. - This reply was modified 8 years, 10 months ago by [zzzaaabbb](https://wordpress.org/support/users/finlanderid/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Featured Video Plus] Inconsistent with WP Super Cache](https://wordpress.org/support/topic/inconsistent-with-wp-super-cache/) * Thread Starter [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [10 years, 7 months ago](https://wordpress.org/support/topic/inconsistent-with-wp-super-cache/#post-6599185) * From your response, what it ‘sounds like’ is either choosing to not use the caching plug-in or to not use your plug-in. * Constantly clearing the cache removes the caching functionality from the site. And caching plug-in authors don’t build for every plug-in to work with the caching plug-in. It’s the other way around, and you know that, chief. Fair enough. Use one or the other. That’s essentially your response, but it falls far short of being a resolution. * Instead of admitting that your plug-in is effectively unusable with WP Super Cache, you probably should have just ignored my original post. No one wants to receive a response that essentially says, “too bad, tough luck.” * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Featured Video Plus] Video Not Playing For users](https://wordpress.org/support/topic/video-not-playing-for-users/) * [zzzaaabbb](https://wordpress.org/support/users/finlanderid/) * (@finlanderid) * [10 years, 7 months ago](https://wordpress.org/support/topic/video-not-playing-for-users/#post-6593489) * I am experiencing same issue with logged in vs. not logged in. I also thought WP Super Cache might be involved in the problem. When not logged in, video appears inconsistently, from post to post and page type to page type. When logged in, video appears everywhere. * WP Super Cache does not serve cached pages to logged-in visitors, per a setting, so I bet the problem has to do with caching. * [https://wordpress.org/support/topic/inconsistent-with-wp-super-cache](https://wordpress.org/support/topic/inconsistent-with-wp-super-cache) Viewing 13 replies - 1 through 13 (of 13 total)