wfasa
Forum Replies Created
-
Hi @leonsky999,
There are some .tmp files in the wflogs folder you sent in. My best guess is that your site had problems writing to the file system at some point which caused the files in wflogs to become corrupt. Hopefully this was a one time occurrence.Hi @mish99,
Not sure if I’m magic (sounds like fun!) but happy to hear it seems like the alerts are working! Have a great week!Hi again @essep,
It does sound like this is probably an issue with server side cache then. I do recall we saw something similar with Cloudflares Rocket loader at some point where it would cache WordPress admin pages. That issue should have been resolved a long time ago though.If you can see the file via FTP but it’s not loading in a browser, your host should hopefully be able to explain why though. Fingers crossed!
Hi @sukh32,
please create a new thread for your issue and someone will help you as soon as possible.Hi again @amazinggracepublishing,
It sounds like someone may have NAMED their malware after Wordfence? As I said before the Wordfence plugin itself is hosted here on WordPress.org and does not contain viruses (as anyone would be able to check for themselves, since the code is openly available).I am not aware of any emails we’ve received from you. To which email address did you send them?
@zulumoongondolas,
Have you checked with your hosting provider if they made that change?Hi again!
Okay, is there any chance there could be an old composer library loading something independent of WordPress plugins? For a custom app? Or something that was part of installation package on these sites?Hi @charleyboy,
Can you send me a diagnostics report from Wordfence please?
Navigate to Wordfence > Tools and Select the Diagnostics tab. At the top, click the button that says “Send Report by Email.” Change the email address to asa@wordfence.com and please provide your forum username so I know who the mail is coming from.
Thanks!
Hi @mish99,
Please check to make sure1. You have enabled email alerts for both critical alerts and warnings.
2. You have the scan option called “Updates Needed (Plugin, Theme, or Core)” enabledIf you think something may have happened during the upgrade to Multisite, completely removing Wordfence (including removing database tables) might be an option. To do this you can simply enable the Wordfence option “Delete Wordfence tables and data on deactivation” and then deactivate and reactivate Wordfence.
Hi @flyinghippo,
I think we lost touch via email but we’ve made some progress on this case. On a site with similar error we found another plugin was using an out of date composer library which was causing the issue. Is it possible that this could have been the cause for you as well?Hi @alcat,
The file isn’t supposed to be there but I’m not sure why you weren’t warned about it before. If you’ve changed some Wordfence options recently, that could be the cause? Perhaps the corresponding Wordfence option wasn’t enabled?I would recommend you review the contents of the file to determine whether it’s malicious or not.
Hi @graftedin,
If anything is being blocked by Wordfence you should see this happening in Wordfence > Live Traffic. There will also be a button there you can click to “Whitelist” that action which would mean it doesn’t get blocked again.Let me know if that works!
Hi @jordh,
These are the places the URL could be coming from– Database wp_options table (site url/home url)
– wp-config.php constants
– Wordfence also stores it’s own copy. Perhaps that’s not being updated? If so you’d find it in a table called wfConfig in the row wp_home_urlIf it’s neither of those, it would have to be another plugin. Hope that helps!
Hi again @aksl!
Sorry for the late response. Is there any chance you could send me a file that causes this? We need to test it to see if we can reproduce it. If that’s possible, please email the file to asa@wordfence.com and please put your username aksl in the title so I know who it’s coming from.Hi @mabuhsk,
We resolve threads after a few weeks so we can keep track of where we still have work left to do. We can not help you anymore with this specific issue so opening a new thread will not help. When we’re privacy shield certified, we will let you know via our usual channels (Blog, Twitter, and possibly notice in the Wordfence plugin).