wfmark
Forum Replies Created
-
Hi @danesthesia , thanks for reaching out.
Unfortunately, our 2FA and reCAPTCHA features are only supported for the default WordPress/WooCommerce login and registration pages and may not work on custom versions of these pages created manually or by other plugins/themes, which explains why you’re having trouble with this.
We have plans to expand our compatibility in the future, although we cannot commit to timelines here on forums.
Thanks,
Mark.
Hi @satellitewp ,
Thank you for getting back to us.
We made changes to the free license sign-up process. Existing free site keys created before the change will continue working, but all new installations require you to register for a new key.
You can see the reasoning behind why we changed the free signup process in the following blog post: https://www.wordfence.com/blog/2022/11/wordfence-7-8-0-announcement/
Please click on the Resume installation button on the sites with issues and follow the instructions in the video on the page below to obtain a free license key.
https://www.wordfence.com/help/api-key/#installing-your-free-license-key
Please note that you can use the same email address to obtain license keys for all your sites. There’s no limit to the number of free sites a single email address can configure.
Let me know in case you have any issues.
Thanks,
Mark.
Hi @arsah ,
Thanks for getting back.
It sounds like Wordfence is not detecting IP addresses correctly on your site. Take note of your IP as displayed on https://www.whatsmyip.org. Please note that this detection can sometimes not be 100% accurate on cellular phone network connections.
Navigate to Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs and reference the area under that section that says Detected IPs and Your IP with this setting. Start from the top and check to see if any of the settings show the same IP as the site above does.
Let me know how it goes.
Thanks,
Mark.
You’re welcome @joeyjosay .
Country Blocking is a premium feature, and we aren’t allowed to discuss those here as per forum rules. Please contact presales@wordfence.com for more information on this feature.
For your second question, we do not typically recommend blocking IPs permanently, as attackers rarely reuse IP addresses. For more information, please check out the blog post below: https://www.wordfence.com/blog/2017/11/should-permantly-block-ips/
Thanks,
Mark
Hi @wpfanar ,
Thank you for getting back to us.
Typically, the Block IPs who send POST requests with blank User-Agent and Referer option is one we recommend keeping enabled. You can see our documentation on that here: https://www.wordfence.com/help/firewall/brute-force/#block-blank-post
Let us know if you’d like to look at the diagnostics to see if anything stands out going forward.
Thanks,
Mark
Hi @jakeparis , thank you for reaching out.
Unfortunately, it is not possible to use a different database for firewall data only as the connection information is pulled from wp-config.php. The tables used are expected to be the same both at the Wordfence Application Firewall level and the WordPress level.
The option to define WWAF constants should be used when your database settings cannot be read automatically from wp-config.php.
By default, Wordfence stores firewall data in ~wp-content/wflogs/. The option to use an alternate database makes it possible for sites to store firewall data in the MySQL database instead.
Please note that we only recommend using this option if your site is unable to read and write to the firewall files consistently, or if your host uses multiple web servers that do not share the same filesystem, since better performance and efficient resource usage are likely when using the default file-based storage on most hosts.
Let me know in case you have any further questions.
Thanks,
Mark
Hi @arsah , thanks for reaching out.
I tested IP-blocking on my end, and it is working as expected. Did you block the IP via the Wordfence > Firewall > Blocking > IP Address section?
If so, can you please confirm that you have blocked your public-facing IP address? It should be the same as the IP listed here – https://whatsmyip.com/ on the device you’re using to access the site.
If your IP address is blocked, you should see a Wordfence “Manual Block by Administrator” blocking page when you access the site.
You could also try clearing the cache on your browser or adding a cache-busting string to the end of the URL, such as /?no=cache, as you may be viewing a cached page.
Let me know how it goes.
Thanks,
Mark
Hi @thomasdpswe , thanks for reaching out.
These are files generated by SimplePie or other caching plugins to speed up the site. This is very common for caching plugins and should be safe to ignore.
You should be able to select “Ignore” for the results in the Wordfence > Scan page so that it does not appear in subsequent scans under the “Results Found” tab. It will appear under the “Ignored Results” tab instead.
Thanks,
Mark.
Hi @joeyjosay , thank you for reaching out.
To see the targeted file, please check Live Traffic at the same timestamp for additional information via Wordfence > Tools > Live Traffic > Show Advanced Filters > Filter > IP = (enter 209.38.200.253 in the IP field and click enter). The Live Traffic entries have more details about the block.
Another option is to check the raw access logs on the server for the IPs and hits around that time.
In most cases, a vulnerability in a specific plugin or version of WordPress isn’t tested in advance, and an attack will just hit a site, hoping something will work. Therefore, it’s best to stay up-to-date with WordPress & plugins and let Wordfence protect the site.
Increases in attacks and blocks can be alarming to see, however, in this case, there is no further action needed with Wordfence blocking the hits.
Thanks,
Mark
Hi @satellitewp , thank you for reaching out.
Can you please confirm if you’ve entered a valid license or gone through the process to get a new license for each site after installing the plugin on the sites? You will need to enter a license after installation to complete the setup.
Usually, the yellow “Wordfence installation is incomplete” bar indicates that you haven’t installed a new or existing license or that the admin email address has been removed from the Wordfence settings.
If you’re seeing this error when a license key is installed, please click the “Resume Installation” button while keeping a Browser Console open to see if you can detect any JavaScript errors or files that fail to load. If you see any red text in the console, please take a screenshot and send it to me.
Thanks,
Mark.
Hi @perfectfit , thank you for reaching out.
With Wordfence activated, could you please request one of the users to attempt commenting on a post, then head over to Wordfence > Tools> Live Traffic (Expand All Results), if Wordfence is blocking this, there should be an entry that explains more about the traffic and why Wordfence took the actions it did. Please share a screenshot of any blocked entries and share it with me.
There’s also a possibility that this could be a false positive. Sometimes, plugins or themes may exhibit behaviour that resembles known attack patterns, resulting in the Wordfence Firewall blocking something that is not malicious. I suggest we try switching the Firewall to Learning mode, as it might help Wordfence allow comments on the post.
From the Wordfence Dashboard, click on Manage WAF. Then, you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now proceed to post a comment. This will help Wordfence learn that these actions are normal and will allow them in the future. After you have finished the user registration, switch the WAF from Learning Mode back to Enabled and Protecting, then test to see that users can still comment.
https://www.wordfence.com/help/firewall/learning-mode/ is an amazing resource for learning more about the WAF and learning mode.
Thanks,
Mark.
Hi @farehamweb, thank you for reaching out.
Could you please confirm if you are seeing any Wordfence-related error message on your end when you try to log in?
When logged in to wp-admin from your hosting account, head over to Wordfence > Tools> Live Traffic (Expand All Results) and share a screenshot of any live traffic entries of the failed login attempts. If there’s nothing there, the Traffic Logging Mode may need to be changed to ALL TRAFFIC temporarily, and then re-visit the site to log the attempt.
You could also try to rename the /wp-content/plugins/wordfence directory to wordfence.bak, then see whether you’re able to log in. This will help determine whether Wordfence is preventing you from signing in.
Additionally, please send a diagnostic report to wftest@wordfence. \com using the link at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email
Thanks,
Mark.
You’re welcome, @voodoochill.
Are you always using the same device and browser when these issues occur or when the login is successful? If you’re using a different device or browser with different extensions, the low scores may be related to that.
Thanks,
Mark.
Hi @birken,
To resolve the issue before our next update, you can disable the “Scan for out-of-date, abandoned, and vulnerable plugins, themes, and WordPress versions” in the Wordfence > Scan > Manage Scan > General Options section. Remember to save your changes.
That will make it so the scan no longer checks for plugins that need updates. You can still check your Plugins area to confirm which plugins need to be updated and update those there. After updating Wordfence the next time, please re-enable that option and see if the issue persists.
Thanks,
Mark.
Hi @wpfanar, thanks for reaching out.
Wordfence runs the wordfence_syncAttackData script to ensure malware signatures and rules are up-to-date with the latest ones we have released and to update the Live Traffic page. Usually, 403 or 503 blocks by the firewall trigger the need to sync, so seeing syncAttackData triggered with one of these HTTP error codes is expected.
If you start seeing these requests excessively, your server’s IP address may be blocked. I recommend checking your Wordfence > Tools > Diagnostics page to see if you’re getting any errors under the Connectivity section> Connecting back to this site.
Let me know what you find.
Thanks,
Mark.
