wfmark

Hi @anafasia , thanks for reaching out.

We have seen the Scan Engine Error: The signature on the request to start a scan is invalid. Please try again. message solved by deactivating and reactivating Wordfence or a complete plugin reinstallation in the past, so that could be worth a try. You can choose to keep plugin settings when deactivating Wordfence from the WordPress > Plugins page.

This issue has sometimes been caused by caching, so it might be good to clear any caching plugins or site caching you have enabled to see if it rectifies the issue. Also, ensure that Wordfence > Tools > Diagnostics > Debugging Options > Start all scans remotely isn’t enabled.

If that doesn’t solve the issue, please do the following for me:

• Go to the Wordfence > Tools > Diagnostics page
• In the “Debugging Options” section, check the circle “Enable debugging mode”
• Click “Save Changes”.
• CANCEL any current scan and start a NEW scan
• Copy the last 20 lines from the log (click the “Show Log” link) or so of the activity log once the scan finishes and paste them in this post.

This will help me see exactly what is happening when the scan fails. Additionally, please send us a diagnostic report from the “Diagnostics” page to wftest@wordfence.com. You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

The log plus diagnostics would give us a good amount of information to try getting to the bottom of it for you.

Thanks,

Mark.

Hi @scruffy1 , thanks for reaching out to us.

Can you please confirm the setting you used to block this domain?

If you want to block traffic where the referral headers come from a specific domain, please try this:

1) Go to Wordfence > Firewall > Blocking
2) Choose a Custom Pattern
3) Put *allbrands.com* for the Referrer
4) Put anything for the block reason

This method, of course, can also be used for other IPs or referrers in the future for similar issues from other sources.

Let me know if this helps.

Thanks,

Mark.

Hi @gtcdesign , thank you for reaching out to us.

From the description above, it seems you have enabled the Immediately Lock Out invalid usernames option in the Brute Force Protection section.

Wordfence will immediately lock out anyone who attempts to log in with an invalid username when the option above is enabled. Please note that your real users may mistype their usernames and get locked out. We recommend enabling this feature for sites that have a low number of users, such as 1 or 2 administrators and/or possibly a few editors. 

To disable this, access the WordFence> Firewall> Manage Brute Force Protection section and uncheck the Immediately lock out invalid usernames. Remember to save your changes.

You can also find and unblock the IP address of the users that are locked out on the Wordfence> Firewall > Blocking page. Select the checkbox next to the block entry, then click the “Unblock” button.

Just to confirm, are you using the default login flow or a membership plugin? If by any chance you are using WooCommerce please be sure to enable WooCommerce integration under Wordfence> Login Security> Settings .

Let me know if this helps.

Thanks,

Mark

Hello @franckw, thanks for reaching out to us.

To stop this spam registrations on the site, I recommend enabling reCAPTCHA in Wordfence > Login Security > Settings> Enable reCAPTCHA on the login and user registration pages so that the default WordPress registration page can only be used by humans.

General treatment of bots can also be set in the Rate Limiting section of  Wordfence > All Options to limit how many pages visitors and automated crawlers can access your website per minute as described in this article https://www.wordfence.com/help/firewall/rate-limiting/ 

You could also consider installing a dedicated anti-spam plugin if you’re not currently using one. You can find a few recommended plugins here https://wordpress.org/plugins/search/antispam/  

Let me know if this helps.

Thanks,

Mark.

Hi @webexs , thank you for contacting us.

Can you please confirm the block reason you’re seeing on the Wordfence Block Page when you access the site? 

If the IP address has been blocked for violating any rules configured in Wordfence, it should be listed under Wordfence> Blocking with a reason for the block. These blocks usually expire after some time, depending on your settings.

To unblock the IP address, navigate to Wordfence > Firewall > Blocking. Select the checkmark next to the block entry, then click the “Unblock” button.

If you can’t find the IP address on the Blocking page above, check the Live Traffic Page under Wordfence> Tools>Live Traffic and use the advanced filters to specify the IP address that is blocked. Expand the results using the view (eye) icon and share a screenshot of the Live Traffic entry.

Thanks,

Mark

Hi @mtnweekly , thanks for reaching out.

Can you please confirm the Wordfence version you’re on? Wordfence appends a parameter during the process of checking whether a visitor is human but hasn’t used the name wordfence_logHuman for quite some time. We’re unable to provide support for older versions of the plugin and recommend that customers keep WordPress, Wordfence, and other plugins up-to-date at all times to ensure the security of their site.

The Live Traffic feature in Wordfence uses  ?wordfence_lh=x&hid=xxx… query string URLs, and so these are normal to observe. When these URLs are visited, the expected behavior is to return a blank page. With time, Google should recognize that those paths are not useful to crawl.

If the URLs in your case don’t return a blank page, it indicates that Google bots are listing different query string combinations as legitimate site pages, which is often due to a theme misconfiguration – automatically redirecting any invalid page URLs to the homepage.

You may need to consult your theme developer or address plugin/custom code settings that might be causing this behaviour.

Thanks,
Mark.

Hi @alexliii, thanks for reaching out.

Wordfence can’t be deactivated on a subsite, as it can only be installed as a Network-activated plugin on multisite setups.

Do you have specific problems or a particular use-case that requires Wordfence to be disabled on this particular subsite?

Please let me know.

Thanks,

Mark.

Hi @grahappa , thanks for reaching out.

This is currently not a feature available in Wordfence. We currently have options to allowlist IP addresses so they can bypass Wordfence Rules and 2FA or reCAPTCHA.

The closest feature to what you want is on the Wordfence > Firewall > All Firewall Options page in the Brute Force Protection section. You can input specific usernames/emails for which you see login attempts in the textbox next to “Immediately block the IP of users who try to sign in as these usernames.” Don’t forget to save the changes before leaving the page.

You can read more about this feature here – https://www.wordfence.com/help/firewall/brute-force/#lockout-usernames 

Please note that this option will not prevent users or bots from registering using the same username or email. If you’re seeing any spam registrations on the site, you will need to enable reCAPTCHA in Wordfence > Login Security > Settings so that the default WordPress registration page can only be used by humans.

General treatment of bots can also be set in the Rate Limiting section of  Wordfence > All Options to limit how many pages visitors and automated crawlers can access your website per minute as described in this article https://www.wordfence.com/help/firewall/rate-limiting/ 

Let me know in case you need any further assistance.

Thanks,

Mark.