WFBrian
Forum Replies Created
-
If you’re theme doesn’t utilize that png file, then there may be little use in adding it to your site. You may want to look for a different theme that is iOS friendly.
-Brian
Hi,
Do you have a reverse proxy setup on your server? Sounds like you may from the issue you are describing . If so, try adjusting how Wordfence gets IP’s and see if that makes a difference.
http://docs.wordfence.com/en/Wordfence_options#How_does_Wordfence_get_IPs
Thanks,
BrianHi,
This happens from time to time. Turn on “Disable config caching” and save the options. If tmp/configCache.php still exists after that, you can remove it using FTP, and then try to install the update.
Hope that helps,
BrianThanks for the kind words, Don. We appreciate you!
Hi,
Sorry to hear your site was attacked. We have a document that is a great starting point for cleaning a site. Please take a look and report back if you are still having any issues.
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Thanks,
BrianHi,
They don’t mention what the vulnerability is so I can’t say about that specific attack. We update know exploits regularly and take action when new ones are brought to our attention. This competing product looks like it is brand new and is not even listed on WordPress.org.
-Brian
You could change your display name (Nickname). The nickname would be used on the posts.
https://en.support.wordpress.com/change-your-username/
-Brian
Hi,
Are you receiving any alerts via email? You can send a test email in Wordfence options
If you receive the test email, then there is something else going. If you don’t receive the test email, then there could be a misconfiguration of email sending in WordPress.
-Brian
Hi,
I usually just create a new username and then delete the generic “admin” account. Never had an issue after doing it that way.
-Brian
You’re welcome! We aim to please. Thanks for using Wordfence!
-Brian
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] theme.phpHi,
Sounds like there is still a backdoor somewhere if the same file keeps getting changed. Are you on a shared server? Is there an uploads directory? There could be something left in the database being used as a backdoor.
Here is our documentation on cleaning a site.
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
-Brian
Hi Eric,
I don’t believe there is anything in Wordfence that would prevent downloads. Are you using Falcon for caching? Do downloads work as expected when Wordfence is disabled? Do you have any other plugins enabled? The firewall would throttle bots attempting your site but a human user should be unaffected.
Thanks,
BrianForum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Ban ListHi,
We currently do not offer the ability to block users from registering like you describe. We’ve had others ask so it could appear in a future release but I can’t guarantee it or give a timeframe. Here is a link to a previous post with a possible workaround. Hope this helps!
https://wordpress.org/support/topic/feature-for-blocking-fake-users-from-registering?replies=2
-Brian
That is a false positive. The workaround to exclude the scanning of that file is to add *importbuddy.php* to the option to “Exclude files from scan that match these wildcard patterns” under scan options.
Thanks,
BrianHi,
If the server is under attack, the attackers can get in through other wp installs on the same server depending on the configuration. Also, themes and plugins should be updated to patch any security holes. Exploits in themes and plugins are a popular way in for attackers.
You may want to consider upping your Security Level to Level 4 – Lockdown in the Wordfence Options. It’s best for when a site is under attack.
Here are some good resources for dealing with a compromised site:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
http://codex.wordpress.org/Hardening_WordPress
Thanks,
Brian