Slot machine near Quezon City, Metro Manila.REGISTER NOW GET FREE 888 PESOS REWARDS!

mingyeungs
(@mingyeungs)

4 years, 6 months ago

I’m using Wordfence with WordPress fastest cache, and noticed that on some (cached) pages, there is this script tag <script type="text/javascript" src="https://mydomain.com/?wordfence_syncAttackData=xxxxx" async></script> inside the <head /> tag.

The script sometimes loads very slowly (>10 sec), and blocks the execution of some window.onload script.

Searching the forum I found https://www.ads-software.com/support/topic/syncattackdata-query-parameters/, which said that this script “isn’t supposed to appear in the page source for visitors…However, it can do that if your site is not able to make the call in the normal way.”.

So, what is needed for Wordfence to make calls in the ‘normal way’?
Also, are there a way to absolutely prevent Wordfence from adding this script (and any other script tag?) under all circumstances?

FYI, the site I’m dealing with is running:

– WordPress 5.4
– Wordfence 7.4.6
– using the MySQLi storage engine mode https://www.wordfence.com/help/firewall/mysqli-storage-engine/
– inside Azure Webapp for Container https://azure.microsoft.com/en-us/services/app-service/containers/
– using the default WordPress Docker image https://hub.docker.com/_/wordpress/
– currently put behind .htpasswd password protection

Any help is appreciated!

Viewing 5 replies - 1 through 5 (of 5 total)

WFGerroald
(@wfgerald)

4 years, 6 months ago

Hey @mingyeungs,

Can you please try whitelisting your server IP and let me know if it helps? If it doesn’t, I’ll bump the developers for their thoughts.

Thanks,

Gerroald

Thread Starter mingyeungs
(@mingyeungs)

4 years, 6 months ago

Dear @wfgerald ,

I tried adding the IP that our domain’s A record specified in the IP whitelist, but it doesn’t seem to make a difference. As our site is running across multiple instances (scale-out), I ain’t sure whether the IP entered is the “server IP” you’re referring to.

Some questions:
1. How often should this script run?
2. What are the drawbacks if we remove the script from the website frontend (assuming we hack the plugin/disable it with hook)?
3. can we do it using a cronjob instead?

The loading time of this script is too unstable – while it has the “async” attribute which solve the blocking issue, it is still make the webpage appears as ‘loading’ in the browser tab, which our client doesn’t accept.

Thank you very much for your help!

WFGerroald
(@wfgerald)

4 years, 6 months ago

Hey @mingyeungs,

Thanks for all of the information.

Can you send me a Diagnostics report so I can get a better overview of your environment? Please navigate to Wordfence > Tools > Diagnostics. Here you can select SEND REPORT BY EMAIL. Please include your www.ads-software.com username and update this thread after you’ve sent it.

Once I receive this I’ll bump the developers.

Thanks,

Gerroald

WFGerroald
(@wfgerald)

4 years, 6 months ago

Hey @mingyeungs,

Also, looking through other similar cases as a test can you switch to a WordPress default theme and visit those links? If those links return a blank page it may be a theme issue.

Please let me know.

Thanks,

Gerroald

Thread Starter mingyeungs
(@mingyeungs)

4 years, 6 months ago

Hi @wfgerald,

I’ve just SEND REPORT BY EMAIL with my username mingyeungs.

Regarding ‘switch to a WordPress default theme and visit those links’, I’m sorry but our client won’t let us make any changes to the site, as their management team is reviewing the site now.

If I visit “https://mydomain.com/?wordfence_syncAttackData=xxxxxxx.xxxx” with a browser using existing theme, it’s 50/50 chance seeing a blank page or seeing the website homepage (both with 200 as response code)

Btw, we’ve temporarily commented out Line 8427 echo "<script type=\"text/javascript\" src=\"$URL\" async></script>"; in wordfenceClass.php, so that the management team won’t be put off by the script issue; and notice a side effect that the ‘complex’ attack block by the firewall is massively reduced (but still very high IMHO). As our site hasn’t been put to live yet, I don’t think we should be seeing any attack, or at least not that high?

Thanks,
Ming

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Avoid syncAttackData script tag in cached pages’ is closed to new replies.

Tags