Scott Dayman
Forum Replies Created
-
My opinion is that it isn’t worth the time to block specific IPs. They usually change. And if they’re hammering away at invalid usernames, they’re not going to make any headway.
I bump up the login lockout time to 30 days and leave it alone. I don’t even bother with email alerts of failed logins.
Wordfence looks for vulnerabilities such as old or outdated plugins, weak passwords, or compromised files.
WordPress is delivered in a pretty secure state. Most hackers get in through weak passwords our poorly coded add-ons. Here’s some more info on securing your site:
http://codex.wordpress.org/Hardening_WordPressOnce you connect with phpMyAdmin, you’ll see a handful of tables that start with wf
That is, if they’re still there. If not, then it’s a bigger mystery.I frequently get hung up at the same point on one of my sites. I haven’t gotten around to turning on debugging to see what’s going on.
Manually download them from WordPress, then FTP them to your server. Hopefully things will clear up after that.
PayPal has been known to freeze accounts. As nice as PayPal is, it’s one extra financial hurdle that can trip up a transaction.
When I don’t want to share my card details, I use a virtual credit card number.
I’d begin by browsing your WP database for Wordfence data. I use phpMyAdmin.
It could be that the new Wordfence installation doesn’t know how to sanitize the previous database tables and the old tables remain. I’d also go ahead and delete out all the Wordfence lines from .htaccess
Other than the Wordfence folder in Plugins which I think you already deleted, that should be all traces of Wordfence.
I’m guessing it’s because Wordfence tries to keep all its business on the server. Which ever level of cacheing you pick, it only affects the server…not the user.
What action are you performing that you think should clear the cache? I recently got bit by publishing a post in the future. Yes, there’s an option in WordFence to clear the cache when that happens, but I forgot about it.
I don’t remember when I first installed Wordfence, but I don’t see any confirmation emails in my mail archive. What said it was sending a confirmation email?
I’d prefer these notifications. If it’s a critical security patch, I’d like to update it on my own ASAP.
However, if you don’t want these messages, you can create an email filter that will archive these messages as soon as they hit your inbox.
There have been a few recent WF updates. Others in this forum had a similar issue. Deleting and reinstalling Wordfence fixed it.
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Fatal ErrorManually download Wordfence and copy it into your Plugins folder, overwriting what’s there now.
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Blocked IPsIf you delete and reinstall Wordfence, you will be starting from scratch.
What I’ve found with blocked IPs is that they eventually give up. IPs that I’ve blocked show no hits in x number of days/months. If you really want to keep blocking those IP addresses, you can browse your database with PHPMyAdmin (or whatever tool’s available) and dig through the Wordfence tables and copy them down, then re-enter them later.
You’ll be just as vulnerable as you were the first time around. Considering that Wordfence caught them the first time, that wouldn’t be a big deal. They’ll make their feeble attempt, Wordfence will block it, then blacklist them. No more feeble attempts.
I don’t see a compelling reason to pay for Wordfence. It’s working well for me. I’ve looked at iThemes and it’s a fairly complex setup. I recommend you first try iThemes on a test site and see if you’re comfortable with it before proceeding with your Wordfenced site.
Just for kicks, try enabling: Disable config caching
This feature was a frequent cause of my scans hanging.