JohnP

Thank you for your suggestions Peter, I’ve followed all your advice.

I don’t have access to php.ini, so I’ve requested the host reduces the max_execution_time to 60.

I’m surprised that your recommended Performance setting screenshot shows “Use low resource scanning” unticked. This seems counter-intuative – can you comment?

The site is on a shared host with an “unlimited” account costing less than $10 per month, so I understand why CPU use gets restricted pretty quick. But visitor numbers are seldom more than a thousand per day, so I figure it should be workable. BTW, WooCommerce is also installed.

I will report back after the weekend.

I agree that whitelisting IPs is not an ideal solution, especially now that many people “work from home” ie: all over the place.

When I expand the table row in Live Traffic, the only information in red text is “failed login”. WordFence considers them to be human.

I am new to the site in question, and only just installed WordFence (always one of my top priorities), so the Brute Force and Rate Limiting settings are the default.

I have changed to new, strong passwords for all admin users.

My (new) username has never been blocked, and IP detection is accurate in my case.

I have made a new account for the main Administrator, and she is now able to log in successfully (via a whitelisted IP).

The third Admin was able to log in without being whitelisted, so it seems my immediate issue is sorted.

Thank you very much for your advice Peter.

I’ll mark this as resolved, although any further information would be welcome.

When I rename wp-config, the error persists.

I have a wordfence-waf.php file in the root, but renaming it produces a 500 error, and this PHP error Log:

[29-Apr-2023 22:06:37 UTC] PHP Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0
[29-Apr-2023 22:06:37 UTC] PHP Fatal error: Unknown: Failed opening required ‘/home/intens5/public_html/wordfence-waf.php’ (include_path=’.:/opt/cpanel/ea-php74/root/usr/share/pear’) in Unknown on line 0

With the plugins deactivated, the PHP error log now reads:

[29-Apr-2023 20:38:18 UTC] PHP Fatal error: Uncaught Error: Class 'WP_Theme_JSON_Data' not found in /home/intens5/public_html/wp-includes/class-wp-theme-json-resolver.php:175
Stack trace:

0 /home/intens5/public_html/wp-includes/class-wp-theme-json-resolver.php(563): WP_Theme_JSON_Resolver::get_core_data()

1 /home/intens5/public_html/wp-includes/script-loader.php(3240): WP_Theme_JSON_Resolver::get_merged_data()

2 /home/intens5/public_html/wp-includes/script-loader.php(3436): {closure}()

3 /home/intens5/public_html/wp-includes/class-wp-hook.php(308): {closure}('')

4 /home/intens5/public_html/wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters(NULL, Array)

5 /home/intens5/public_html/wp-includes/plugin.php(517): WP_Hook->do_action(Array)

6 /home/intens5/public_html/wp-settings.php(620): do_action('wp_loaded')

7 /home/intens5/public_html/wp-config.php(82): require_once('/home/intens5/p…')

8 /home/intens5/public_html/wp-load.php(50): require_once('/home/intens5/p…')

9 /home/intens5/public_html/wp-blog-header.php(13): require_once('/home in /home/intens5/public_html/wp-includes/class-wp-theme-json-resolver.php on line 175

Thank you for your prompt response Arnan. My issue is fixed with the 1.8.2 update.

Sorry about the double post, I noticed the thread I jumped on had been marked “resolved” and thought you might not see it.

I’m removing the screenshot of my settings, in case bots learn to read.

You are welcome to try and make a comment on the site in question and see for yourself.

I don’t understand your question “what screen”. The error appears when a non logged-in visitor clicks the button to submit a comment.

The only setting I have checked is “Protect user registration”.

The site has not been modified for a couple of years, so the plugin update is the only change.

Thanks for this t-p

I’ve opened a ticket on the StCR GitHub page