rraszews

My live traffic page is formatted differently, but there is an entry identifying that the request I made “was blocked by firewall for XSS: Cross Site Scripting in query string: xss=%3Cscript%3E ”

Sounds like everything is working. I’ll poke around and see if there’s anything my web host did that might be blocking some attacks before they get to wordfence. Thanks for explaining how to check this.

Thanks for following up. After I turned it off and back on again, everything has worked smoothly. Bit of a strange state to get in but at least it’s resolved now.

Here’s the list of cron jobs:

Thu, 06 Sep 2018 21:01:59 +0000 jetpack_sync_cron
Thu, 06 Sep 2018 21:03:44 +0000 wp_update_themes
Thu, 06 Sep 2018 21:03:52 +0000 wp_scheduled_delete
Thu, 06 Sep 2018 21:04:12 +0000 jetpack_sync_full_cron
Thu, 06 Sep 2018 21:05:11 +0000 wp_version_check
Thu, 06 Sep 2018 21:05:56 +0000 wordfence_hourly_cron
Thu, 06 Sep 2018 21:08:50 +0000 wp_privacy_delete_old_export_files
Thu, 06 Sep 2018 21:14:36 +0000 ip_geo_block_cache
Thu, 06 Sep 2018 21:29:40 +0000 wp_update_plugins
Thu, 06 Sep 2018 21:48:34 +0000 sm_ping_daily
Thu, 06 Sep 2018 21:50:58 +0000 jetpack_clean_nonces
Thu, 06 Sep 2018 23:06:49 +0000 delete_expired_transients
Fri, 07 Sep 2018 02:33:02 +0000 jetpack_v2_heartbeat
Fri, 07 Sep 2018 09:56:32 +0000 akismet_scheduled_delete
Fri, 07 Sep 2018 18:12:58 +0000 jp_purge_transients_cron
Fri, 07 Sep 2018 18:33:59 +0000 wp_scheduled_auto_draft_delete
Fri, 07 Sep 2018 20:05:46 +0000 wordfence_daily_autoUpdate
Fri, 07 Sep 2018 20:05:56 +0000 wordfence_daily_cron
Sat, 08 Sep 2018 13:00:29 +0000 publish_future_post
Sun, 09 Sep 2018 08:30:00 +0000 wordfence_start_scheduled_scan
Wed, 12 Sep 2018 08:30:00 +0000 wordfence_start_scheduled_scan
Wed, 12 Sep 2018 10:00:48 +0000 publish_future_post
Thu, 13 Sep 2018 01:56:42 +0000 updraft_backup_database
Sat, 15 Sep 2018 13:00:03 +0000 publish_future_post
Wed, 19 Sep 2018 10:00:55 +0000 publish_future_post
Sat, 29 Sep 2018 01:56:42 +0000 updraft_backup
Sat, 29 Sep 2018 03:18:01 +0000 ip_geo_block_cron
Sat, 06 Oct 2018 13:00:00 +0000 publish_future_post
Sat, 13 Oct 2018 13:00:00 +0000 publish_future_post

The only thing I’ve done recently is to schedule posts. Haven’t had any plugins update since before the last wordfence update. Is therre a particular cron job I should be looking for?

Thanks for all the help. I changed the default PHP version for my site (turned out that they support newer versions but default to the version-as-of-when-your-account-was-opened for compatibility reasons) and it’s working again now. (Well, ip geo block is. Turned out that I did have some other plugins which broke under php 7, but that’s my problem.)

• This reply was modified 8 years, 1 month ago by rraszews.

Thanks for looking at this. I turned on debugging and only got a little more information:

[03-Apr-2018 01:43:24 UTC] PHP Notice: wp_register_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or login_enqueue_scripts hooks. Please see Debugging in WordPress for more information. (This message was added in version 3.3.0.) in /hermes/bosnaweb22a/b844/glo.rraszews/wp/wp-includes/functions.php on line 4147
[03-Apr-2018 01:43:25 UTC] PHP Notice: has_cap was called with an argument that is deprecated since version 2.0.0! Usage of user levels is deprecated. Use capabilities instead. in /hermes/bosnaweb22a/b844/glo.rraszews/wp/wp-includes/functions.php on line 4031
[03-Apr-2018 01:43:25 UTC] PHP Parse error: syntax error, unexpected ‘[‘ in /hermes/bosnaweb22a/b844/glo.rraszews/wp/wp-content/plugins/ip-geo-block/classes/class-ip-geo-block-util.php on line 132

These lines repeat several times. Unfortunately, those line numbers are just showing where the error message was generated, not where the offending function call was.

I’ll try disabling other plugins, but it’ll be a few days before I have time to go through that.