wordfence blocking access – great but how?

Hi @pattycake22

Thanks for reaching out!

It really depends on the block reason!

You can see exactly why people were blocked in Live Traffic.

If you want to send a screenshot over I may be able to explain.
Thanks,

Joshua

Most are saying: “blocked by the Wordfence Security Network”

Check that – ALL of them are showing that

Question 1. Does that mean that the login was checked against a database being maintained by Wordfence?

Question 2. Last question – I get a gob of alerts, all as requested. But I don’t get an alert on a login that was blocked. Is there a setting I missed so I can get alerts on all blocked logins?

• This reply was modified 1 year, 8 months ago by pattycake22.
• This reply was modified 1 year, 8 months ago by pattycake22.
• This reply was modified 1 year, 8 months ago by pattycake22.

Hi @pattycake22

Thanks for getting back to me!
That is correct, those are malicious users being blocked by our Real Time I Blocklist.

Would it be possible to head over to global options and send me a screenshot of the alerts settings?

Thanks,

Joshua

> Would it be possible to head over to global options and send me a screenshot of the alerts settings?Thanks

A screen shot won’t capture that page – it would be about 2 screen shots but, I have everything checked on except the first item
Email me when Wordfence is automatically updated. If you have automatic updates enabled (see above), you’ll get an email when an update occurs.

Site is https://starkfutureusa.com

Warning – Getting the red alert page from google that the site is dangerous – it’s a result of the recent hack that I ended up wiping the entire site and starting over – hence the installation of Wordfence..  It’s not malicious anymore, but I’m guessing it was from due to hack that led me to Wordfence.  Not sure how long I have to wait until that message goes away.

Btw:  Error logs being created with alerts about wordfence: three entries today –

[23-Mar-2023 19:03:46 UTC] Cron reschedule event error for hook: wordfence_ls_ntp_cron, Error code: could_not_set, Error message: The cron event list could not be saved., Data: {“schedule”:”hourly”,”args”:[],”interval”:3600}

[23-Mar-2023 23:52:37 UTC] Cron reschedule event error for hook: action_scheduler_run_queue, Error code: could_not_set, Error message: The cron event list could not be saved., Data: {“schedule”:”every_minute”,”args”:[“WP Cron”],”interval”:60}

[23-Mar-2023 23:52:37 UTC] Cron reschedule event error for hook: wordfence_ls_ntp_cron, Error code: could_not_set, Error message: The cron event list could not be saved., Data: {“schedule”:”hourly”,”args”:[],”interval”:3600}

• This reply was modified 1 year, 8 months ago by pattycake22.
• This reply was modified 1 year, 8 months ago by pattycake22.

Hi @pattycake22

Can you confirm that Wordfence Global Options -> Email Alert Preferences -> “Alert when someone is locked out from login” has been enabled?

As for the error messages, I recommend reaching out to your hosting provider to see if your Cron jobs are running properly.

Thanks,
Joshua

alerts configured correctly…. looks like something when fubar because the site just got hacked – I posted a new message about it. btw: No alert on a failed or successful login from the hack

Hi @pattycake22

Can you see if there were any logins blocked in Live Traffic?

If there are no blocked logins, then chances are the attacker gained access elsewhere.

Thanks,

Joshua

I’m about ready to agree with you there – I’m reviewing logs and it appears they might have gained access thru cpanel, bypassing the normal wordpress login and security features. I’m reviewing the logs now. Will know more better. Actually relieved that it is possible that they came in thru cpaneel – was thinking that Wordfence might have failed me. Feeling better now about Wordfence