Mark Maunder
Forum Replies Created
-
Shenyan, the under construction plugin will break scanning until you disable it. There’s no workaround unless you can tell your UC plugin to ignore the /wp-admin/admin-ajax.php URL.
Regards,
Mark.
That’s an interesting feature request. I’ll add it to the list – the ability to auto-block an IP when they access a certain URL. We don’t currently offer this.
These are probably probes to see if you have a vulnerable version of the editor installed.
Regards,
Mark.
OK, you need to log a support ticket with us so that we can track this and get it resolved. Tracking the issue in the forums is difficult because we give these posts much lower priority than our paid support system and our paid ticket system lets us track each issue and assign it to different staff members depending on what expertise is require to get it resolved. I’m the only one who reads/posts on the forums.
So if you have trouble finding the email you used to sign-up or signing in with it, email genbiz@wordfence.com and let us know what email or name you used to sign up and we’ll help you sign-in.
Regards,
Mark.
“and the cache is regenerated for each page/post whenever a visitor visits that page/post”
That’s incorrect. That would kill performance. What makes you think we’re doing that?
Regards,
Mark.
Hi,
Try to do an uninstall with the option at the bottom of the WF options page to remove all our data checked. Then reinstall and it may work.
Regards,
Mark.
Wordfence should report a huge number of errors when this happens. Are you sure you’re scanning the correct site? Are you seeing the green message below the scan box saying you have no issues, or is the scan just not completing for some reason?
Regards,
Mark.
Great, glad to hear it’s resolved.
Regards,
Mark.
Thanks, glad to hear you fixed it.
Regards,
Mark.
Hi,
The WHOIS is showing who owns the netblock and the owner’s company’s address. Not the location of the IP which is what you see in our geo data.
Regarding the 0.0 version, let me know if you see that again because it may be a bug.
Regards,
Mark.
@snikolaidis are you getting the error still?
This error probably occurs when you’re viewing live traffic, because that’s when we make the call to resolve IP’s.
Regards,
Mark.
Hi,
Unless I’m missing something, I think your PHP version being reported on your system is inconsistent. Take a look at the code.
We say
“If the PHP version is greater than or equal to 5.4.0 then run authActionNew. Otherwise run authActionOld”
In your first post you said your PHP version is 5.2.4 which means you should be running authActionOld.
However you’ve commented out the code to force Wordfence to run authActionOld which it would be doing anyway if you’re running PHP 5.2.4.
So the question is, why is your system PHP_VERSION constant reporting a PHP version that is equal to or newer than 5.4.0 but you’re seeing your PHP version as 5.2.4.
Let me know and I’ll work with you to fix this.
Regards,
Mark.
Again, I really don’t recommend changing your DB prefix because it’s a risky endeavor and doesn’t improve security. It’s like removing the www prefix from your website and changing it to ‘hidden’ in the hope that a hacker won’t find you.
There seems to be a lot of misunderstanding around this e.g. @andrezasv you are under the impression that this somehow relates to hiding that you’re running WordPress and it’s completely unrelated.
I agree with @Barnez regarding changing your admin username, hiding your WordPress version (Wordfence does this), throttling login attempts and the ability to block them (Wordfence does this).
Also agree with @Barnez regarding not changing your folders.
What you want to be doing is running a fairly standard system that will be compatible with any themes and plugins you use, but is also rock solid secure, and you can get that with Wordfence.
Regards,
Mark.
Hi Andrez,
I’ll explain:
You need to ask: Why would I want to change the prefix of my database tables?
Because if a hacker does SQL injection they will not know my table names and so they won’t know what table name to include in the SQL statement.
But if they can do SQL injection, they can just run the “show tables” SQL command and get your list of tables anyway. So that makes changing the table prefix completely pointless.
Also, if they can do SQL injection, you need to fix the plugin, theme or file that is allowing SQL injection, rather than trying to work around it.
Does that make sense?
Regards,
Mark.
Yes ZOPIM should work with Wordfence. I just installed it in our test server and examined the code. ZOPIM uses javascript. It appears to add some data if you’re signed into the WordPress site which includes email address and so on and is viewable in the HTML source. But the javscript for non-signed-in users is generic. And because Wordfence only caches data if a user is not signed in, ZOPIM should work fine.
Regards,
Mark.
OK, marking this resolved.
Regards,
Mark.