Mark Maunder

Hi Adrian,

Thanks for the bug report. We’ve found the issue and fixed it. The problem is that one of our functions that checks if something can be cached calls this function when it shouldn’t. That’s not usually a problem but if you enable debugging WordPress debugging complains about it. So we’ve removed the code because it actually doesn’t have any effect and we do the same check later on in the correct execution order.

The fix will be in the next release.

Regards,

Mark.

Wow, Impressive.

OK I’ll try to use this to come up with a rule that enables that only for scans. It’ll probably be URL and query string specific.

Thanks, very useful. I think you helped quite a few other users.

Regards,

Mark.

Examine each file individually before deleting.

But note that Wordfence includes a feature that prevents false positives on known files. So if we find base64/eval we do a second check to see if the file is a known file in the repository (any version of any core, theme or plugin file in the repo) and if it’s known we won’t flag it.

So it’s very likely these are malicious files.

Regards,

Mark.

Thanks guys, this really means a lot to us. Great to hear.

The newest release includes some nice enhancements for Falcon e.g. if your site for some reason returns a page that appears too small (less than 1000 bytes which is tiny for a web page) Falcon won’t cache that because it’s usually some sort of error on your site when a page is that small. (Average web page size is 1246,000 bytes in 2014. So we won’t accidentally cache blank pages or weird responses.

Regards,

Mark.

Hi Daniel,

Thanks for reporting this. We’ve found the issue and fixed it. The fix will be included in the next release due early next week.

I must add that your website danielx64 is configured to write warning PHP notices to the visitor browser which is a serious security risk. So please disable that setting. It’s a risk because user passwords and other sensitive data including source code may be exposed.

Regards,

Mark.

Hi Mary,

OK lets try to keep this short and focused on the issue. Please use your CPanel to open the file:

/home/servieom/public_html/wp-content/plugins/wordfence/lib/wordfenceClass.php

Go to line 183 and post that line and a few lines before and after here. I want to examine them.

That Wordfence file does not have a variable $end so it sounds like your file has been modified.

Regards,

Mark.

Hi all,

We successfully run Wordfence on a LiteSpeed server in our lab.

There’s a debug option at the bottom of Wordfence options which you can enable to see where it stops.

Check your litespeed error log if you have access to that to find out if the process is being killed or there’s some other issue.

Post what you find and I”ll try to help.

Regards,

Mark.

Thanks Paul, we found and fixed this bug and it will be in the next release which is 5.0.9 – unfortunately the fix didn’t make it into this release.

Regards,

Mark.