wfasa

Hi @sergeyf1!

I think I may already have replied to you in an email, but for everyone elses benefit:

By default, WordPress discloses usernames. If you browse to http://www.example.com/?author=1 on a WordPress site you are sent to the authors page, and there the username is displayed. Wordfence has a function that prevents this, so that you can not browse to http://www.example.com/?author=1 if you have the Wordfence option “Prevent discovery of usernames through ‘/?author=N’ scans, the oEmbed API, and the WordPress REST API” enabled. What was discovered was that if you add [] after “author” you could still see the author page even if you had Wordfence and even if that option was enabled.

This has been fixed. It’s not something that will reoccur in future versions of Wordfence.

Please note that some themes and plugins disclose usernames as well and we are not able to stop that. It’s important to always use secure passwords. Relying on your username not being known is not enough to keep your site secure.

Hi @laurau,
It sounds like you may need to change how Wordfence gets IPs.

1. Check which IP address you are using on your internet connection. You can check this by for example typing “my ip” in google
2. In Wordfence “All Options” page “General options” locate the text that says “My IP with this setting”. Make sure the IP listed there matches the one you found in step 1.

If they do not match, you’ll need to change the option for “How does Wordfence get IPs”. You can see which option you should choose by looking the Wordfence Diagnostics page in the “IPs” section. One of the alternatives there will show the IP you found in step 1 above. That is the one you should use.

Hi @pwnd,
These are the contents of the rules.php file located in wp-content/wflogs. I don’t know why it’s being printed out. It’s a .php file so it should be processed by PHP, not printed out like this.

The first thing I’d recommend is to delete the wflogs folder located in wp-content and allow it to be automatically recreated and see if that fixes your issue.

Hi @scalarent,
In the scan log, you should be able to see what is happening right before this error happens. Can you send me the full scan log please and I’ll be happy to have a look. Use the “Email activity log” button and change the email to asa@wordfence.com. Reply back here in the forum when you’ve sent it so I know to go look for it.

Thanks in advance!

Hi again @artemlatenkov07,
Thanks for the screenshots. The second screenshot shows no records visible at all when you are trying to expand the records. That’s definitely not normal.

It could possibly be a problem with cache, so if you have any cache plugins you could try clearing cache in those.

Otherwise I’d recommend you try keeping a browser console open when you click to expand the Live Traffic. Look for any JavaScript errors that may be happening. You can also check the “Network” tab in the browser console to see if any files fail to load.

Hi @teaneedz,
This is not a known issue related to this specific release. We do know that automatic updates fail sometimes, and it seems to be an issue that is affecting other plugins as well. We will of course look in to it. It looks like your host is GoDaddy? You don’t happen to know what the errors were exactly?

Hi Winner!
I don’t know why ma.tt doesn’t use Wordfence on his site. You’ll have to ask him! 🙂

Thanks for your support and I hope you have a good rest of the week.

Hi Hudson,
hash() is supposed to be included in PHP 7.

http://php.net/manual/en/function.hash.php

However, it appears it’s missing on your server. I’d recommend you reach out to Dreamhost to inquire about why. It might be that your application environment isn’t actually running with the PHP version that’s reported by the system info.