WFBrian
Forum Replies Created
-
Hi,
I’ve seen this issue before. Try these steps:
On the WordFence options page, check the option to delete WordFence data on deactivation. Then export your settings. Deactivate the plugin. Then reactivate it (same files) and import settings.
Let me know if that helps,
BrianWill you provide a screenshot of what you are seeing when the images are blocked?
Thanks!
BrianHi,
Premium Support is available at support.wordfence.com. Due to forum rules we are not allowed to support paid products here. Please open a ticket at our support site and we’ll get you help.
Thanks!
BrianA slash / is required to start the sequence. What’s happening there is that the request for the @2x.png which results in a 404 is not counted against the throttling rules for your site. The 404 can result when some browsers request those images even if they are not explicit in the sites HTML. If your site has these images you shouldn’t need to whitelist them since a ‘404 Not Found’ would not be generated when the images are called. Let me know if I’m missing something.
-Brian
Hi Matt,
We recommend starting here:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
If you’re seeing files being changed and you’re not doing it, then something else is. Make sure your themes and plugins are up-to-date. Remove any unused themes and plugins as well.
-Brian
Hi,
Wordfence does not disable XML-RPC. Here is a blog post with the reasoning:
https://www.wordfence.com/blog/2015/10/should-you-disable-xml-rpc-on-wordpress/
Also, we do not officially support Wordfence on Windows but we’ve had reports of people using it.
Hope that helps,
BrianHi Jason,
The wfHits table is where “Live Traffic” data is stored. So the hits are visits to the site. This page explains everything displayed on Live Traffic:
Have you tried running another Wordfence scan?
-Brian
Hi,
Under options, how long to you have “Amount of time a user is locked out” set to? The locks could be expiring. Also, the lock is per IP address. Multiple attackers could be trying to use “admin” from different IP addresses. You’d see multiple locks from this.
Hope that helps,
BrianI’m not sure I follow so correct me if I’m wrong. Are you saying the post has been injected into wp_wfHits? Could you not just delete the entry out of wp_wfHits? Do you have a backup so you can restore the site to a time before the attack?
-Brian
Hi,
Are you still seeing this error?
-Brian
Hi,
Are you using InnoDB with MySQL? We’ve heard of issues with that combination that aren’t Wordfence related.
If not, you may want to try Options -> Other options -> Delete Wordfence tables and data on deactivation to remove Wordfence completely. After that, do a new install of Wordfence and the tables will be created.
-Brian
Here is how to regain access to your sites:
-Brian
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] BlockingHi,
How long are your blocks set? The default is 5 minutes. So after 5 minutes the block will be removed. Have you tried blocking the IP permanently?
-Brian
Hi,
I’m not familiar with keycdn, but Falcon Cache does work with many CDN’s. Have you tried testing it out? Are you using the CDN for images or for your whole site?
-Brian
Hi,
There are many ways a site can be attacked. Most sites are compromised because of outdated plugins and themes, running an older version of WordPress, or having an insecure password. If you’re on a shared host, you can also be susceptible to hacks from other sites on the shared server. Also, inactive plugins can be a source of attack.
Here is the official WordPress page on hardening WordPress:
http://codex.wordpress.org/Hardening_WordPress
Thanks,
Brian