Tg7777 link login.Claim Your Free 999 Pesos Bonus Today

Marina Kudinova
(@marinakudinova)

2 years, 3 months ago

Hello,

After changing the site setup to two domains, where the secondary language domain is mapped via WPML, I am getting the double slash before wp-admin in all the scan results paths, in e-mails as well. Such links go to my 404 page. The user.ini seems to have the correct path, the $_SERVER[‘SCRIPT_FILENAME’] has just one slash as well. The only place where I found two suspicious slashes in the diagnostic report is: compress.bzip2:// Not sure if it has to do anything with my issue. Hope you can help.

Thank you,
Marina

The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Support wfpeter
(@wfpeter)

2 years, 2 months ago
Hi @marinakudinova, thanks for reaching out to us!

Does this behavior continue after triggering a manual scan too? From my research, this might depend on which domain you used to log in, or if you’re switching languages (intentionally or not) in between. I think a scan log and diagnostics report would be useful in this case so I can take a closer look at your site.

If you could do the following steps for me:
- Go to the Wordfence > Tools > Diagnostics page
- In the “Debugging Options” section check the circle “Enable debugging mode”
- Click to “Save Changes”.
- CANCEL any current scan and start a NEW scan
- Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log once the scan finishes and paste them in this post.
Wordfence > Tools > Diagnostic > Debugging Screenshot

This will help me see exactly what is happening.

Can you also send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks,

Peter.
Thread Starter Marina Kudinova
(@marinakudinova)

2 years, 2 months ago
Hello Peter,

I sent the diagnostic report and here are the last 20 lines of the log:
```
[Dec 08 21:36:43] Starting cron with normal ajax at URL https://wpwebsites.dev/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=standard&cronKey=327edbd9261353bcb4a244a0103d3430&signature=47bb1da9d3fd6acfbf3f94ccca1ca1840a998f9515f44c835dff81e409313003
[Dec 08 21:36:43] Scan engine received request.
[Dec 08 21:36:43] Verifying start request signature.
[Dec 08 21:36:43] Fetching stored cronkey for comparison.
[Dec 08 21:36:43] Checking cronkey: 327edbd9261353bcb4a244a0103d3430 (expecting 327edbd9261353bcb4a244a0103d3430)
[Dec 08 21:36:43] Checking saved cronkey against cronkey param
[Dec 08 21:36:43] Requesting max memory
[Dec 08 21:36:43] Setting up error handling environment
[Dec 08 21:36:43] Setting up scanRunning and starting scan
[Dec 08 21:36:43] Got a true deserialized value back from 'wfsd_engine' with type: object
[Dec 08 21:36:44] Scan process ended after forking.
[Dec 08 21:36:53] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=34accc029faa4334d38186d9e05d3acc8efdd1765acc0dd86d5247a0172a5dd868c7faa52b2727321b20442ee79cb814fea438781c8b03f1cb1bc763018dc1ec&s=eyJ3cCI6IjYuMS4xIiwid2YiOiI3LjguMCIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC93cHdlYnNpdGVzLmRldiIsInNzbHYiOjI2OTQ4ODM5OSwicHYiOiI3LjQuMzMiLCJwdCI6ImxpdGVzcGVlZCIsImN2IjoiNy43MS4wIiwiY3MiOiJPcGVuU1NMXC8xLjEuMXAiLCJzdiI6IkFwYWNoZVwvMi40LjU0IiwiZHYiOiI1LjcuNDAtY2xsLWx2ZSIsImxhbmciOiIifQ&action=suspicious_admin_usernames
[Dec 08 21:36:54] Examining URLs found in the options we scanned for dangerous websites
[Dec 08 21:36:54] Gathering host keys.
[Dec 08 21:36:54] Using MySQLi directly.
[Dec 08 21:36:54] Done examining URLs
[Dec 08 21:36:54] -------------------
[Dec 08 21:36:54] Wordfence used 23.7 MB of memory for scan. Server peak memory usage was: 65.7 MB
[Dec 08 21:36:54] Scan Complete. Scanned 13367 files, 18 plugins, 3 themes, 16 posts, 0 comments and 4827 URLs in 3 minutes 15 seconds.
[Dec 08 21:36:54] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=34accc029faa4334d38186d9e05d3acc8efdd1765acc0dd86d5247a0172a5dd868c7faa52b2727321b20442ee79cb814fea438781c8b03f1cb1bc763018dc1ec&s=eyJ3cCI6IjYuMS4xIiwid2YiOiI3LjguMCIsIm1zIjpmYWxzZ
```
Thank you,
Marina
Plugin Support wfpeter
(@wfpeter)

2 years, 2 months ago

Hi @marinakudinova,

I’m not seeing double slash anywhere than the usual https:// in your manual scan log above and site diagnostics, suggesting that the site hasn’t been configured with a trailing slash that is being duplicated before a folder or path is chosen.

This does lead me to believe that there could be a plugin, such as the translation case I mentioned before, that could be affecting things. I don’t see compress.bzip2:// as the issue because this appears the same way across other resources where I’ve seen it mentioned. It could be worth running Wordfence as a sole plugin just before your scheduled scan time (rather than running a manual one again) to see if you get the same result. It may be hard to enable plugins one-by-one to test which one may be causing it though because of the wait-time between automatic scans. It might also be worth mentioning to your host that you sometimes see double-slashes in paths to see if there are any common configuration points they’re aware of that could be the cause.

Thanks again,
Peter.

Thread Starter Marina Kudinova
(@marinakudinova)

2 years, 1 month ago

Hello Peter,

Thank you for your explanation. I think the problem is with domains mapping via WPML. Since within testing environment, where I have exactly the same site but with the secondary language in the subfolder, not on the separate domain, I do not have the issue with double slash.

Kind regards,

Marina

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Double slash before wp-admin in scan results’ is closed to new replies.

Tags