Title: scotten's Replies | WordPress.org --- # scotten [ ](https://wordpress.org/support/users/scotten/) * [Profile](https://wordpress.org/support/users/scotten/) * [Topics Started](https://wordpress.org/support/users/scotten/topics/) * [Replies Created](https://wordpress.org/support/users/scotten/replies/) * [Reviews Written](https://wordpress.org/support/users/scotten/reviews/) * [Topics Replied To](https://wordpress.org/support/users/scotten/replied-to/) * [Engagements](https://wordpress.org/support/users/scotten/engagements/) * [Favorites](https://wordpress.org/support/users/scotten/favorites/) Search replies: ## Forum Replies Created Viewing 11 replies - 1 through 11 (of 11 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Keyy Two Factor Authentication (like Clef)] Has been locked out](https://wordpress.org/support/topic/has-been-locked-out/) * Thread Starter [scotten](https://wordpress.org/support/users/scotten/) * (@scotten) * [7 years, 2 months ago](https://wordpress.org/support/topic/has-been-locked-out/#post-11351378) * Thanks for quick answer anyway. I foudn out that solution in your FAQ:s after a while so I am fien for now. I think – that when I had installed and activated KEYY – I noticed an old “unsecure” username and changed that one to a std more secure – without logging out after KEYY activation. Maybe that is why it suggested the wrong/the old probably) user. But I should be able to change that user to another – but I guess the QR code is created based in the current user aand that is why I had this mismatch I don´t think there is a bug but maybe there should be some instruction or warning not to change user after having activated KEYY and without logging out. * Thanks again * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Reports same User hostname for MYSELF as for hackers](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/) * Thread Starter [scotten](https://wordpress.org/support/users/scotten/) * (@scotten) * [10 years, 6 months ago](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/page/2/#post-6802818) * OK – I will do that. I will just first check what is happening now – I dont have as much attempts now after the reinstallation and deleting of the database – but there are still some. * If I feel it seems to work now I am satisfied, If I still feels there is something straneg going one – I will email genbiz@ * PeA * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Reports same User hostname for MYSELF as for hackers](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/) * Thread Starter [scotten](https://wordpress.org/support/users/scotten/) * (@scotten) * [10 years, 6 months ago](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/page/2/#post-6802816) * Hi Mark, thanks for your reply. As you mention that the vulnerability was discovered by you and you even call it “vulnerability” as if it was not a real vulnerability– does that mean that this software is kind of fake or if you don´t want to give that answer – will not be needed if you already use WordFence. As I have had several strange problems with WF – I finally – after googling around bought and installed WP Site Guardian. * I have had plenty of unauthorized logins attempts (according to WF) but I am not sure if these have bee real attempt´s as the behavior has been very strange and incorrect. I have now reinstalled WF following the instructions I got from Matt – and it seems that it is much more “calm” now – just a few attempts. * But IF all these (50 each day) has been real attempts – and on that particular site – there was also comment fields open(not on my other sites) – the why have not ANYBODY tried this other vulnerability? * As I dont like to be “fucked up” to buy software that I don´t need and that is kind of fake – I need some more guidance from you .- and then I will go back to the salesman of WP Guardian and claim the purchase – as they seems to have given incorrect information (they sad that non (including WordFence) did not take care of this “exploit vulnerability” (Sorry for my “bad” english * PeA * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Reports same User hostname for MYSELF as for hackers](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/) * Thread Starter [scotten](https://wordpress.org/support/users/scotten/) * (@scotten) * [10 years, 6 months ago](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/#post-6802802) * Hi again Matt, I have not yet reinstalled WordFenc, but I will do so. * But yesterday I received an email from Ankur Shukla (ankur@wpfanmachine.com) with this link to a video telling that both Wordfence and “all” the other top security plugins – does not protect against Exploits & vulnerabilitys in WP, in themes and in plugins. [http://wpsiteguardian.com/live1c.php?aid=227809](http://wpsiteguardian.com/live1c.php?aid=227809) * This new software is called WP Site Guardian and the guy behind Chris Hitman. * I don´t know it this is fake – but I have reveived emails from this guy before and have some trust in him (but you can never know these days) The vidoe shows how it should be possible to hack a site in a couple of second just by pasting some code into a comments field – and none of the best Security plugins protects against that. * As an example they mentioned that there is a vulnerability in WF: Persistent Cross-siet Scripting(XSS) * What is your comment to this? And if it is real – wouldn´t it be goof if WordFence also protected against this. Let me know your thoughts * PeA * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Reports same User hostname for MYSELF as for hackers](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/) * Thread Starter [scotten](https://wordpress.org/support/users/scotten/) * (@scotten) * [10 years, 6 months ago](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/#post-6802798) * Hi Matt, I DO have sent the plugin list – I will also send you this email from another email address on another host. * I will also try to delete the plugin following your instructions and will let you know. * This is what I sent you dec 2nd (by email..) * My hosting company answers that they have reverse proxy for Apache on some of their servers, but they also say that “server.pistolfolios.com” is nbot a customer( i must admit that I don’t exactly understand this with reverse proxy and my problems) * Let me know if you did not get my replies _________________________________________________________________ * Hi Matt, I have send you the scan report * I have turned off Immediately block fake Google crawlers * Plugins: All in One WP Security WP Limit Login Attemps (I had but today I deactivated and also removed – as it caused some problems for myself being blocked) Yoast SEO UpDraft Plus(backup) Wincher rank tracker WP Super cache Redirection WP Edit SEO Friendly Images Google Analytics Dashboard Broken Link Checker * I know – that is maybe too many – I will delete some of them – when I am sure I don’t use them… (It is easy to install and test but not easy to remove – as you forget…) * About reverse proxy – I don’t have a clue – I have to ask my hosting company – I am quite sure they don’t… * I still get plenty of emails like this – but now the other User host name is gone and now its seems to be 23.97.233.197 but with different IPs (It looks like a User host name is “stuck” in the system for a while and gets connected with several other IPs trying to login in , and the suddenly there is another User host name(like this one) connected to other IÅs. I don’t think all these IP:s really have the same User host…. * A user with IP address 142.4.4.201 has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username‘ admin’ to try to sign in. User IP: 142.4.4.201 User hostname: 23.97.233.197 User location: Provo, United States * Thanks for trying to solve this (it is late here in Stockholm, Sweden now (23.26..) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Reports same User hostname for MYSELF as for hackers](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/) * Thread Starter [scotten](https://wordpress.org/support/users/scotten/) * (@scotten) * [10 years, 6 months ago](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/#post-6802795) * Hi Matt, what happened to my issue- I still receive plenty of emails with differebnt IP:s but same User host namen – but after a while it changes tio a new ine – buit whne it one and the same – the IP:s is coming frpm dfifferent countries etc. and sometimes it is like this: User IP: 75.103.66.14 User hostname: msnbot- 207-46-13-54.search.msn.com User location: Phoenix, United States ____________________ User IP: 178.211.187.178 User hostname: msnbot-207-46-13-54.search.msn.com User location: Pervouralsk, Russia ________________________________________ User IP: 142.4.4.201 User hostname: msnbot-207-46-13-54.search.msn.com User location: Provo, United States * and so on – buty the after a number of emails – the User host name changes to a new one * and also the strange thing that my OWN user host namne started to come for a lot of other IP:s * This can´nt be right – and I do have clkearde the cache and deacttivated WP Super cache * PeA * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Reports same User hostname for MYSELF as for hackers](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/) * Thread Starter [scotten](https://wordpress.org/support/users/scotten/) * (@scotten) * [10 years, 6 months ago](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/#post-6802748) * I sent you answers on all your question yesterday(in an enmail) * My hosting cmpany answresr that they have reverse proxy for Apache on some of their servers, but they also say that “server.pistolfolios.com” is nbot a customer( i must admit that I dont exactky undersytand thsi with reverse proxy and my problems) * Let me know if you did not get my replies * PeA * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Reports same User hostname for MYSELF as for hackers](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/) * Thread Starter [scotten](https://wordpress.org/support/users/scotten/) * (@scotten) * [10 years, 6 months ago](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/#post-6802698) * I am not sure this has to do with my other problems – but I am beeing locked out mysself – in a way I should not be. WF has forced me to change mys password, I do so. When I 1-2 days later try to sign in – I am locked out. I check the password and try to login again. When it says I have only 2 attemps left (Login failed: Sorry..Wrong information 2 attemps remaining..!” , I get an email saying that I have been locked out due to too many attempts – but hey, it said I had 2 attempts left(and I tried only 3 timwes and that is less than I had configured). I asked for resetting the password but when I try to login in with that new password– it does not work. Now I have to wait 10 minutes before I can try again – but this feels like a Moment 22. * I would like to lock out unauthorized users, I dont want to make it more difficult for myself. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Reports same User hostname for MYSELF as for hackers](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/) * Thread Starter [scotten](https://wordpress.org/support/users/scotten/) * (@scotten) * [10 years, 6 months ago](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/#post-6802660) * IFrom the beginning I had Live Traffic disabked – but have enabled it earlier tioday. I can see my own visit(cant see the IP nbr ) when visiting rom another browser. I also see a lot og Bing bot vsisits and from majestic12, yandex, opensite explorer etc – but NONE from Google bots!! I have Verified Google crawlers have unlimited access… * But still nothing in IPs that are locked out from Login and nothing in IPs that are blocked from accessing the site * I have enabled Firewall, Login security, and now Live Traffic logging. * I kept How does Wordfence get IPs:Let WF use the most secure…. * I dont feel that the other options should be better or solve the problem * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Reports same User hostname for MYSELF as for hackers](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/) * Thread Starter [scotten](https://wordpress.org/support/users/scotten/) * (@scotten) * [10 years, 6 months ago](https://wordpress.org/support/topic/reports-same-user-hostname-for-myself-as-for-hackers/#post-6802657) * Hi Matt, thanks for quick answers on my different (but same cause ?) problems * Yes, I see a lot of differenht IP:s blocked but many(but not all) has the same User hostname: vps.agenciaspin.com * Second – when It got blocked myself (using a removed user by mistake) I also hade that User hostname: vps.agenciaspin.com * But later – I had the right User hostname. * It also reports fake Gopogle bots, but when I check the IP:s they seem to be real, from Googles servers * Anf finally – inside Wortdfence – it rreports No IP:s blocked – although I have received all these emails telling me about different IP:s that HAS been blocked * Do you mean all this could have the same reason? * However, I have some other WP sites on the same ISP and server – and I dont get all this problems for the. * The site is [http://peopleandtraffic.se/](http://peopleandtraffic.se/) if that helps. The IP on the PC I use is: 81.232.69.81 when I see these problems * The IP on the server that host the domain: 194.9.94.50 Apache/2.2.31 (FreeBSD) PHP/5.5.30 mod_ssl/2.2.31 OpenSSL/0.9.8zd-freebsd * Thanks for helping * PeA * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Yoast SEO - Advanced SEO with real-time guidance and built-in AI] New version changes stinks!](https://wordpress.org/support/topic/new-version-changes-stinks/) * [scotten](https://wordpress.org/support/users/scotten/) * (@scotten) * [10 years, 6 months ago](https://wordpress.org/support/topic/new-version-changes-stinks/#post-6785706) * Hello guys and Yoast Team – first – a greeting from Sweden – Yoast Team is doing a great job, the best SEO plugin. But I agree – that initially it felt like it was not as user friendly as before – both me and my clients had hard to find where and how to change the important META Title and Description .- but I think that when you get used to it is will work fine. * But there are some minor issues left to fix: 1. In Sweden (and other Scandinavian countries) we have Scandinavian characters with dot over a and o like åäö They don´t work anymore -Yoast says that the focus word does not exist in the URL ( because the URL does not have the dots – but this worked before the update) The same with the focus word does not exist in the ALT-tag (although it does – also because of the dots i assume – but this worked before the update * 3. Part of the focus word does not work anymore – Example: focus word is “skrivbord” and the word “skrivbordet” is both in the Title, Description and ALT-tag – but Yoast says it can´t find “skrivbord” – but if I change the focus word to “skrivbordet”– everything is OK. (Think “desk” and “desktop” ) This work before i.e. when a focus word was part of a longer word(that is how Google handle this) * 4. And finally(I hope) if I have 156 characters in the META Description – Yoast says it is longer, even when i shorten to 154 is says it is too long, when I have 152 – it is OK. (My characters include blanks end every other character of course. * Hope this can be solved for us Vikings up in the North * Keep on with your good work * PeA Viewing 11 replies - 1 through 11 (of 11 total)