wfmark
Forum Replies Created
-
Hi @targetedpodcast, thanks for reaching out and sharing the signatures.
\x0A is a non-printable/hidden character. Which explains why you can not see it on the wp-config.php file.
The function on the wp-config.php that was flagged by Wordfence is malicious as it includes a temporary session file. I would recommend backing up the wp-config.php file and removing the function from the file.
Additionally, try running a High Sensitivity Scan on the site to see whether Wordfence detects any other malicious files just to be safe. You can do this by logging into your site and navigating to Wordfence > Scan > Manage Scan > High Sensitivity > Save – then run the scan from Wordfence > Scan > Start New Scan.
You can clean the site by using the following guide: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Make sure and get all your plugins and themes updated and update WordPress core, too. As a rule, any time I think someone’s site has been compromised, I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database. Make sure to do this because attack vectors around your hosting or database environments are outside of Wordfence’s influence as an endpoint firewall.
Additionally, you might find the WordPress Malware Removal section in our Learning Center helpful: https://wordfence.com/learn/If you’re unable to clean this on your own, there are paid services that will do it for you. Wordfence offers one, and there are others. Per the forum rules, we’re not allowed to discuss Premium here, but please reach out to us at presales @ wordfence.com if you have any questions about it.
Regardless, if you choose to clean it yourself or let someone else do so, we recommend that you make a full backup of the site beforehand.
Thanks,
MarkHi @patrickhaond, Thank you for reaching out.
You will need to contact your hosting provider to look at all available error log files. For more information on how to troubleshoot, please visit https://wordpress.org/support/forum/how-to-and-troubleshooting/
Thanks,
Mark.
Hi @nosaint,
To rule out any caching issues, could you please try an incognito/private browsing window or a different browser than your default one?Please access wp-admin while keeping a Browser Console open to see if you can detect any JavaScript errors or files that fail to load. If you see any red errors in the console, please take a screenshot and send it to me.
If the above steps fail, run Wordfence as your only-enabled plugin and revert to a default theme such as Twenty Twenty-Three to see if there’s a plugin or theme conflict causing the issue. If you are now able to enter the 2fa code, re-enable your plugins and theme one by one until the error recurs to help find the plugin causing the conflict.
Thanks,
Mark.
Hi @vidishp,
I checked with the team for you on this. Those console errors are often caused by trying to move javascript to the end of the page, or setting defer or async. It is possible a plugin is conflicting with both WooCommerce and Wordfence. You mentioned this issue still occurs with only Wordfence and WooCommerce enabled, can you please confirm? If the issue doesn’t persist with only those plugins enabled, then I recommend trying to deactivate one plugin at a time while WooCommerce and Wordfence are enabled and see which one is breaking the tools page. Please screenshot what the Tools page is showing when it is broken as well.
If the issue occurs with just Wordfence and WooCommerce enabled (with a default theme enabled), please try updating WooCommerce to the latest version and let me know if the issue persists.
Thanks,
Mark.
Hi @freddybee, thank you for reaching out.
Have you made any changes to the site recently?
If you need immediate access back I’m happy to provide you with instructions:
- Please use FTP/SFTP — or any file manager your web host provides via their administration panel.
- Look inside the /wp-content/plugins/ directory and rename the wordfence directory to wordfence.bak. This will deactivate Wordfence and allow you to login without the 2FA code.
- Once you have logged in to your WordPress admin you can name the folder back to wordfence again.
Once you log in, can you please send a diagnostic report to wftest @ wordfence.com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
Thanks,
Mark
Hi @researchsoftwareuofr, thank you for reaching out.
The cURL error 60 is due to something going wrong with SSL or something interfering with it.
Your web server is returning the “subject name does not match target host name” error so there is some certificate error that needs to be investigated on your website. Your hosting provider is better placed to help you with this.
Can you also send a diagnostic report from the site reporting the cURL error to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
Thanks,
Mark.
Hi @umbrtree, thank you for reaching out.
Can you please send a diagnostic report to wftest@wordfence.com. You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
Note: For the fastest response time, please make sure and add any information or questions directly to this topic and not the email address above unless asked.
Thanks,
Mark.
Hi @level42, Thank you for reaching out.
Can you confirm that you are not installing the keys more than 24 hours after generation?
If not, then please try deactivating and reactivating Wordfence on the Plugins area of your site as this solves the issue for some customers.Would you also check whether you can install the license when Wordfence is the only active plugin on your site? There could be a Javascript conflict with another plugin potentially stopping the code executing the verification check.
In some cases, disabling caching plugins resolves the issue.
Let me know how it goes.
Thanks,
MarkAre the permissions set correctly on the clone site? 755 permissions and www-data should be the process owner for your WordPress directory. If you have to run your site with a different process owner, then that same user should be owner of the files in the directory.
If permissions are set correctly, please follow the steps I shared previously to delete the wflogs folder or its contents entirely and Wordfence should try to repopulate it within 30 minutes. This may resolve the issue.
If you have persistent problems with file-writing permissions, you can bypass Wordfence’s requirements entirely by setting logs to use the MySQLi storage engine: https://www.wordfence.com/help/firewall/mysqli-storage-engine/
Thanks,
Mark.
Hi @selcuk76, Thank you for reaching out.
I see you have a custom login page.
Could you please confirm whether you have enabled the option “Enable reCAPTCHA on the login and user registration pages” under Wordfence> Login Security> Settings?
This could explain your issue as our 2FA and reCAPTCHA features are only supported for the default WordPress/WooCommerce login and registration pages and may not work on custom versions of these pages created manually or by other plugins/themes.
We have plans to expand our compatibility in the future, although we cannot commit to timelines here on forums.
Thanks,
Mark.
Hi @sharanletiza, thanks for reaching out.
Please open a support ticket at https://support.wordfence.com. They will be able to assist you faster and more efficiently.
You can also access premium support via the Help menu item in the plugin, Help link on the plugin’s Dashboard page, on our documentation homepage or via the HELP link in the footer of all wordfence.com pages.
Thanks,
Mark.
Hi @manigtvr, thanks for reaching out.
You are using an outdated version of wordfence, and thus I would recommend updating it before anything.
This could be an issue with plugin/theme conflicts too. If our scripts don’t load properly due to an error earlier in the loading process, this is the most common cause of behavior such as this. The best way to test is to run Wordfence as your only enabled plugin and also reverting to a default theme such as Twenty Twenty-Three. If ReCAPTCHA works, then reenable your plugins and theme one-by-one until it breaks again to help find the cause.
Also bear in mind that our Login Security module’s 2FA/reCAPTCHA features are only compatible with WordPress and WooCommerce’s default registration/login pages so custom pop-up modals and forms can cause this kind of response also.
Thanks,
Mark.
I don’t see any errors on that URL on my end. Can you send a screenshot of the error you see on your end?
With Wordfence activated, please access the URL and navigate to your Wordfence > Tools > Live Traffic page, and see whether you find any blocked requests, click on it to expand it, then click “Add Param to Allowlist”.
Additionally, can you send a diagnostic report to wftest @ wordfence.com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
Thanks,
Mark.
Hi @wildlife77, thanks for providing your diagnostic.
From your diagnostics, you are missing the wfls_2fa_secrets, wfls_settings tables. Just for my reference to have the full background of things you’ve tried, when manually removing, did you follow the instructions at: https://www.wordfence.com/help/advanced/remove-or-reset/?
You could also select “Delete Wordfence tables and data on deactivation” from the plugin’s All Options page, deactivate the plugin and re-activate to see if the tables are created successfully when doing it this way.
If that fails, It would be a good idea to try Wordfence Assistant to remove all tables & data rather than the manual removal as that has worked for customers with similar issues in the past.
Thanks again,
Mark.
Hello @nosaint, and thanks for sending the diagnostic report.
From the diagnostic, there’s a time offset on your site/device time. There seems to be a time difference of three minutes, i.e. your server time does not match with your device time.
When you’re logged in as an administrator, the bottom of the “Two-Factor Authentication” page shows “Server Time” and “Browser Time.” Server Time needs to match the time on your device that’s running Google Authenticator, otherwise the code won’t work.
Let me know in case the above doesn’t solve your issue.
Thanks,
Mark.