Mark Maunder
Forum Replies Created
-
Hi Ian,
Sorry to hear about this.
Please check the lib/wfDB.php file to make sure nothing has been put in there to disable Wordfence by the hackers. It’s the most obvious way I can think of to disable Wordfence communication with the database which is what has happened here.
Also if you can check your apache error logs which probably contain something helpful.
Regards,
Mark.
Hi,
OK I understand. 🙂
Yes, you need to check the box to delete all wordfence data on deactivation at the bottom of your Wordfence options page. Then disable and reenable the plugin on each of the sites. That will cause it to fetch a new key.
Regards,
Mark.
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Scan ErrorsHi Mike,
This should be fixed now. It was an issue on our servers which we’ve fixed.
Regards,
Mark.
They emailed us on the 23rd of April telling us they were going to do this and the reason why: “due to a large overlap in functionality, we are going to be adding Wordfence to our disallowed plugins list next week”. We did a quick audit and discovered they’re a tiny part of our free and paid customer base (less than 1%). So we didn’t even bother to publish anything.
Then they emailed their customers claiming problems with Wordfence – see above. Needless to say I won’t be buying drinks for their staff in future (as I have in the past).
You know what to do.
Regards,
Mark.
Hi Tony,
We use wp_mail() function to send all email so it’s really WordPress that you need to set up to send mail using a certain path and not Wordfence.
Regards,
Mark.
Done. We found 17 new files which are now marked safe in the first ZIP and 3 files in the second one.
Try again and let me know if that helped.
Regards,
Mark.
Hi,
It looks like you’re using Nginx and I think what’s happening here is that either your server is serving gzipped content and not telling the browser it’s compressed, or it’s double compressing content (more likely).
Can you upgrade to Wordfence 5.0.6 if you haven’t already and disable Falcon and then reenable it and let me know if that fixes it.
Regards,
Mark.
Please visit the following file in the source code of WP-Ban:
https://plugins.trac.wordpress.org/browser/wp-ban/trunk/wp-ban.php
Scroll down to line 181.
See where it calls gethostbyaddr()
That does a DNS lookup on EVERY visit to your site if the IP has not already been banned. It will slow your site down to a crawl and you won’t see an increase in CPU disk or memory usage and you’ll wonder why.
That is why we don’t block by hostname.
Instead we offer blocking by IP range and give you a way to look up the IP range of a particular hosting provider using the WHOIS function built into Wordfence and the integration lets you do this with a few clicks.
To find out more about how gethostbyaddr() slows down your site see the PHP documentation here:
http://www.php.net/manual/en/function.gethostbyaddr.php (do a search for the word ‘slow’ without quotes)
And here’s a google search:
https://www.google.com/search?q=gethostbyaddr+slow
Now do me a favor and go out and spread the word that gethostbyaddr() is VERY BADâ„¢ and anyone using it on a production website should be tarred, feathered and woken up at 4am to the sound of The Scorpions “Rock you like a hurricane” blaring through cheap headphones.
Regards,
Mark.
Also just to be clear: We fixed the issue that was causing the basedir restriction warning to fire also.
Regards,
Mark.
Thanks for both of these reports. The undefined variable AND the ob_end_clean warning. Both of these issues have been fixed and will be included in the next release. The beta will be released Friday.
Regards,
Mark.
Hi,
You shouldn’t need to manually block so many IP addresses. Can you tell me where you are seeing IP addresses that you’re blocking?
Regards,
Mark.
For this reason, it would be great is Wordfence enabled a feature whereby we could nominate the specific common hack usernames such as “admin” to permanently block.
This will be in the next release. But don’t take my word for it. My co-founder Kerry posted this about 20 minutes ago:
http://wordpress.org/support/topic/large-number-of-failed-logins?replies=3#post-5545076
@davidbrugge My humble apologies sir. As an advocate for our product I’d like to assure you that we’re not resting on our laurels and are taking note of your feedback. There were some core features and fixes we needed to get into the product before we could get on to other feature requests and these caused a delay in us implementing this feature. I can assure you that it will be in the next release and the timeline for this is that we will be releasing a Beta on approximately Friday this week with the production version coming out the following Sunday or Monday depending on how many issues are reported by our Beta testers.
I’m a bit nervous about marking this resolved, but I’m going to go ahead and do that and please trust me that this will be in the next release.
Regards,
Mark.
Hi,
That looks like a BackupWordPress issue and I’d contact them with that question.
Regards,
Mark.
Hi Gregoire,
They should be blocked from the login page even if you have Falcon enabled. Can you tell me how you know they’re able to access that page?
Regards,
Mark.
That’s a great idea! Thanks, I’ve added it to the list of features for the upcoming release.
Regards,
Mark.