I manage WordPress sites of 5 different customers which all use the same hosting company Strato (www.strato.de). I had Site Scan enabled for all of these. In the logs of Solid Security I see that they failed mostly in the last weeks due to the rate limit exceeding.

Interestingly, even though it are 5 different customers with independent websites, in the Site Scan logs I can see the same “remote IP” address for all of them. I believe this is due to the fact, that they all use a shared hosting and to the outside of the hosting company they are visible as 1 single IP.

What options to I have to get Site Scans running again and reguarly? Am I right that the risk of accidential rate limits is high for any shared hosting provider? I mean there could even be other companies hosting their websites on a shared hosting without me even knowing it.

Kind regards.

we have encountered that www.ads-software.com is not fully accessible from our domain (cleantalk.org).
Pages are not rendering correctly and returning HTTP 429 error.
Seems like on your side our domain or some part of our IP-adresses are blocked or limited somehow.
We have a script which works with www.ads-software.com and it’s been scheduled to run only hourly. So I think it shouldn’t lead to blocking or rate-limiting our IP-addresses.
How this issue could be solved?
Thank you.

I have set all rate limits for BOTS (except Google) to 30 and 40 for humans Today i got this:

https://drive.google.com/file/d/14zM5TXpAuu5dPJR1X8_6kKl6a9CPhvSd/view?usp=sharing

As you see this is a bot / scrapers that visited around 50 pages per minute. BUT it got banned for as HUMAN exceeded rate.

Any ideas? Thank you

I don’t see any 404 page visits in the traffic feed.

When he input the user email address to the blocked notification screen, he got an error: “Sorry your browser sent an invalid security token when trying to use this form”.

I am trying to figure out if this is a Wordfence bug, or an issue with security on the dev’s side. The 404 rate limit was very strict, I’ve adjusted that to 60 requests per minute. The dev did land on favicon.io page a number of times, but that is excluded from the rate limiting, so I’m not sure what’s going on.

I’m using Wordfence with optimized firewall (prepend .htaccess and LiteSpeed WEB server).

Trying to use a caching plugin what uses PHP (and NOT mod_rewrite) mode to serve pages, Rate Limiting doesn’t work.

I have tried 3 plugins so far, Comet Cache (php mode), WP Supercache (php mode), Faster Cache (php mode) and Rate Limiting doesn’t work.

Searching here, i see that you say the opposite. Am i missing something?

Thanks

I’ve read that this is a normal behavior, to prevent spam attacks.

But is there a way to disable this functions, or set the amount of time between two signups.

In our case there are a few assets to download, so users need to fill Mailpoet forms to get them.

A user can get the first asset by filling the form, but can’t get the second one. We do not like to make them wait so much time.

Also, we have firewall two firewalls in our site, and even if the forms get really under attack, we can setup a Captcha.

Can you help me please?

{
"error": {
"code": 403,
"message": "Quota exceeded for quota metric 'Queries' and limit 'Queries per minute per user' of service 'gmail.googleapis.com' for consumer 'project_number:161471765097'.",
"errors": [
{
"message": "Quota exceeded for quota metric 'Queries' and limit 'Queries per minute per user' of service 'gmail.googleapis.com' for consumer 'project_number:9999999999'.",
"domain": "usageLimits",
"reason": "rateLimitExceeded"
}
],
"status": "PERMISSION_DENIED"
}
}

If I turn off the Cache, it works and throttles with a 503 message as expected.

Otherwise, with caching on, I can view unlimited pages.