jcoder90

Hello,

No, the various PHP files still wont generate but I was assuming they dont need to be generated because the storage method was MYSQL. Yes, brute force and rate limiting are enabled but rate limiting shouldn’t matter because the people attempting brute force are using usernames that are in the “Immediately block the IP of users who try to sign in as these usernames” list. Also, I received an email last night saying,

“Critical Problems: Web Application Firewall is disabled
Firewall issues may be caused by file permission changes or other technical problems. More Details and Instructions”

But when I log in to my instance, the Firewall says enabled. Also, it says its blocking IP’s in the email but it doesnt reflect the IP’s in the block list.

Thanks for the recommendations so far. I appreciate any other help you can give me.

Hello,

I tried adding the line of config and toggling the settings. In my debugging mode, it does show MySQLi storage. This might have been the case before adding the snippet of code though. I still am getting brute force attempts that arent being IP blocked though. I also noticed I am getting email notifications about IP’s being blocked for hacking attempts but when going into the blocked IP list, it doesnt show the IP in the list. (Even with the ” Show Wordfence Automatic Blocks” checked).

Any other ideas on things I can try?

I’ve noticed this on my site as well. Have you tried adding the username to the WordFence Brute force username block list? “Immediately block the IP of users who try to sign in as these usernames “