Mark Maunder
Forum Replies Created
-
Me too. In fact we really wanted to add this feature when we first created Wordfence.
But the problem is that one of your customers or you might accidentally mistype your password, and then it gets sent via email as an alert. A hacker might realize what you meant to type if they see that email and gain access to your account.
So we chose to not implement this for security sake.
Regards,
Mark.
Hi Eddie,
Post the URL of your site and which usernames you’re locking out. I’ll try to sign-in and let you know if I’m immediately locked out. Or just try it yourself by launching Chrome in incognito mode, or using a TOR browser.
Regards,
Mark.
Just to clarify: I meant you have WordPress debugging mode enabled, not Wordfence. You can find it in your wp-config.php:
define(‘WP_DEBUG’, true);
That’s great news!
Hi,
Please try enabling the option on your Wordfence options page at the bottom to start all scans remotely. This may solve the issue.
Regards,
Mark.
Hi,
Wordfence does not change permissions on your WordPress files.
We only change permissions on our own cache files. There is no function or option to change permissions on files outside Wordfence’s own cache directory, so I think something else did this.
Please ask your hosting provider because they may have an automated job that did this.
Regards,
Mark.
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Blocked IPsHi all,
The reason you may not be seeing blocked IP’s in your list of blocked IP’s is because the list grew too large. Please check your web browser’s javascript error console when you try to load that page for any kind of out-of-memory or overflow error. Let me know what you see. I’ll check back tomorrow.
Regards,
Mark.
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Fatal ErrorHi,
Is it possible that your web server is out of disk space? This seems to be a partial upgrade that didn’t complete.
Regards,
Mark.
Looks like you have debugging enabled on your site which you probably want to disable on a production site.
You can try changing this option to the “REMOTE_ADDR” option if you’re not using Cloudflare:
How does Wordfence get IPs:
You can find this on your Wordfence options page. This may get rid of that error.
Regards,
Mark.
Duplicate. Marking resolved.
Thanks for the feedback. We’ll consider an option that lets you disable those notifications.
Regards,
Mark.
Correct. You won’t get any email from us if you only install Wordfence. If you’d like to upgrade to premium you can visit http://www.wordfence.com and sign up there for an account to get a premium API key.
Regards,
Mark.
Hi,
For future ref, we have an article on our help site on how to address this:
The error you’re seeing indicates that one of Wordfence’s files are missing. This may have been a temporary glitch during an upgrade. e.g. Someone hits your site while Wordfence is being upgraded and this error is generated. If you see it repeatedly, post here to let us know.
Regards,
Mark.
Hi All,
A few comments. Please DO NOT follow the advice in that Sucuri blog entry. They’re telling you to add a hostname to your .htaccess file in the form of :
“Allow from example.com”
The reason you don’t want to do that is because anything that accesses your login URL will cause your web server to do a forward AND reverse DNS lookup which can take a very long time. This occupies an apache thread or child process completely until it’s complete. If you are experiencing a distributed attack where several IP’s are simultaneously hitting your login URL, it will make your site unavailable as each apache child/process is doing a forward and reverse lookup.
From the apache documentation:
“This configuration will cause Apache httpd to perform a double DNS lookup on the client IP address, regardless of the setting of the HostnameLookups directive. It will do a reverse DNS lookup on the IP address to find the associated hostname, and then do a forward lookup on the hostname to assure that it matches the original IP address. Only if the forward and reverse DNS are consistent and the hostname matches will access be allowed.”
http://httpd.apache.org/docs/current/mod/mod_access_compat.html#allow
I also don’t recommend allowing from a specific IP address because your IP will inevitably change and you’ll be locked out. However, as another poster confirmed, if you don’t mind FTP’ing into your site and changing that IP address to your new IP address (and you know how to do this) then this method will work OK.
If you’re under a severe brute force attack my best advice is the following:
Enable Falcon Engine which will speed up your website and cause Wordfence to block IP’s in your .htaccess file. This is very fast and causes any attacker to consume very little resources.
Next, set your login limits to lock out anyone after 5 failures and to count failures over 1 hour. This will very effectively keep brute force attackers out of your site.
Also make sure you have the Wordfence security network enabled. This will instantly lock out IP’s participating in a distributed brute force attack.
Regards,
Mark.
Thanks for the report. We have found and fixed this issue and it will be released in the next version of Wordfence.
To be clear, the issue you reported is that Wordfence did not specify the file that contains malicious code in the email alert. This has been fixed and will be released in Wordfence 5.1.6.
Regards,
Mark.