Unable to update rules for the Wordfence Web Application Firewall

  • I’m using Wordfence Version 7.7.1
    WordPress core: 6.0.3

    I have the following message in WordPress:

    The last rules update for the Wordfence Web Application Firewall was unsuccessful. The last successful update check was January 25, 2021 3:17 pm, so this site may be missing new rules added since then. You may wait for the next automatic attempt or try to Manually Update by clicking the "Manually Refresh Rules" button below the Rules list.

    When I try a manual update I get the response:

    No rules were updated. Please verify you have permissions to write to the /wp-content/wflogs directory.

    This is what I did so far:

    – I disabled all plugins and tried to update manually without success
    – I activated the default theme “Twenty Twenty-Two” and tried to update manually without success
    – I completely removed the “wflogs” folder, then it autoregenerated, tried to update and it throws the same error
    – I’m going to send a report to wftest @ wordfence . com from Tools -> Diagnostics -> Send report by email.

    Can you help me please?
    Thanks in advance.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter Andres Posada Llano

    (@sopada85)

    Update:

    Diagnostic report has been sent successfully.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @sopada85, thanks for sending your diagnostics over!

    By the looks of the server “401: Unauthorized” that we’re receiving back when trying to communicate between our servers and your site, there’s a password required to view your website in the browser.

    Wordfence needs to be able to update rules and perform other checks with free communication between your site and our servers. You could possibly switch to IP-restricted access instead of WWW-Authenticate and set it to allow our IPs through: https://www.wordfence.com/help/advanced/#servers-and-ip-range

    //Edit:
    It does seem possible to mix basic authentication for everyone, except allow certain IPs without it. There’s an example here: https://stackoverflow.com/questions/4102763/apache-basic-authentication-except-for-those-allowed

    Thanks,

    Peter.

    • This reply was modified 2 years, 3 months ago by wfpeter. Reason: Added further information about Authentication
    Plugin Support wfpeter

    (@wfpeter)

    Hi again @sopada85, I’ve just been looking into this a little more.

    We do have many customers running sites on many environments so this just crossed my mind in relation to WP Engine. The MySQLi storage engine is used for rules by default, so the physical rules files don’t matter in this case.

    WP Engine’s control panel has a lock-icon button with a tooltip “Enable password protection”, which enables the basic authentication you’re using. As a result of this, my thoughts about allowing our IPs through may not be related to the StackOverflow thread. This might need assistance from WP Engine support to allow the site to connect back to itself, and/or to allow connections from our servers. Your site potentially looks like a staging environment, but regardless of this WP Engine has moved away from .htaccess so the solution to this may require their assistance.

    Thanks,

    Peter.

    Thread Starter Andres Posada Llano

    (@sopada85)

    Hi wfpeter,

    Thanks for your answer and help on this.

    You are right, that is a staging environment in WPE. Now I just sent a new report to the same email from the live/production environment.

    I hope now you can communicate to our website.

    Thanks again for your valuable help.

    Thread Starter Andres Posada Llano

    (@sopada85)

    Hey wfpeter,

    I believe you must be super busy, yet I am just following you to check if you got a chance to look for the solution I asked for in the previous message.

    Please let me know if there is anything that I need to clarify or if you have any questions.

    Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Unable to update rules for the Wordfence Web Application Firewall’ is closed to new replies.