kwisatz

I’m experiencing the same thing. The HTML checkbox is seemingly randomly being unchecked on all the fields that had it enabled when editing the form (completely unrelated form fields).

Yes, they are being blocked after the first failing log-in attempt. After all, such a user does not exist.

E.g.

A user with IP address 102.129.x.y has been locked out from signing in or using the password recovery form for the following reason: Used an invalid username ‘df7c8c98dfd88d9dfad’ to try to sign in. The duration of the lockout is 4 hours. User IP: 102.129.x.y

I’m not worried about them logging in, I was merely curious why this specific username. I thought, maybe it’s part of EICAR, or something similar.

Several functions got removed from 4.8.12 to 4.9.0. While they may have been deprecated for a while, a minor version upgrade is usually not where one would expect such changes to happen:

Given a version number MAJOR.MINOR.PATCH, increment the:

1. MAJOR version when you make incompatible API changes
2. MINOR version when you add functionality in a backwards compatible manner
3. PATCH version when you make backwards compatible bug fixes

https://semver.org/

In other words, the major version should have been changed from 4 to 5 when those functions were removed. And while semver is not the only way to handle versioning, it is very widespread and users’ expectations are towards most software adhering to that contract.

That being said, I also have hard time finding any documentation on the programming API on https://www.mc4wp.com/kb/. I am currently going through the source code to see how to replace the functionality that has been removed.

• This reply was modified 1 year, 8 months ago by kwisatz.
• This reply was modified 1 year, 8 months ago by kwisatz.
• This reply was modified 1 year, 8 months ago by kwisatz.

Thank you @wfjoshc, changing those values in wp_options did the trick!

@wfjoshc that was around 6:30 pm CET.

No, there’s no numbers, there’s just the message.

I recorded a video : https://cloud.tentwentyfour.lu/s/pcoNDAYCM46CQ9y

I just did.

I also see here that it claims that it can’t connect to one of your servers, but that’s not the case anymore. It was at first, I have since then authorized *.wordfence.com in the proxy settings.

Edit: Oh, I see that it’s trying to use http… hmm, I didn’t authorize that indeed. I’ll give it a try, just to see if that changes anything.

Edit2: No, it doesn’t change anything.

• This reply was modified 1 year, 9 months ago by kwisatz.
• This reply was modified 1 year, 9 months ago by kwisatz.

No, there is no particular caching plug-in installed on the site where it fails. Nothing fancy otherwise either.

Can you disclose what makes the hash invalid? Or can I give you access to the site and you can check if you can detect anything that might make it invalid?

Thanks @wfjoshc.

Yes, I first installed the plug-in, then I clicked on “Get your Wordfence license” and then I end up with that message.

Strangely enough, I tried from another site on the very same server where it worked.

(I somehow didn’t get any email notification about your reply, despite having checked the checkbox.)

OK, it looks like this is a webproxy blocking requests to wordfence.com

EDIT: Well, that was one part of the problem, but I still get the “The data we received from your Wordfence plugin installation is invalid” message and I can’t get a free license by adding it directly through wordfence.co

• This reply was modified 1 year, 9 months ago by kwisatz.

When I try to log in first then add a site from wordfene.com, I’m seeing:

“HTTP 0 received from Wordfence Central”

I don’t have the same phenomenon than @ant0nell0, but I can confirm there’s a problem with WPBakery. Here’s what’s going wrong:

WPBakery basically enters admin mode, but on the front-end. It loads wp-admin/post.php and display the contents using javascript.

In your admin/class-simple-event-planner-admin.php, you’re correctly enqueuing and then localizing '-admin-scripts', but the problem is that you’re overriding a core WordPress variable: ajaxurl.

The result is this:

<script src='https://www.4motion.lu/wp-content/plugins/simple-event-planner/admin/js/jquery.geocomplete.min.js?ver=1.7.0'></script>
<script src='https://www.4motion.lu/wp-content/plugins/simple-event-planner/admin/js/jquery.datetimepicker.js?ver=2.5.4'></script>
<script>
var ajaxurl = {"url":"https:\/\/www.mysite.com\/wp-admin\/admin-ajax.php"};
</script>
<script src='https://www.4motion.lu/wp-content/plugins/simple-event-planner/admin/js/simple-event-planner-admin.js?ver=1.5.1'></script>
<script src='https://www.4motion.lu/wp-content/plugins/simple-event-planner/admin/js/jquery-ui.min.js?ver=1.10.3'></script>

Now every ajax request will go to URIs like this:

https://www.mysite.com/wp-admin/[object%20Object]?action=wp-compression-test&test=no&_ajax_nonce=f8b7d6026b&1586201927574

You should definitely, if you actually need to do this (?!), rename that variable to something unique to your plug-in. (Why do it, you have that same URL on window.ajaxurl already on every WordPress page (front-end and back-end as far as I’ve seen).

On the other hand… now I have neither contact form, nor events… this seems to clash with The Events Calendar plug-in ??
But it seems to be TEC’s fault. Or the original theme author’s…

• This reply was modified 4 years, 8 months ago by kwisatz.

Thanks @jmcelhaney that did the trick indeed.
Apologies are in order in that case. The thing is, I saw that message about “Ready to upgrade to version 3” but I did not at all connect it to the problems. To me that was an upcoming new release of the plug-in, not something that was already installed and that I’d have to convert/migrate to.

Unfortunately that’s not the only problem.
The notification object retrieved in notifications.php has an empty type property:

NF_Notification Object
(
    [id] => 29
    [type] => 
    [active] => 1
    [form_id] => 28
)

This plug-in currently is way too broken for us to monkey-patch. The developers should release a fixed version and that soon.