Jim
Forum Replies Created
-
OK. I tried to use Health Check & Troubleshooting’s troubleshooting mode, but of course when I log out the troubleshooting environment is gone.
So I took a chance and just tried deactivating Wordfence first. Bingo! I could log in through the widget without the verification challenge.
OK, thanks. I managed to write a plugin that does it, though with a few minor quirks. It makes a custom post type with custom capabilities, then creates a user role and assigns the capabilities to the user.
I give up! After everything we did, and the the hosting support ‘whitelisted’ that security rule that was supposedly causing the blocking, I still got blocked, and when that happens my email doesn’t work either. I finally ditched Cloudflare entirely, and reset the domain to point to my hosting nameservers. The website may be slightly slower (or not), but at least it works smoothly. So far.
OK, I did on Cloudflare both a Firewall Rule and an IP Rule to allow my servers IP (no idea what the difference is between them).
That already had a good effect because a DNS change I had to make in cPanel wasn’t populating in Cloudflare. After whitelisting it showed up immediately.
However, the Diagnostics on IP Detection Method still show that CF-Connecting-IP is Configured but not valid. Guess we’ll see what happens.
Thanks for all your awesome help!
Yes, I am using Cloudflare.
My IP as shown on such internet sites shows correctly in that Wordfence section. Every one of those 5 settings shows the same correct IP, I even tried saving each setting to make sure.
I was using the CF-Connecting-IP setting. But I noticed in that diagnostic report:
REMOTE_ADDR <shows my correct IP> In use
CF-Connecting-IP (not set) Configured but not validSo not sure what’s going on there.
OK, just sent it. Thanks!
Thanks @wfadam. But before you invest any more time in this, let me tell you that I was just locked out again, and I had not renamed the plugin back to the correct name. So maybe they are incorrect in blaming Wordfence. I have let them know this so we’ll see what they say.
I also saw that Google IP address in a header of a Wordfence email. Very strange:
X-Php-Filename: /. . . /public_html/wp-admin/admin-ajax.php REMOTE_ADDR: 35.209.36.66Yes, everything Wordfence is working awesomely. Many thanks!
Yes, that code is in .htaccess with the correct path. In addition, there is this after it:
<Files ".user.ini"> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> </Files>I wonder what the reference to .user.ini is about. There is such a file, with
auto_prepend_file = '/home/forestpa/public_html/wordfence-waf.php'
I’m not sure if that is left from my attempt at using Apache+mod_php, or it should still be there.Thanks!
Except Wordfence is reporting in the plugin that
Your ‘How does Wordfence get IPs’ setting is misconfigured. This site is currently using the Cloudflare “CF-Connecting-IP” HTTP header, which should only be used when the site is behind Cloudflare. For maximum security use PHP’s built in REMOTE_ADDR. Click here to use the recommended setting or visit the options page to manually update it.
But the site is “behind” Cloudflare.
Edit: Nevermind, I guess I just had to dismiss that warning.
- This reply was modified 5 years, 8 months ago by Jim.
Thank you, that setting seems to work perfectly, assuming eveyone is going through Cloudflare now as I am. I’ve let it run for about an hour, watching Live Traffic. All the IPs are there and it doesn’t seem people are getting blocked.
Thank you!
Forum: Themes and Templates
In reply to: [GeneratePress] Google fonts slowing load time?Thanks. Just FYI, I did ask SiteGround. They have a setting in their SG Optimizer for browser-specific caching, but that could cache dozens of copies of a page. Nothing for just mobile vs. desktop.
Forum: Themes and Templates
In reply to: [GeneratePress] Google fonts slowing load time?I’m baaaack! I discovered a funny problem with this strategy of using system fonts on mobile and google fonts on desktop.
I was puzzled that when repeatedly using PageSpeed Insights, the mobile output, on various pages sometimes google fonts were downloaded and sometimes they weren’t.
I think I found the problem in comments to this nice post:
https://jamesc.id.au/2013/05/mobile-detection-wordpress-wp_is_mobile/
Caching on the server – mobile user may be served a cached page intended for desktop (and I assume vice versa).Any magical ideas for getting around that? 😉
Forum: Themes and Templates
In reply to: [GeneratePress] Google fonts slowing load time?That works! And leaving the customizer body section set to system stack. Now I only download google font on desktop. Thank you!
One minor thing. When I go to that URL:
https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C700&subset=latin%2Clatin-extI see just the desired family, weights, and styles, but I see all the cyrillic and vietnamese etc. in addition to the latin. I don’t understand the use of the codes for certain characters there (assume it’s because it’s in php), but does the ampersand before the word “subset” also need to be converted, like to %amp or something?
Again, minor, as I don’t think it really affects speed.
EDIT: Hmm, even following Google’s example for getting a subset, I get all of them:
To request the Greek subset of the Roboto Mono font, the URL would be:
https://fonts.googleapis.com/css?family=Roboto+Mono&subset=greekEDIT 2: Apparently it’s more complicated than that, and all is working as it should. Thanks for the awesome help!