Firewall not working

Hi @jcoder90, thanks for getting in touch!

WP Engine doesn’t allow the use of the file-based storage engine for the firewall configuration data so you will need to switch to the MySQLi storage engine: https://www.wordfence.com/help/firewall/mysqli-storage-engine/

You may also find this link helpful: https://www.wordfence.com/blog/2019/08/wordfence-now-works-on-wp-engine-and-with-load-balancers/

Let me know how you get on!

Peter.

Hello,

I tried adding the line of config and toggling the settings. In my debugging mode, it does show MySQLi storage. This might have been the case before adding the snippet of code though. I still am getting brute force attempts that arent being IP blocked though. I also noticed I am getting email notifications about IP’s being blocked for hacking attempts but when going into the blocked IP list, it doesnt show the IP in the list. (Even with the ” Show Wordfence Automatic Blocks” checked).

Any other ideas on things I can try?

Hi @jcoder90,

Are the earlier messages you were seeing of various PHP files being missing now resolved or still showing?

Please ensure that the Wordfence > All Options > Brute Force and Wordfence > All Options > Rate Limiting are switched to “ON”. Under the Brute Force settings in particular, I recommend trying 3-5 for attempts and password resets, counted over 4 hours, with a 30+ minute lockout. I suspect that Count failures over what time period or the lockout time itself might currently be too lenient so rather than not working, it’s simply not being restricted under tight enough conditions before a retry can be attempted and the IPs are removed from the blocked list.

If this doesn’t do the trick, I’ll consult the developers to see if they have any further ideas.

Thanks,

Peter.

Hello,

No, the various PHP files still wont generate but I was assuming they dont need to be generated because the storage method was MYSQL. Yes, brute force and rate limiting are enabled but rate limiting shouldn’t matter because the people attempting brute force are using usernames that are in the “Immediately block the IP of users who try to sign in as these usernames” list. Also, I received an email last night saying,

“Critical Problems: Web Application Firewall is disabled
Firewall issues may be caused by file permission changes or other technical problems. More Details and Instructions”

But when I log in to my instance, the Firewall says enabled. Also, it says its blocking IP’s in the email but it doesnt reflect the IP’s in the block list.

Thanks for the recommendations so far. I appreciate any other help you can give me.

Hi @jcoder90,

Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

Note: For the fastest response time, please make sure and add any information or questions directly to this topic and not the email address above unless asked.

This will assist me in seeing if there are any server configuration issues or errors being reported that have a clear cause.

Thanks again,

Peter.

Hi @jcoder90, I didn’t receive any diagnostics from you so hopefully you were able to solve the problem as we’ve not heard back.

If you have any other Wordfence questions, please start a new topic and we’ll be glad to help you out any time.

Thanks,

Peter.