julesjules

Thank you Caleb for your help. I don’t know WordPress programming. I just want to keep my simple website as secure as possible and I ‘m grateful that Wordfence is a huge help for security. Only not with this author/username issue.

After a lot more searching and reading, I came to understand: the author link is constructed as …/author/user_nicename

BUT WordPresss (including current version) has automatically set user_nicename to be the same as username. To me it seems very bad policy, as regards security, that WordPress exposes the username automatically. WordPress does not provide an easy way for me to set a different user_nicename.

I think now: I have to find out how to edit my WordPress database to change user_nicename to be different to username. Editing the database is a scary prospect for a non-technical person ??

Wishlist item for Wordfence: a new option for Wordfence to automatically change user_nicename. It could be changed to display name (that we can set in WordPress user profile) or something else, only must be different to username.

Hi Wfalaa, thank you for your kind help.

I read the documentation page, thanks. I’m not familiar with the methods that are protected by Wordfence, but I think your reply indicates the problem is caused by my theme. I am struggling to understand this.

I never need to fetch a list of users. There is only one user (me) and archives are listed by date. My theme is Twenty Fifteen, latest version, so hopefully that would not have a bad security issue of revealing usernames. I did not find the username in page source when I checked a few pages.

Is there anything else in Wordfence that I can check, in case I did not set it up correctly for preventing usernanes being revealed?

That is good to hear, thank you wfasa. And many thanks indeed to all the wordfence team for never-ending enhancements to your excellent plugin!

• This reply was modified 8 years ago by julesjules.

No advice was received and I did not find any way that I could solve the problem.

It seems the problem was resolved by the next Wf update (6.3.1).

Right after that update, I noticed that Live Traffic had started showing a list of ‘blocked by firewall’ attacks.

Hi wcfortress,

After I re-installed Wordfence, I scanned and checked as much as I could. I did not find any clues about the cause. Thankfully, I did not find any problems in the site.

I was disappointed at no support reply over 6 months. However, I do understand the wf team cannot do everything for free. I’m grateful to use free Wordfence and sorry I have no budget for paid version (I work without pay to maintain a small non-commercial site).

I wish Wordfence could send an alert when it ‘disappears’ but maybe this is technically not feasible within the same plugin?

Instead, perhaps there could be a separate “Wf watcher” plugin. Only one purpose: check periodically ‘is wf running?’. If not, send email alert.

I hope someone with technical knowledge can say whether this is feasible.

Great to know it’s okay to Enable without waiting another week, have done so now.

Thank you very much for clarification. Previously Firewall was running for a long time in Enabled mode. After the mysterious stop, Firewall restarted in Learning mode. I thought that meant it was *necessary* to re-learn for a week. Then thought that recovering original learning (from some previous file) might allow me to cut short another Learning period…. mistaken thinking due to my limited understanding.

On my sites, Firewall had been stopped a long time before I noticed, because the rest of Wordfence seemed to working normally. Therefore a long time without excellent Firewall protection. So…

Feature request: it would be super-helpful to have an option in Wf settings, to send an email alert if Firewall stops working. Is there a place I can suggest this?

It worked, new /wflogs was created and WAF re-started in Learning mode. Thank you wfasa!

Before WAF mysteriously stopped working, it was running for a long time so I’d like to avoid the week of Learning Mode if possible.

Could that be done by putting relevant file(s) from previous /wflogs into newly created /wflogs? (saved before deleting)

With Filezilla I inspected Wf folder (contained only empty folders /views and /views/report). Then deleted it. Then was able to re-install Wf at the Dashboard. My site seems okay fortunately.

I’m grateful for Wf protecting my three small non-commercial sites. Worried about update failing and causing Wf to disappear, when I may not know about the disappearance.

Previously an automatic update failed (different site, some months back) and therefore I was unaware it had caused Wf to disappear. The site remained unprotected for an extended time until I discovered the problem.

Is there any way I can prevent update-fail-Wf-disappear from happening? Or get an email alert about it?

Thank you and sorry I did not make it clear: when this update failed, Wordfence disappeared from the Dashboard. The Dashboard was unable to re-install Wf.

It seems my only way forward will be to use Filezilla and delete Wf folder on the server – is that correct? After that, can I simply re-install? I am not confident to take on firewall manual removal – is that absolutely necessary?

I checked again, no errors. I think a scan getting stuck (at some past time) seems the most likely explanation.

Feature suggestion for WF: option to send alert email if a scan got stuck. Or include this in the weekly activity report.

Thank you again for your help on this issue. And a very BIG thank you to the whole WF team for the best plugin ever!

Hi wfalaa,

Thank you for this information. In my case, the two added files (.jpg) were quite small and seemed unlikely to cause problems for WF scan. My site has other jpg’s larger, smaller and similar size – no others got listed.

I have WF memory set to 256. Execution time is blank for default.
Today I updated WordPress to 4.6

After that, I enabled debugging and ran a new scan:
[Aug 17 14:11:04] Scan Complete. Scanned 3393 files, 4 plugins, 2 themes, 102 pages, 0 comments and 20367 records in 196 seconds.
[Aug 17 14:11:04] Wordfence used 27.37MB of memory for scan. Server peak memory usage was: 88.84MB

I did not see any errors but I’m unsure *where* they would show up. In WF scan windows? In diagnostics list? To ensure I checked completely, could you tell me where I must look for errors please?

Thank you for your help.

I recently found a similar issue: My WF settings ‘Exclude files from scan’ had two .jpg files listed (both with wp-content/uploads path).

I am certain I did not type in those file names, and I did not accidentally copy and paste them. I am the only admin.

I have deleted the image paths from this WF settings box.
However, I am concerned about how any file paths got to be inserted into WF settings. This seems potentially dangerous and I hope WF staff might investigate.

I am very grateful for Wordfence plugin, thank you!

Good news: I discovered datepicker format can be set by updated vfb plugin. You can now edit date format in the form design.

Bad news: vfb documentation had not been updated. Instructions tell users to edit functions.php etc… so users spend a HUGE amount of time on something that does not work… duhhhh!

New date format setting within form designer is really nice – thank you! But new feature may not be found by users who built their forms way back with previous version of vfb. Urgently need update of that documentation page please:
https://vfbpro.com/2012/02/23/how-to-customize-the-date-picker/

I’m leaving this post unresolved and hope vfb people will acknowledge request for updating doco page.