blocked by .htaccess/firewall (http error 401)

First off, I think you misunderstand what we are doing when we connect back to our servers. One of the number one reasons sites are exploited or hacked is not updating wordpress core files, plugins, and theme. We have a mirror of the official wordpress repository of those things on our server. I suppose we could download every plugin and theme version to your server to completely make it self standing but if someone isn’t updating your plugins and themes already odds are they won’t update that either. Licensing is only a small part of what goes on. We’re also looking for specific exploits and signs pointing to various hacks that are known. Security vulnerabilities are outed every day. Can you imagine the amount of updates you would have to do almost every day just to stay current?

Personally I have a large company I manage sites for. At least 15 are internal only with 10.X.X.X addresses, however I have yet to have an issue running a scan.

Please check firewall, etc. Maybe look for plugins that are causing an extra security layer, etc. Since they are internal, I assume that granting temp admin access is out of the question. Do a connectivity test (bottom of the options page) and paste here. A copy of the error logs with errors specific to wordfence and noc1 might be good too.

Thanks

tim

Hi Tim.

Thanks for response, but you have not to explain yourself. Be sure, I know a few about your business. I know some more about IT infrastructure, but a few about public internet services.
Now we will have a deeper look to site which is on a public system (85.x.x.x) without a firewall in front, but a .htaccess configuration which restrict the access from the public internet (“require valid-user”).

List of plugins at this WP site:
Wordfence Security
WP Overview (lite)
nothing more, is only a test site.

Configuration:
Key type [free Key]
Enable debugging mode [no]
Disable Wordfence Cookies [yes]
Start all scans remotely [no]
Disable config caching [yes]

connectivity test to Wordfence servers:
DNS lookup for noc1.wordfence.com returns: 69.46.36.8
STARTING CURL http CONNECTION TEST….
Curl connectivity test passed.
STARTING CURL https CONNECTION TEST….
Curl connectivity test passed.
Starting wp_remote_post() test
wp_remote_post() test to noc1.wordfence.com passed!
Starting wp_remote_post() test
wp_remote_post() test to noc1.wordfence.com passed!

=== Test 1 Start ===

Now I start a scan manually… and…
result from “Scan Summary” window:
– nothing – still empty window –

result from “Scan Detailed Activity” window:
– nothing – still empty window –

=== Test 1 End ===

Now I do some changes at the config pane:
Enable debugging mode [yes]
Start all scans remotely [yes]

=== Test 2 Start ===

Now I start a scan manually… and…
result from “Scan Summary” window:
– nothing – still empty window –

result from “Scan Detailed Activity” window:
[Nov 25 12:03:19] CURL fetching URL: https://noc1.wordfence.com//v2.14/?v=4.0.1&s=http%3A%2F%<mysite.tld>%2F<WPdir>&k=<freeKey>&action=ping_api_key
[Nov 25 12:03:48] Ajax request received to start scan.
[Nov 25 12:03:48] Entering start scan routine
[Nov 25 12:03:48] Got value from wf config maxExecutionTime: 22
[Nov 25 12:03:48] getMaxExecutionTime() returning config value: 22
[Nov 25 12:03:48] Starting cron via proxy at URL https://noc1.wordfence.com/scanp/<mysite.tld>/<WPdir>/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=<cronKey&gt;
[Nov 25 12:03:50] Scan process ended after forking.

=== Test 2 End ===

But in the httpd server log, there I see the reason why the job is not starting:
scan1 “GET /<WPdir>/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=<cronKey> HTTP/1.1” 401 “Wordfence cron”
scan1 “GET /<WPdir>/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=<cronKey> HTTP/1.1” 401 “Wordfence cron”
scan1 “GET /<WPdir>/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=<cronKey> HTTP/1.1” 401 “Wordfence cron”
scan1 “GET /<WPdir>/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=<cronKey> HTTP/1.1” 401 “Wordfence cron”
scan1 “GET /<WPdir>/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=<cronKey> HTTP/1.1” 401 “Wordfence cron”

And this error appears at all possible configurations. So. I have some questions:
– why is this job not linked to the WPcron itself
– why do you do a deep link to a directory which is recommended to be secured with a .htaccess file
– why do you not show a link at the config pane to configure a job who can do this on the local machine
– why do you security promise, but a dependency created which brings a security risk

last I will explain: if someone disconnect your servers and/or from the internet (is not as hard to realize than most think of!) all the WP sites which are secured by Wordfence do not recognize this or don’t scan their site any more. then they can be all manipulate without any message from the Wordfence service.

You should think about the design, you can still deliver all you service, but with a few changes you will raise the level of security.

But the one and only, wherein I’m interessted in: how to install a WP site with Wordfence inside a secured by .htaccess file directory?

Thanks for support,
Regula.

By any chance are you blocking the wp-admin folder? Or access to the admin-ajax.php file?

tim