Conflict with Woocommerce

Hi @aflorarte, thanks for getting in touch.

When I visit recorreba.com/producto/argentina-del-progreso/, I don’t experience the redirection described. This is perhaps as I am not signed in, even as a WooCommerce user on your site. Wordfence doesn’t trigger redirects such as this as part of its design so this behavior is usually a theme or plugin issue.

Caching could be an issue for you as I, as a new visitor didn’t see the same results. However, I think though that the “redirect_to” is triggered by a plugin installed to hide your WordPress login URL and could potentially resolve by disabling this. With certain “security through obscurity” methods such as this, we feel this only serves to slightly slow down somebody with malicious intent rather than stop them: https://www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/

Let me know what you find. A possible test could be running your site with only the WooCommerce/Wordfence combination of plugins and a default theme such as Twenty Twenty-One. Reintroduce plugins one-by-one, and finally your theme to see when the problem starts presenting itself.

Thanks,

Peter.

Hello and thank you for your reply

That was my bad as I misspelled the url where I wrote. The problem is in https://recorreba.com/argentina-del-progreso-

`However, If you paste this address recorreba.com/argentina-del-progreso/ in the nav bar you will experience redirection to https://recorreba.com/arquitectura-en-argentina/?redirect_to=%2Fargentina-del-progresosss%2F and this redirection issue is now present in every URL containing the restricted content I am selling through Woocommerce. At this moment all pages related to protected content sold through Woocommerce would redirect, Examples:
recorreba.com/brutalismo
recorreba.com/planes-urbanos
https://recorreba.com/tipologias-de-viviendas/, etc.`

Regarding Caching, I had already purged cache from CloudFlare. I have purged it again today.

Regarding WPS Hide Login, I tried disabling it and unfortunately, that did not resolve the issue either.

IF YOU ALLOW ME TO ADD:

AS I wrote at the begining of this ticket, In a recent WordFence update

In the last update an alert was displaying in my dashboard alerting of possible conflicts with Woocommerce sites. It was related to WordFence Firewall.

WordFebce prompted me to manually update those because Woocommerce could be affected if I didn′t. I clicked to “manually update” and as I did that, the alert disappeared together with the page. Unfortunately clicking “manually update” did not make any changes, and the issues still persist.

I remember having seeing in that page that I lost, some boxes which were supposed to be filled in one of the WordFence setting pages. I could see boxes to configure Members and Roles. (All my members and Roles where displayed in those boxes.
As I say, the page disappeared, I was unable to fill those boxes then, and I am unable to find those boxes now.) I have this doubt if the page could be this one:
https://recorreba.com/wp-admin/admin.php?page=WFLS#top#settings

When I clicked to “manually set”, that page dissappeared and I would need help to trace it or confirme this is the page. In which case I need to understand how to configure Roles and Members WordFence settings. As these are the ones that are compromised in this case.

What I see is in WordFence Login Security is:

`2FA Roles
Administrator

Optional
Editor

Disabled
Author

Disabled
Contributor

Disabled
Subscriber

Disabled
Customer

Disabled
Shop manager

Disabled
argentina-progreso

Disabled
rua-brutalismo

Disabled
rua-arq-estado

Disabled
rua-racionalismo-3-lecorbusier

Disabled
rua-modernismo-1

Disabled
rua-modernismo-2

Disabled
rua-racionalismo-1

Disabled
rua-transporte

Disabled
rua-servicios

Disabled
rua-viviendas-1

Disabled
rua-planes-urbanos

Disabled
rua-viviendas-2

Disabled
rua-racionalismo-2

Disabled
RUA-ART-DECO

Disabled

By default, the customer role provided by WooCommerce does not have access to admin pages and therefore users in this role cannot configure two-factor authentication at this time. A 2FA setup process will be available for the customer role in an upcoming release.

Grace Period`

10
days

For roles that require 2FA, users will have this many days to set up 2FA. Failure to set up 2FA during this period will result in the user losing account access. This grace period will apply to new users from the time of account creation. For existing users, this grace period will apply relative to the time at which the requirement is implemented. This grace period will not automatically apply to admins and must be manually enabled for each admin user.

TO NOTICE:

I have
Enable WooCommerce integration (SET TO YES)
When enabled, reCAPTCHA and 2FA prompt support will be added to WooCommerce login and registration forms in addition to the default WordPress forms. Testing WooCommerce forms after enabling this feature is recommended to ensure plugin compatibility.
These are not roles assigned by Woocommerce but by Membership plugin.

Also, I don′t remember having set 2 factor authentication.

In https://www.wordfence.com/help/login-security/

Users must be able to see wp-admin pages in order to set up 2FA, so it is not recommended to require 2FA for roles who cannot use wp-admin. For example, if you use WooCommerce or a forum plugin that does not allow low-privileged roles to see wp-admin, you should not require 2FA for Customer or Subscriber roles.

And I′m afraid this is very much my case because none of my roles except for Admin are supposed to be able to access wp-admin pages.

So I think it is ok to have them set as DISABLED.

Please clarify

All this is so confusing for me, Any further suggestions will be so much appreciated !!

Regards

Liliana

• This reply was modified 3 years, 2 months ago by aflorarte.
• This reply was modified 3 years, 2 months ago by aflorarte.
• This reply was modified 3 years, 2 months ago by aflorarte.
• This reply was modified 3 years, 2 months ago by aflorarte.