wfasa
Forum Replies Created
-
Hi @sfjwebsfj!
That’s good news thanks for the update!Hi @aaronuxwp,
That does sound like a false positive. People who aren’t familiar with Wordfence will sometimes look at those files and think they are malware simply because they don’t understand what’s in them. It’s best to make sure of course. I suggest you ask them to explain how that code works and how they’ve determined that it was the source of the spam. You can explain that the plugin was downloaded from the WordPress.org repository and is used on more than 1 million sites and ask them to have another look.If you think it’s malware you can also send it to samples@wordfence.com.
Hi @sfjwebsfj,
The authkey would be located in config.php in wflogs. Sounds like the config.php has become corrupt somehow. Can you try deleting wflogs folder (which is located in wp-content) and allow it to be recreated to see if that fixes the problem?- This reply was modified 7 years, 6 months ago by wfasa.
Hi @scottblackopsca,
Does it also happen if Wordfence is disabled? If nothing is showing up in Live Traffic to indicate a block, it sounds like it might be something else doing the blocking.The actual Wordfence plugin is hosted here, on WordPress.org. Anyone can go and look at our source code to verify what it contains and the Wordfence plugin is installed on more than 1 million sites.
If the Wordfence version you installed caused an infection, that must have been a copy that you had downloaded from somewhere else on the internet. A copy not distributed by us. I would recommend that you first check with your developer to make sure that’s not what happened.
If you want us to have a look at the malware, zip it up and email to samples@wordfence.com. Include a link tho this forum post for reference.
Thanks!
Hi again @donquicky,
I tested just now to make sure, creating a user and then making it an admin doesn’t generate a warning.
We hook in to the WordPress core user creation functions to register when a user is created via WordPress admin, so that must mean that something in your site affects core WordPress functionality in a way that makes it impossible for us to detect when a user is created via WordPress admin. I haven’t heard this issue reported for WPML before so I don’t think that’s likely to be it. Typically it would be a plugin related to custom roles or membership that might cause it.
Hi @dlynch027,
Ok thanks for the update. Feel free to get back to us at any time if you notice any other issues!Hi @aksl,
You may be able to reproduce the issue if the people having the issue are not admins and you also attempt an upload as a non-admin. The Firewall behaves differently depending on whether someone is an admin or not, since admins are more trusted.Hi again @educationguideonline,
Editing my reply here because I posted it to the wrong thread. Sorry!
I think you should reach out to the authors of that plugin and ask them why our plugin doesn’t work when theirs is enabled. If you find anything out, we’d love to hear more. Thanks!
Hi @hopskip,
We received and replied to your premium support ticket yesterday. It looks like you’ve replied there as well, so please stick to communicating with us via premium support. As per WordPress.org rules we can not discuss premium in the forums. Thank you!If Wordfence is installing only with an empty folder everytime, there’s likely a PHP error happening (you’re running out of memory, or there is a timeout). You’d be able to find this in your sites PHP error logs. If you’re unsure of where to find them, Namecheap would be able to help you with that as well.
Best of luck for now!
Hi again,
Yeah, your host has access to your site. This looks like something they may have implemented. I strongly suggest you reach out to them and inquire about what “APSCONFIGURE” is and why it’s modifying your core files.I would recommend you do that before you repair, else the modifications may just keep happening over and over again.
If you want to, you could ignore it I suppose but if I were you I’d be curious why they are modifying core files since that’s not recommended.
Hi @westsidevirtual,
If the wordfence plugin folder is empty, it most likely means the plugin update failed meaning the site wasn’t able to put the new plugin files in place.If Akismet ReadMe file was modified you probably have “high sensitivity” scanning enabled. Readme files are modified sometimes, it’s not typically an indicator of compromise.
For any issues related to premium such as two factor authentication you have to reach out to us via premium support at support.wordfence.com since we can’t discuss premium features in the forums.
Is it a WordPress multisite?
Hi @essep,
That’s interesting. The that could indicate some problem with your theme, another plugin or possibly your .htaccess rules.You could try using the Health Check plugin. It can be used to deactivate all plugins for the logged in admin user only. Then your visitors won’t notice while testing.