Firewall in learning mode learned to whitelist hacking scripts

Also, it just occurs to me that almost 100% of these should have resulted in 404s. Seems like that’s a defect to whitelist a URL that responds 404.

I just installed the Firewall and in less than 24 hours I have two sites that each have 48 entries in the “Whitelist” – all from the same IP, two completely different servers, all fake google bot – and as you said, it’s tedious to remove each entry one by one – see my post detailing this same issue – https://www.ads-software.com/support/topic/whitelisted-in-learning-mode-overwhelming

Please implement Select All or at least multi-select actions!!!

Hi,

Thanks for reaching out. We will be adding bulk operations in an upcoming release.

I’ve also sent a request to the dev team to evaluate if we can skip whitelisting during Learning Mode when the request hits a 404 page. It sounds possible and could be useful.

-Matt R

In the learning mode I have a whitelist that has been added from IP
38.95.106.70 I have not added anything. Should I delete this whitelisted IP?

Hi,

Just to follow up, the whitelist bulk editing and preventing whitelisting of hits causing 404s were included in the 6.1.4, the latest release. Thanks for the suggestions.

@gocozumel: It depends on what the whitelist entry is — you can make a new post using the form at the bottom of the Wordfence forum here, and include the details of what appears on the whitelist, so we can check it out.

Thanks!

-Matt R