Wordfence scanner and 2FA are not working

  • Hi,

    I just installed Wordfence, however, on the Scan page, the Start New Scan button is not clickable.
    I did temporarily enable debugging and remote scan option, yet it, same issue.
    I have pasted the scan log below.

    [Nov 01 22:06:53:1730498813.430676:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=7ac32f9456a21032d8a13b52ef6b84c7ae7b4f169162c7c9001dbeb251b77a1cbf4293dc83353661c1161924aa05a9ff8393a9eb244f517ea9f2f1c2ebec72e1&s=eyJ3cCI6IjYuNi4yIiwid2YiOiI3LjExLjciLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvYWljb3Vuc2VsZGV2LndwZW5naW5lLmNvbSIsInNzbHYiOjgwNTMwNjQwMCwicHYiOiI4LjIuMjQiLCJwdCI6ImZwbS1mY2dpIiwiY3YiOiI3LjgxLjAiLCJjcyI6Ik9wZW5TU0xcLzMuMC4yIiwic3YiOiJuZ2lueCIsImR2IjoiOC4wLjM3LTI5IiwibGFuZyI6IiJ9&action=timestamp
    [Nov 01 20:04:54:1730491494.570903:2:info] Attempting to resume scan stage (0 attempt(s) remaining)...
    [Nov 01 20:02:32:1730491352.811839:2:info] Attempting to resume scan stage (1 attempt(s) remaining)...
    [Nov 01 20:00:52:1730491252.320013:2:info] Attempting to resume scan stage (1 attempt(s) remaining)...

    I also tried to enable the 2FA option for admin on Wordfence earlier, but you could literally type in any number and it’ll let you in, it was not authenticating correctly.
    When I checked the debug log, I saw errors like the table responsible was not created, although the plugin path and folder had the necessary permissions.
    I have pasted the debug log below

    WordPress database error Unknown storage engine 'MyISAM' for query CREATE TEMPORARY TABLE IF NOT EXISTS 
    wp_wfls_role_counts_temporary
     				(
    				serialized_roles VARBINARY(255) NOT NULL,
    				two_factor_inactive TINYINT(1) NOT NULL,
    				user_count BIGINT(20) UNSIGNED NOT NULL DEFAULT 0,
    				PRIMARY KEY (serialized_roles, two_factor_inactive)
    				) ENGINE=MyISAM; /* From [siteurl/wp-admin/admin.php?page=WFLS] in [sitepath/wp-content/plugins/wordfence/modules/login-security/classes/controller/users.php:371] */ made by do_action('wordfence_page_WFLS'), WP_Hook->do_action, WP_Hook->apply_filters, WordfenceLS\Controller_WordfenceLS->_menu, WordfenceLS\Model_View->render, include('/plugins/wordfence/modules/login-security/views/page/page.php'), WordfenceLS\Model_View->__toString, WordfenceLS\Model_View->render, include('/plugins/wordfence/modules/login-security/views/page/settings.php'), WordfenceLS\Controller_Users->get_detailed_user_counts_if_enabled, WordfenceLS\Controller_Users->detailed_user_counts, WordfenceLS\Controller_DB->create_temporary_role_counts_table, WordfenceLS\Controller_DB->create_temporary_table, WordfenceLS\Controller_DB->create_table, WordfenceLS\Controller_DB->create_table

    Can you please check from your side and let me know?

    Thank you.

    Kind regards.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter fer230

    (@fer230)

    I have sent the logs to your email and it includes my username here.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @fer230, thank-you for sending your diagnostics over.

    We are receiving a 403 Forbidden message when attempting to access any path from /wp-admin, so this is also being received by the plugin when running the loopback check to see if your site can connect back to itself. The path /wp-json/wordfence/v1, works fine and we’re seeing successful connection to our servers but it looks like you or your host are blocking access to the admin area of WordPress. Sometimes this has be caused by a false-positive Modsecurity rule but the fact I’m receiving it in the browser too seems like it’s not specifically blocking the plugin but any request to /wp-admin.

    There is also a known issue that causes the 2FA behavior you’ve described, although it may be linked to the connectivity issue. There are also some other plugins mentioned on that page related to 2FA to check in case you are running them:

    Plugin: Advanced Google reCAPTCHA

    Description: Causes our two-factor authentication feature to malfunction so that any six digit two-factor authentication code entered allows access, even if the code is incorrect.https://www.wordfence.com/help/advanced/plugin-theme-conflicts/

    Let us know if you find out more,
    Peter.

    Thread Starter fer230

    (@fer230)

    Thank you Peter. Yes, you are right, the scan was being blocked by our Firewall rules that restricted the access to /wp-admin page.

    Quick question:
    I had allowed access to Word fence’s IPs as listed here: https://www.wordfence.com/help/scan/troubleshooting/, so why were the scans blocked until I disabled the Firewall rules?

    I have disabled them.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.