WFBrian
Forum Replies Created
-
You’re welcome. Glad it helped!
Hi,
You will want to have Login Security enabled with xml-rpc enabled for the best protection.
Here is a recent blog post that addresses brute force attacks, xml-rpc, and Login Security…
Let me know if this helps or not.
Thanks,
BrianHi,
In your Wordfence Options, turning on “Disable config caching”. If the file still exists after that (wp-content/plugins/wordfence/tmp/configCache.php), you can remove manually remove it using FTP. Once the file is removed, try to update again. Let us know if you are still having the issue.
Thanks!
BrianHi,
One way I can think of is through xml-rpc. It’s what other apps use to be able to publish to a WordPress site. If you have it enabled, you may want to consider disabling.
Here is some more detailed info…
https://www.wordfence.com/blog/2015/10/should-you-disable-xml-rpc-on-wordpress/
Thanks!
BrianHi,
Sounds like you could possibly have a database saving issue. I tested the range you provided and it saved normally. You could try running a MySQL table. Is this a new installation of Wordfence or has it been installed for some time?
Thanks,
BrianNothing specific. Just avoid duplicating functionality across plugins. For example, if you are using caching from Wordfence, do not enable caching in another plugin. Using your example, do not enable another firewall if you are using Wordfence for the firewall feature.
Hi Erick,
I know that there are others using both products together. Our standard recommendation is to not use the same features on each plugin at the same time. Doing so keeps conflicts to a minimum. Every environment is different, so start with some small tests to see if any conflicts exist.
Also, make sure your plugins and themes are up-to-date. Security vulnerabilities in out dated plugins and themes seem to be the most common way for attackers to affect user accounts.
Thanks,
BrianHi,
Wordfence functions as end point protection for your instance of WordPress. We recommend leaving it on at all time. The default settings provide a good level of protection and performance. If you are on a shared host, you may want to disable Live Traffic if you do notice a performance issue. You can always increase the level of security if you notice you are under attack.
https://www.wordfence.com/blog/2015/11/moving-to-endpoint-security-for-wordpress/
You can also export your settings out of your test server and import them into a live server.
Let us know if you have any more questions.
Thanks!
BrianHi,
When you navigate to that URL do is there something actually there? If not, then the png doesn’t exist in you theme which is why you are seeing the report in Pages Not Found when access is attempted. The access attempts may be from legitimate users or from attackers trying to attempt to gain access. If you get a 404 error when navigating there, then the file does not exist. You may want to check your theme.
Thanks,
BrianHi,
A few questions…Are you using caching via Wordfence (Falcon or basic) when the font issue is occurring? Are the fonts hosted web fonts or are they installed on your site locally? Do you have a screenshot of the what it looks like when the issue is happening?
Thanks!
BrianHi Matt,
This is an issue that the team is investigating. I don’t have any new information to add at this time but please know we are working to resolve it.
Thanks!
BrianHi,
Wordfence can exclude large files if they are causing the scan to fail. Normally, small files like jpg’s are not excluded automatically. Not normal behavior. It’s possible that your scans are failing. Here are some things to try:
http://docs.wordfence.com/en/My_scans_don’t_finish._What_would_cause_that%3F
If that doesn’t work, try enabling debugging mode on the Wordfence options page. If it stops without completing, report back the last several lines of the “Scan detailed Activity” box and we can take a look.
-Brian
Hi,
This is a known issue that happens intermittently and is being addressed in a future release.
You might try the steps here to see if it improves your scan:
Thanks,
BrianNo, you must translate CIDR format.
http://docs.wordfence.com/en/Wordfence_options#Whitelisted_IP_addresses_that_bypass_all_rules
Thanks,
BrianHi Peter,
Have you tried Basic Caching? Does the homepage update when using it? With Falcon, do other pages cache normally? You could exclude the homepage for now if it is working with other pages while we troubleshoot.
http://docs.wordfence.com/en/Falcon_Cache#Cache_Exclusions
Thanks,
Brian