bizdevweb

I operate a large number of websites hosted on multiple bluehost accounts. The issue is showing up on two different bluehost shared accounts but is not showing up on my other 10 bluehost accounts. Could this in anyway be related to the new wp plugin autoupdate process?

I have the same issue on many of my sites right now. I narrowed it down to the class.jetpack.php file is being deleted somehow.

I FTP’d a new version of the file and within 15 minutes it gets deleted and the site goes back down.

[26-Aug-2020 10:19:28 America/Los_Angeles] PHP Warning: require_once(/XXXXXXXXXXX/wp-content/plugins/jetpack/class.jetpack.php): failed to open stream: No such file or directory in /XXXXXXXXXX/wp-content/plugins/jetpack/load-jetpack.php on line 41
[26-Aug-2020 10:19:28 America/Los_Angeles] PHP Fatal error: require_once(): Failed opening required ‘/XXXXXXXXXXXXXXXXXXXX/wp-content/plugins/jetpack/class.jetpack.php’ (include_path=’.:/opt/cpanel/ea-php70/root/usr/share/pear’) in /XXXXXXXXXXXXXXXXX/wp-content/plugins/jetpack/load-jetpack.php on line 41

Another Wordfence email warning today:

High Severity Problems:
* Unknown file in WordPress core: wp-includes/Requests/Utility/.mx.73796162.mx
* Unknown file in WordPress core: wp-includes/Requests/Utility/.mx.73796163.mx

This issue is not resolved – you have caused a major problem for anyone who uses another plugin for sitemaps. Your most recent update enables your sitemap feature by default the old versions didn’t do this so there was no conflict. By enabling it by default you have disabled/demoted all other sitemap plugins – Not Cool!

Not sure if the latest update or the hosting provider made changes, but the problem is magically fixed on my sites. They are all now properly reporting the visitor IP addresses.

I tried a complete removal (files & MySQL Tables) & fresh install from scratch and it still mis-reports the IP’s. I also re-installed wordpress from scratch and added my content back in.

It’s doesn’t make sense to me. I would think all websites on the same hosting account would be the same setup???

I have the first IP option set for two sites on the very same hosting account.
Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites. (Recommended)

It detects my client IP on the config page properly for both sites.
Detected IP(s): 47.151.XXX.XX
Your IP with this setting: 47.151.XXX.XX

BUT, live traffic is invalid on one site and valid on the other.

Something about the way wordfence is reading the Header info is off. I figured out the IP that is reporting all traffic from is the X-Real-Ip: IP Address. This only seems to happen on a few of my sites and all others don’t show a X-Real-Ip: value when I check them with a PHP script.

From the wordfence diagnostics tab I noticed that the sites that work don’t show any values for
Working sites show
REMOTE_ADDR 47.151.XXX.XX In use
CF-Connecting-IP (not set)
X-Real-IP (not set)
X-Forwarded-For (not set)

Invalid sites show
REMOTE_ADDR 47.151.XXX.XX In use
CF-Connecting-IP (not set)
X-Real-IP 47.151.XXX.XX
X-Forwarded-For 162.241.XXX.XX

I’ve tried all of the different options but none of them show the actual visitor IP. I checked on some of my other sites that are on the same bluehost hosting account and WF live traffic works fine on all of them except the primary domain/website. This is true for two different hosting accounts I operate.

Very strange have been using WF for years & issue never came up until 11/10/18.