Stratosphere
Forum Replies Created
-
I second that. Totally works great.
In my experience, bad bots ignore robots.xml especially this one, which has been confirmed and verified as a Yandex bot, but thanks for your reply.
XML-RPC is a favorite of hackers, see if you can do without it.
Update to the latest WordPress version.I clicked the dot once and it went away, never came back. So it’s not a problem for me. Just sayin’.
Hey deanysus
Your “powerful dedicated server” doesn’t mean it’s not hackable and if you think otherwise, you are a novice.
If your hosting company were professional they’d fix their holes as I requested of mine.
Wordfence is working perfectly for me and many others, I guess that’s why it is so popular with over 1 million users, the highest number I’ve seen in 8 years!
What you say is so totally false, unproven and that’s the reason I responded was because it is so incorrect, so there goes your conspiracy theory.
It’s best you unplug Wordfence and go find something better. Some people have nothing better to do, than to complain, so use your time more wisely.
By the way, I use this forum everyday, to learn of new events, as well as subscribe to the Newsletter. The man who developed this plugin greatly cares about website owners and their security.
I believe that maybe the time limit set by your hosting company, a scan needs time to execute, the settings are in your Options menu. But you may need to talk to your hosting company to extend their time limit on the server side.
That is simply not true, Wordfence works beautifully for me, every time, every update for months now.
A lot of comments about usage depends ultimately on the server, the hosting company and the settings. Most people unfortunately use low end hosting companies. I did that once and lived to regret it, since the hosting company got hacked and therefore so did I. I have since used a better hosting company and they understand security is my top priority.
As far as comparable plugins – I doubt you will find one that does as much as Wordfence – but you are welcomed to go look for one.
I am a free version user, of 3 months and very happy to be here.It’s good that you deleted them, for me these hackers had old URL’s with content, images and kept requesting them – so in Options: I entered those URL’s of content that no longer exists and block anyone accessing them. So it stopped.
To find any further problems do a Scan, that will tell you.
Don’t be afraid – Wordfence corrects problems in wp-admin files, as I told you I had about 150 of severe errors and Wordfence restored all the proper files correctly.
When you see these issues there is a selection called: Fix the File, or Restore the WordPress file and it works beautifully.If there are any left over hacks – Wordfence should be able to find them, if not refer to their service to fix those files. Sometimes yes they can remain and sometimes they are gone after a scan gives you the information to fix them. Keep doing scans to see if there are any issues.
Violated, yes I felt that too with 150 errors on my site, don’t sweat it – just fix it and it should return to normal. You are also using Cloudflare, so send them a support ticket also regarding access.
I noticed a drop in traffic also, but it wasn’t real traffic anyway, it was using your site as a conduit for spammy sites and its got to stop.I am still getting someone in the USA ( I am not in the USA) from two source IP’s one is a Yandex bot from Russia and another in New York from Digital Ocean. On the server side I see my hosting server is getting hit from all over the world.
Therefore, I am going to upgrade to Premium Version, at $8. bucks/ month I will sleep better.
I don’t use XML-RPC and I don’t even know what it does, but for a little inconvenience I would rather be safe than sorry. Keep scanning and you are very welcomed.
I wasn’t able to zoom in to see all of them, are they plugin related?
Not sure what those plugins are cause I can’t read them.
I’ve learned to minimize the plugins I use and only from developers who update them as frequently as WordPress itself updates. If not – I ditch them.
Just now squinting I see the XML-RPC reference, that is a hole for hackers.Securi has an article on that so if you can at all, avoid using that -it would make your site safer.
https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html
Hackers also like to hit images it appears, I see attempts on my images.
Again, sorry I couldn’t read the entries as well.Skygazer: its Stratosphere here again.
No those IP’s are NOT supposed to be there, unless you entered them.That happened to me a month ago, I found in
Wordfence > Options > White List 404’s that I did not enter.
I deleted them immediate, and have checked them every day since, never happened again.If you identify any of them as your hosting IP, discuss with them
if they require access, but I doubt it. I have not whitelisted my hosting IP
and every thing works fine.This Option page is very helpful and I use maximum security on all of the options there.
For me, I delete anything I did not enter myself in wp-admin.
Hope this helps you.Go to Wordfence on your left hand column in wp-admin.
Click on Firewall.
When it opens you’ll see Blocked IP’s.
Enter the IP address there.
You’re good to go.
6.3 changed the dashboard but everything is still there.LastPass was hacked July, 2016. Must read: https://www.hackread.com/lastpass-hacked-this-time-for-good/
They say its hacked for good.
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] JBoss WormBump. Any one chime in here? Did you ever seen this request before?
GET/zecmd/zecmd.jsp?comment=id HTTP/1.0
thank you.
I set it to 6 seconds now, had it on 15 seconds a while ago.
Suits me fine.I’d rather be notified that a plugin needs an Update, than to not know. I had a plugin on my site that Wordfence caught as requiring an update.
That plugin developer did not notify users that there was an update.Sometimes, we don’t realize what an accurate and secure plugin Wordfence is today. Over the past 7 years – I haven’t seen one this good, and for a free version its is superior to anything in WordPress Land.
For that, I can click on the little x and remove the little red dot notification and live happy ever after.