Mark Maunder
Forum Replies Created
-
Hi,
Can you tell me what exactly they’re seeing? If it is Wordfence blocking them, then you’ll see a page that contains a red message saying why they’ve been blocked.
Do you have Falcon enabled?
Regards,
Mark.
Hi,
Unfortunately you appear to be running IPv6 which Wordfence does not yet support.
Regards,
Mark.
Hi Sheila,
Glad to have you as a user!
APC is what is known as an opcode cache. That means that instead of PHP having to compile the code into machine instructions every time someone visits your site, APC stores that compiled code to save PHP having to do the compilation every time. So it’s very different to what Falcon does which is a “page cache”.
Falcon stores the “rendered” version of your page which is what gets sent to the visitor so that your site does not have to generate it every time. Falcon is designed so that when a cached page is served, your site doesn’t execute any PHP at all – the web server just serves the cached page directly from disk without even executing PHP. So Falcon can make your site even faster than APC can because we save you from executing any PHP at all – rather than making PHP execute faster which is what APC does.
Hope that makes sense.
Now, regarding optimal settings. This really depends on how your site is used. I would start with very generous settings – particularly in the login security area (20 failures before lockout) and the Firewall Rules area (set everything to Unlimited to start unless you’re solving a specific problem).
Let me know if I can help further. We’re always happy to gain another user, so welcome to the family.
Regards,
Mark.
Anyone else having this problem? I’ll investigate it on our end and see if I can find a cause.
Thanks for the data @bcr8tive!
Regards,
Mark.
What @jrf said. Sorry to hear about this and post a reply here if you think we can help further.
Regards,
Mark.
WooCommerce is officially supported by us:
We regularly respond to Woo specific requests, so let me know if you have any. Happy to help.
Regards,
Mark.
Do you have the following enabled on the Wordfence options page:
Scan core files against repository versions for changes
And have your core files been hacked? (You mentioned every single file)
If so then likely something in Wordfence has been modified to ignore these hacks. Let me know.
Regards,
Mark.
1: Live traffic is disabled when you have caching enabled.
2: Does this happen every time you click an IP or roughly how often?
Regards,
Mark.
Thanks for the feature request. I’ve added it to our list – it’s a good one by the way so we’ll probably do this in an upcoming release.
Regards,
Mark.
Yes the Wordfence rules do apply to WooCommerce customers. We have tested the following scenarios:
Customer created an account during checkout.
Customer logs in successfully with correct password.
Scenario 1: Hacker tries to login using woo created account using normal WordPress login mechanism and fails more than the threshold that Wordfence has set. Hacker is locked out.
Scenario 2: Hacker tries to login during checkout in WooCommerce and fails more than the number of times that Wordfence allows. Hacker is also locked out.
So it’s fully supported.
Regards,
Mark.
Just wanted to add: As a paid customer, please use http://support.wordfence.com to start a support ticket with us. You will get a much faster and comprehensive response there because we have multiple staff members working the ticketing system.
Regards,
Mark.
Thanks for the great feature suggestion, we’ll give this some thought and see if we can expose some data along the lines you’ve suggested.
Regards,
Mark.
The vulnerability you’re referring to is over 2 years old and was fixed before it was publicly disclosed. Just for fun I went and counted how many versions ago this was fixed: Thirty Seven versions ago.
In fact the product that was affected is now end-of-life if you look at the top of our forums. It no longer even works.
So you weren’t hacked via Wordfence unless you’re running a version that is severely out of date.
Start by setting your “How does Wordfence get IP’s” setting on the Wordfence options page to the “REMOTE_ADDR” option. Save. Then see if IP address reporting improves.
Regards,
Mark.
Sounds like it – this is the second report I’ve seen unless I’ve responded to you before. I’ll find out what’s going on and get it fixed.
Regards,
Mark.