webado
Forum Replies Created
-
The issue is that the list of locked and blocked IPs is very very long to the point it takes at least 5-10 minutes to have is shown.
I try to block permanently the merely locked IPs but getting to that step is slower and slower as the list of locked IPs grows.
I fear the tables get too big and slow down access since each IP needs to be looked up there.
In my book once an IP has been blocked it’s forever. There’s a good reason why it was blocked, it’s because they either tried to log in with a variety of user ids (none of which are valid) or they tried to sniff around various urls (which thankfully respond with 404) to see if there are active vulnerabilities – in any case they are would be hackers.
I have already blocked in the .htaccess file hundreds of IPs, but hundreds and thousands more are in WF.
Doing a lot of manual work is not possible, I have too many WP sites to take care of, but in the last 2 days there’s one in particular that’s been pelted hard.
One of my WP sites was hacked with a pharma hack a couple of years before so I want to nip all attempts in the bud.
I don’t have a bandwidth problem. But these attack attempts are from everywhere, with Canada, US, France, Germany, UK, Italy, Spain, Greece, etc. being very well represented. So country blocking is not the way to go for me.
There are few countries that I may feel have no reason to access this site.I usually request that all locked IPs be blocked permanently so I don’t have to worry about the locked ones expiring in 2 months’ time.
Anyway my main concern was if I may hit an upper limit on the table of blocked IPs. It’s already very slow trying to populate the display for blocked or locked IPs.
I don’t like blocking whole countries. I know most of those attempts are through proxies, from disused, abandoned servers. Literally from all over the globe.
At one time I was trying to collect the IPs reported by WF and block them in the .htaccess file but it’s gotten way too messy. I have thousands now.
And I hope that partner who is guilty of concocting this terrible idea is now history.
Very much appreciated, Mr James.
Hopefully all the current users of this plugin will upgrade immediately.
I know what I did wrong -I uploaded a lot of files to the wrong subfolder before uploading them to the correct subfolder, when I migrated the site.
I wonder if this plugin has only just started to scan for this situation with the latest version 6.1.11.
And I seem to have understood where I moofed …. I blame my mouse and Filezilla ….
I am quite ashamed and humbled …
I’ll wait then for 6.2 😉
One of the warnings I am aware of as I changed manually header.php myself to add Google Analytics.
One or two others I’ve seen before but couldn’t figure out. I thought maybe they were due to changed plugins but was wondering why they get flagged.
Now it’s a flood.
OK Matt T, I did that. You’d have received an email from my site.
I also see this at the end of the scan:
[Jul 26 10:20:24]Preparing a new scan.Done.
[Jul 26 10:20:24]Remote scan of public facing site only available to paid membersPaid Members Only
[Jul 26 10:20:26]Check if your site is being Spamvertized is for paid members onlyPaid Members Only
[Jul 26 10:20:28]Checking if your IP is generating spam is for paid members onlyPaid Members Only
[Jul 26 10:20:30]Checking if your site is on the Google Safe Browsing list is for paid members onlyPaid Members Only
[Jul 26 10:20:32]Scanning your site for the HeartBleed vulnerabilitySecure.
[Jul 26 10:20:35]Fetching core, theme and plugin file signatures from WordfenceSuccess.
[Jul 26 10:20:36]Fetching list of known malware files from WordfenceSuccess.
[Jul 26 10:20:41]Comparing core WordPress files against originals in repositoryProblems found.
[Jul 26 10:20:41]Comparing open source themes against WordPress.org originalsProblems found.
[Jul 26 10:20:41]Comparing plugins against WordPress.org originalsProblems found.
[Jul 26 10:20:41]Scanning for known malware filesSecure.
[Jul 26 10:23:27]Check for publicly accessible configuration files, backup files and logsSecure.
[Jul 26 10:23:27]Scanning file contents for infections and vulnerabilitiesSecure.
[Jul 26 10:23:27]Scanning files for URLs in Google’s Safe Browsing ListSecure.
[Jul 26 10:48:43]Scanning posts for URLs in Google’s Safe Browsing ListSecure.
[Jul 26 10:48:44]Scanning comments for URLs in Google’s Safe Browsing ListSecure.
[Jul 26 10:48:44]Scanning for weak passwordsSecure.
[Jul 26 10:48:44]Scanning DNS for unauthorized changesSecure.
[Jul 26 10:48:45]Scanning to check available disk spaceSecure.
[Jul 26 10:48:45]Scanning for old themes, plugins and core filesSecure.
[Jul 26 10:48:45]Scanning for admin users not created through WordPressSecure.
[Jul 26 10:48:45]Scan complete. You have 4753 new issues to fix. See below.Scan Complete.Egad, I just finished pulling off all my hair and then I found this post!
I’ll be waiting with baited breath for a resolution because right now I have over 4000 messages about what has been changed …. enough to give one apoplexy. 🙂One other thing which I discovered was the need to have enough extra space available prior to any upgrade for a full copy of a fresh full installation as the downloaded zip files need to be unzipped in the spare space. Can’t be stingy on space.
Forum: Fixing WordPress
In reply to: Upgrade to 3.9.1 FailingOK, I had a similar issue where I was unable to upgrade from 3.8.3 to 3.9.1, but I am on an Apache server.
I had been wondering why I was able to update most of my other WP installations and a few failed like this.
It turns out that I didn’t have enough space to update (not enough for the package to be unzipped before it overwrites the existing content) so all I needed to do was increase the space on that account. Luckily I have a reseller account and I can play around with the allotted space for each subaccount. It’s a site which was installed in a 50MB space, and there was only about 11MB available. I didn’t think I needed more than that before. I doubled the space and the update went fine.
Lesson learned.
I got my issue fixed by my hoster as well.
Maybe this helps explain:
http://wordpress.org/support/topic/wordpress-could-not-establish-a-secure-connection-to-wordpressorg-wp-adminForum: Fixing WordPress
In reply to: WordPress could not establish a secure connection to WordPress.org.Maybe what I have at http://wordpress.org/support/topic/wordpress-could-not-establish-a-secure-connection-to-wordpressorg-wp-admin helps you.
My issue was solved by my hoster.