Wordfence 6.1.2 broken on WP 3.9

Why not just upgrade WordPress to the latest version? 3.9 is an extremely out of date version (2 years old) and has 23 known vulnerabilities. There really is no point to using a security plugin if you don’t keep your WordPress install up to date. You still need to use good security practices.

I can’t say that I disagree with you. Unfortunately, the folks that originally setup this WordPress instance made lots of modifications to WordPress core such that I can’t just upgrade WordPress without breaking existing site functionality. ??

…made lots of modifications to WordPress core..

equal bad practice and recipe for disaster. It will get a lot messy in long run.

Oh man…that sucks. I’m really sorry to hear that. I don’t know why they would ever do that. They should have never hacked the core…even if there is functionality that can’t be done by an existing plugin, you can create a child theme and put it in the functions.php file. Then you’re 100% upgradable.

Being that the risk is so high with running 3.9, I would say that at some point though I think it’s worth finding a new developer to upgrade it for you and migrate the functionality by transferring the extra code to equivalent plugins and a functions.php file. Just friendly advice. Your call though. As a plugin developer I can tell you that not too many plugins will be supporting anything below 4.0 for much longer.

@monkeyleo13

equal bad practice and recipe for disaster. It will get a lot messy in long run.

Seriously! True story.

I completely agree with Scott. Eventually, it’s going to have to be done, because the site as-is is a ticking time bomb.

I’ve never had anyone hack the core directly, but I have had someone directly modify template files for the theme. So, I had to create a child theme after I figured out which files were actually modified.

So, I can feel your pain. Definitely something that should be done though. Good luck!

Edit: No delete button? I thought I had a fix but nope. Sorry.

@pasmith: Sorry to hear man. One suggestion: Use the WP-Rollback Plugin, and roll WordFence back to version 6.0.25. We did that and we’re on 4.5. If that doesn’t work, then export your settings (the bottom of the WordFence options page), save that API somewhere safe, and uninstall/reinstall the plugin from scratch. Then import the API key in with your settings. (Unless you have a DB backup from yesterday or so…that would be best.)

Even with WP 4.5 we’re not thrilled with the whole new WAF, and how it takes over the admin with no way to make the nags go away (even once you deactivate). I love WF but this whole WAF feature needs a bit of tweaking before it’s ready for primetime.

Hope that helps! ??

@scott Allen — Thanks so much for the reply. WP Rollback doesn’t work on WP 3.9 but I’m definitely going to make use of it on our new site; seems like a really handy plugin.

Instead I followed your steps (and I never would’ve noticed the settings export/import options so you saved me a TON of time with that) and we seem to be back in business.

Again, thanks!

@pasmith: You’re welcome. ?? It does work on 3.9, just not the latest version. Sorry, I should have clarified…if you install Version 1.2.4 of WP-Rollback (the 2nd newest version) it will work. You can grab old versions from here: https://www.ads-software.com/plugins/wp-rollback/developers/

Yes, WP-Rollback is great. ??

Outstanding…glad the alternate option worked. You’re very welcome. ??