Finding but not preventing

To answer your question, because just like everyone or everything else criminal on the internet, Wordfence can’t prevent everything. In my opinion WF actually prevents very little for a previously hardened WordPress install, while if Wordfence is set up to be a effective as possible it does an enormous amount of blocking that’s probably not necessary but one has to use in a sort of master blaster approach to IP blocking — along with the annoyance of Wordfence expending resources on useless UI redesigns instead of core improvements and added features. Instead, it’s up to us to fix the damage if something slips through. You clearly need a permanent fix, what you are doing is temporary and not really “clean.”

Would the paid version help?
Wordfence has the description of the attack (it finds it at scan), just doesn’t see it when it’s done?
Or any other functionality from the free version (still testing this software) that prevents wp-load.php to be written?

Is wp-load.php a writeable file anyway?
It’s the same for all my websites.

Thank so much! ??
Llyane

Hello

Is this valid Whitelisted 404 URLs
(These URL patterns will be excluded from the throttling rules used to limit crawlers.)

/favicon.ico
/apple-touch-icon*.png
/*@2x.png
/browserconfig.xml

Thanks,
Llyane

If you exclude country blocking, the Premium version does very little if anything you’d really need if you’re careful and pay attention. For example, it audits your passwords, but if you use reasonable hard passwords you don’t need that. I pay for premium and am beginning to wonder why. On the other hand, you might be wise to hire Wordfence site cleaning service and utilize whatever deal they give you. MTN

Yes, I’m starting to see that I can tighten up my firewall quite a bit.
Not sure how much is too much, though.
The defaults look really loose.
Would the support team help with choosing the right settings?
Thank you so much, MTN

Nelida

I’ll bet the site cleaning team will be super helpful. I’ve heard good things. MTN

Are they not pitching in here with answers?
Thanks,
Nelida

On weekends, we’re on our own.

Hi @frenchonskype,

It’s very likely that whoever is placing that code there is using a PHP backdoor which could have been installed via an infected plugin/theme at some stage –possibly prior to the installation of Wordfence.

What I highly advise is that you follow all steps outlined in our site cleaning guide in order to restore your site’s integrity.

I’m getting my plugins and themes from clean sources.

From the page you sent me, I’ve done:
Go to the Wordfence options page and make sure that under the “Scans to include” heading, absolutely everything is selected including the option to scan files outside your WordPress installation.

The scan is cleaned.

Passwords are changed.

What else?
Thanks,
Nelida

I feel that the firewall is very loosely setup; tightened up some features, but not sure what’s too much.

Any advice here?
Thanks,
Nelida

Another question:
what is a good setting for these firewall parameters, all unlimited by default

If anyone’s requests exceed (unlimited)

If a crawler’s page views exceed

If a crawler’s pages not found (404s) exceed

If a human’s page views exceed

If a human’s pages not found (404s) exceed

If 404s for known vulnerable URLs exceed

Thanks again,
Nelida

Every site is different, I remember the Wordfence guys have some suggestions for initial settings, but I don’t remember what those were. Perhaps someone else does, or tomorrow you’ll get an answer. Here is the WF documentation, it’s pretty good.

https://www.wordfence.com/help/firewall/rate-limiting/?utm_source=plugin&utm_medium=pluginUI&utm_campaign=docsIconMTN

Oh, I like this, MTN, thanks a lot – helps me until tomorrow.
Nelida