wfmark
Forum Replies Created
-
Hi @wiezo,
You may need to leave the firewall in Learning Mode for a while.
When the blocked action is repeated, an entry should then be placed in the “Allowlisted URLs” section of the Firewall Options page. If you can see the entry being added there it should then be fine to set the Firewall back to “Enabled and Protecting” and it shouldn’t be blocked going forward.If Learning Mode doesn’t solve the issue, please access the SmartCrawl plugin with Wordfence activated and navigate to your Wordfence > Tools > Live Traffic page, and see whether you find any blocked requests, click on it to expand it, then click “Add Param to Allowlist”.
Let me know how it goes.
Thanks,
Mark.Hi @jamieburchell,
Yes, that explains it.
Are you still seeing the same scan result at the moment?
If so, can you send a diagnostic report to wftest @ wordfence.com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.Thanks,
Mark.
Hi @ chins4, Apologies for the delayed response.
I forgot to turn on notifications for replies on this topic.
Are you still having issues with this?
If so, please send an updated diagnostic report to wftest @ wordfence.com. You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
Thanks,
Mark.Hi @wpmakenorg, Apologies for the delayed response.
You might need to reinstall Wordfence if you’re still seeing the issue.
You can backup your Wordfence settings via the Export option. Navigate to Wordfence > Tools > Import/Export Options and click Export. You can also take note of the current Whitelisted URLs you have in Wordfence > Firewall > All Firewall Options > Whitelisted URLs as these are NOT included in the Import/Export, and will be lost during the re-install.
Here is what is exported: https://www.wordfence.com/help/tools/import-export/
During the export, you will be given a long string of text. Keep this safe, you’ll need it in a few minutes.
After that, enable the option to Delete Wordfence tables and data on deactivation in All Options > General Wordfence Options. You will want to remember to disable this after you reinstall Wordfence again.
After you enable that option, you can deactivate Wordfence from the Plugins area of your site, then delete it. Next, from the plugins area, search for and re-install Wordfence like normal.
It will be like setting Wordfence up for the first time. You will need to enter an email address, and then go into Tools > Import/Export Options and paste that string of text into the Import Wordfence Options field and click the button there.
The firewall will be in Learning Mode by default for 7 days. I would recommend switching this to Enabled and Protected as soon as possible.
Let me know if this helps!
Thanks,
Mark.
From the scan log above, it doesn’t look like you have enabled debugging. Please confirm that:- Go to the Tools > Diagnostics page.
- In the “Debugging Options” section check the circle “Enable debugging mode”.
- Be sure to click to “Save Changes”.
Your Maximum execution time is also still set to 300. Go to your Wordfence > Scan > Manage Scan and locate the “Performance Options” section. Set “Maximum execution time for each scan stage” to 20 then click on “Save Changes”.
Once that’s done, run another scan and copy the last 20 lines or so from the Log (click the “Show Log” link) once the scan finishes and paste them in the post.
Thanks,
Mark.Hi @hebhansen,
I couldn’t find your diagnostic report. Please try the below instead:
Navigate to Wordfence > Tools > Diagnostic page and then click the “Export” button. Send the txt file to wftest@wordfence.com. Add your forum username in the subject and respond here once done. Let me know once you have sent the report.
Thanks,
Mark.
Hi @lcolvin, Thank you for reaching out.
The only other workaround is if you have added your site to Wordfence Central. You can add your public-facing IP address to the Allowlisted IP addresses that bypass 2FA under the the Login Security options.
You can also have another admin user disable 2FA on your account for you.If none of the above options work, you will need to use FTP/SFTP — or any file manager your web host provides via their administration panel to disable Wordfence manually.Let me know if you need any further assistance.
Thanks,
Mark.Hi @rezaulkarim01, Thank you for reaching out.
What can we do for you please? Your question wasn’t quite clear. If possible, could also share a screenshot of the problem you are facing please.
Thanks,
Mark.
Hi @jamieburchell, Thank you for reaching out.
Sometimes it’s been known for a scan to start running around the same time as automatic/manual plugin updates are performed, so picks up the outdated plugins at the start but won’t realize plugins have been updated by the time it ends.
On the free version of Wordfence, a quick scan runs every day, and a full scan runs every 72 hours. The quick scan does check for WPScan vulnerabilities and repository versions, but an updated repository status against your installed plugin list will not refresh until the next full scan is run manually or automatically. This may mean the notice of a modified plugin persists between scans.
Thanks,
Mark.
Hi @wiezo, Thank you for reaching out.
I would suggest changing the Wordfence Web Application Firewall into Learning Mode. From the Wordfence Dashboard, click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now confirm that you are able to save changes on SmartCrawl. Once done, switch the WAF from Learning Mode back to Enabled and Protecting and test to see whether it works as expected.
https://www.wordfence.com/help/firewall/learning-mode/ is an amazing resource for learning more about the WAF and learning mode.
Thanks,
Mark.
Hi @johnshweb, Thank you for reaching out to us.
Please try to clear cache (site plugins and local browser). You can also try to log in from a different internet browser where all browser extensions have been disabled. If you don’t have the same issue in the other internet browser where all browser extensions have been disabled then that indicates a browser extension in your normal browser is breaking our JavaScript.
If you still have the same issue in the other internet browser then your theme or another plugin may be loading JavaScript on our admin pages and creating a conflict.Disable all other plugins except Wordfence , then try again to see if there’s a plugin or theme conflict causing the issue. You could also revert to a default theme, such as Twenty Twenty-Three.
If the issue persists, access wp-admin while keeping a Browser Console open to see if you can detect any JavaScript errors or files that fail to load. If you see any red errors in the console, please take a screenshot and send it to me.
Let me know what you find.
Thanks,
Mark.
Hi @mdtarik, thank you for reaching out.
Do you have 2FA and/or reCAPTCHA enabled in Wordfence? It seems like the message you’re seeing is down to a problem when logging in.
Have you also hidden your WordPress login pages with a plugin? Some plugins and operations require the default WordPress paths so it could be worth disabling any plugins that modify this location and see if the authentication issue gets solved. Currently, Wordfence’s 2FA and reCAPTCHA only works with default login/registration pages for WordPress and WooCommerce so custom paths and pages will likely encounter problems such as this.
Thanks,
Mark.
Hi @tati19, Thank you for reaching out to us.
As Wordfence has already been deleted, please try to clear cache (site plugins and local browser) and disable all other plugins except Elementor , then try again to see if there’s a plugin or theme conflict causing the issue. You could also revert to a default theme, such as Twenty Twenty-Three.
If it works as expected, then re-enable your plugins and theme one by one until the issue recurs to help find the cause.
Let me know how it goes.
Thanks,
Mark.
Hi @justin77, thank you for reaching out.
Usually with regards to site speed, some Wordfence customers can experience problems at times when intensive processes such as scans are running although shared hosting plans, size of website content, and number of installed plugins tend to be the deciding factors in this as the majority of our ~5m site installations work without issue.
We do constantly work on making the plugin faster, perform better, and use less resources but there are not set amounts of RAM, CPU or database queries that we know Wordfence will definitely require in each use-case.
For a screenshot of my recommended Performance setting options – Click Here.
Aside from this, I notice your max_execution_time value is 300, which has been found to be detrimental to scan speed. We have seen issues arise when this number is above 60, so I would suggest altering this before going further.
Your WP_MEMORY_LIMIT is 40M and could be set to 128M or 256M in wp-config.php. WooCommerce, for example, recommends 64M minimum, so if you also have many hits on the site at once especially during a Wordfence scan, a lower limit here could be reached fairly easily. Your PHP memory_limit value could also be adjusted to 128M or 256M to accommodate this change.
I hope this helps you out!
Thanks,
Mark.
Hi @hebhansen,
Please send a diagnostic report to wftest@wordfence.com. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email
Thanks,
Mark.
