Whitelisted URLS not added by Admin

  • Resolved dlechner

    (@dlechner)


    8 years, 6 months ago

    After the most recent Wordfence update I enabled the firewall on my site and I’ve been through the 1 week “whitelisting” period. I see that there is a long list of URLs that have been whitelisted that don’t belong on my site and that involve “downloads” like:
    /wp-content/plugins/wp-miniaudioplayer/map_download.php
    /wp-content/plugins/simple-image-manipulator/controller/download.php
    /wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php
    /wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php
    /wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php
    /wp-content/force-download.php
    /wp-content/themes/felis/download.php
    /wp-content/plugins/candidate-application-form/downloadpdffile.php
    /wp-content/themes/SMWF/inc/download.php
    /wp-content/themes/TheLoft/download.php
    /wp-content/themes/trinity/lib/scripts/download.php
    /wp-content/themes/urbancity/lib/scripts/download.php
    and on and on…all from one IP address. Some involve plugins that aren’t installed and others involve themes that aren’t installed.
    I’ve also had a marked increase in brute force attacks on the site. I had over 1007 emails letting me know that people around the world were trying to login over the past 3 hours. I’m wondering if I’ve got a problem or if this is the indication that wordfence is working the way it should be to lock everyone out? I’ve added admin and test to the usernames to permanently block and that has slowed them down a bit.
    Should I leave all those urls whitelisted even though they are things that aren’t on my website (as far as I know)?

    https://www.ads-software.com/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hello dlechner,
    which version of Wordfence are you using? In version 6.1.4 we released a fix that prevents URLs that return 404 (File not found) from whitelisting.

    If your Firewall is enabled you can remove all obviously incorrect whitelistings from the Firewall page.

    As for the increase in bruteforce this varies from day to day depending on how active the perpetrators are. I find that blocking the usernames they are trying (just like you did) is very effective.

    Thread Starter dlechner

    (@dlechner)

    Thank you for the advice wfasa! I’m using Wordfence 6.1.7.

    Should I delete the whitelistings or just uncheck the enabled box?

    What, if anything, should remain whitelisted? I don’t have any downloads on the site.

    Generally, the only things that should remain whitelisted are things that have been added with your IP-address or possibly your servers IP-address. An exception to this would for example be if you have some form plugin that visitors to your site are using. If you don’t recognize the “download.php” string from any of your plugins or such you can just delete them. If your Firewall is still in “Learning mode” they could get added again. So best time for cleanup is when you set the Wordfence Firewall to enabled. It could have been enabled automatically already if you set it to do that when you first configured it.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Whitelisted URLS not added by Admin’ is closed to new replies.