wfmark
Forum Replies Created
-
Hi @jjouan, Thank you for reaching out.
Can you confirm that you are not installing the keys more than 24 hours after generation?
If not, then please try deactivating and reactivating Wordfence on the Plugins area of your site as this solves the issue for some customers.
You could also check whether you can install the license when Wordfence is the only active plugin on your site. There could be a Javascript conflict with another plugin potentially stopping the code executing the verification check.
In some cases, disabling caching plugins resolves the issue.
Let me know how it goes.
Thanks,
Mark
Hi @jutty0069, Thank you for reaching out.
Can you please specify the kind of alerts your client is receiving? Share a screenshot if possible.
Wordfence alerts are sent the email address set under Wordfence > All Options > General Wordfence Options > Where to email alerts.
You may also want to confirm that the email here has not been changed.Thanks,
Mark.
Hi @pjoter666, Thank you for reaching out.
The plugin above definitely looks malicious. I noticed a function to hide the plugin from administrators.
It would be nice to have the file checked out by our team. If the plugin file still exists, please send a sample of the infected file to our team at samples@wordfence.com so that our team can look into it. In your email, please include a link to this forum topic so that our team will know you had raised the issue with us.
That said I’d recommend that you can clean the site by using the following guide: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Make sure and get all your plugins and themes updated and update WordPress core, too. As a rule, any time I think someone’s site has been compromised, I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database. Make sure to do this because attack vectors around your hosting or database environments are outside of Wordfence’s influence as an endpoint firewall.
Additionally, you might find the WordPress Malware Removal section in our Learning Center helpful: https://wordfence.com/learn/
If you’re unable to clean this on your own, there are paid services that will do it for you. Wordfence offers one, and there are others. Per the forum rules, we’re not allowed to discuss Premium here, but please reach out to us at presales@wordfence.com if you have any questions about it.
Regardless, if you choose to clean it yourself or let someone else do so, we recommend that you make a full backup of the site beforehand.
Thanks,
Mark.
Hi @user, Thank you for reaching out.
We had a few cases where the problem was determined to be Atomicorp’s Mod Security server-based firewall rule with ID 390149.If your hosting provider is able to disable only that rule for now, that would be better than disabling Mod Security altogether.
Let me know if that doesn’t solve the issue for you.
Thanks,Mark.
Hi @nmwoods123, Thank you for reaching out.
Thank you for reaching out.
We recently had a similar request around alerts for failed scans, as connectivity issues can cause these too.
We have not alerted for these previously because sites without persistent scan/connectivity problems could experience temporary failures if a host restarts the server, or another one-off issue occurs. In these cases, we’d rather not alert customers to start looking for a problem that wouldn’t often recur.
We will be revisiting certain alerts and plugin notifications. If we find a reliable way to report connectivity issues that require attention, it could be considered too. I have made the development team aware of your additional request but we cannot commit to timelines here on forums.
Thanks,
Mark.
Hi @user, thanks for reaching out.
Wordfence appends a parameter during the process of checking whether a visitor is human.
The Live Traffic feature in Wordfence uses ?wordfence_lh=x&hid=xxx… query string URLs, and so these are normal to observe. When these URLs are visited, the expected behavior is to return a blank page. With time, Google should recognize that those paths are not useful to crawl.When the URLs in your case don’t return a blank page like in your case, it indicates that Google bots are listing different query string combinations as legitimate site pages, which is often due to a theme misconfiguration – automatically redirecting any invalid page URLs to the homepage.
You may need to consult your theme developer or address plugin/custom code settings that might be causing this behaviour.
Thanks,
Mark.
Hi @psypat,
Thank you for sharing the URLs.
Looks like the redirect is not working as expected. The URL https://gr1.gr1.se/wp-admin/admin.php redirects to banned.se not https://gr1.gr1.se/test.
When I accessed https://gr1.gr1.se/test, I was blocked immediately by Wordfence for Accessing a banned URL.
Thanks,
Mark.
Hi @astima, Apologies for the delayed response and thank you for sending the diagnostic report.
Everything looks good on the report.
On rare occassions, some Wordfence customers can experience problems at times when intensive processes such as scans are running although shared hosting plans, size of website content, and number of installed plugins tend to be the deciding factors in this as the majority of our ~5m site installations work without issue.
I’d recommend that you check with your hosting provider on what exactly caused the issue so wecan take a look if the issue recurs.
Thanks,
Mark.
Hi @kristinubute,
Thank you for getting back.
That’s right. Wordfence will not prevent or cause issues with plugin or theme updates.
Optimizing the firewall allows the firewall to be loaded before any other code loads. This provides the highest level of protection and will not cause any issues with the updates.
Thanks,
Mark.
Hi @avocadesign,
As per the forum guidelines below, please open your own topic, and we would be glad to assist you:
“Unless users have the exact same version of WordPress on the same physical server hosted by the same hosts with the same plugins, theme, and configurations, then the odds are the solution for one user will not be the same for another. For this reason, we recommend people start their own topics.”
Thanks,
Mark.
Hi @ojkprabhu,
Thank you for sending the scan log.
Could you please temporarily turn off the scan option Scan for out of date, abandoned, and vulnerable plugins, themes, and WordPress versions, and see if the scan completes properly.
Additionally, please send a diagnostic report to wftest @ wordfence.com. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email
Thanks,
Mark.
Hi @ojkprabhu,
Thank you for sending the scan log.
Could you please temporarily turn off the scan option Scan for out of date, abandoned, and vulnerable plugins, themes, and WordPress versions, and see if the scan completes properly.
Additionally, please send a diagnostic report to wftest @ wordfence.com. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email
Thanks,
Mark.
Hi @adamhideseek,
Brute force protection will remain active but other firewall features will be disabled.
Let me know if you have any other questions.
Thanks,
Mark.
Hi @chins4, Thank you for sending the diagnostic report.
From the diagnostic, I see it’s mostly Random_compat files that are required by Wordfence for safe implementation of certain PHP functions.
As you are running WordPress version 6.4.2, could you please update to the latest version 6.4.3.
Once done, please run another scan and let me know whether you see the same scan results.
Thanks,
Mark.
Sorry, I misunderstood your question earlier.
You can only enable 2FA on a single device, but you can access the 2FA codes on a different device by logging in to the same Authenticator app you used on the first device.
Let me know if you need any further assistance.
Thanks,
Mark
