mwrusnak

Great, thanks!

For what it’s worth, I’m on a VPS through a different hosting provider — the next version Paul mentioned above will probably fix the issue since he’s changing the command-line options that we tweaked in testing, so that’s good!

I’m still not quite sure why two sites on the same server work differently, since the local ‘zip’ utility seems to be where the trouble lies, though. Maybe some odd bug in zip itself..

I tried this on another site on the same test server, and the database was included — I am not sure why!

Back on the large site though, I changed “-rq” in the zip command line to “-r”, so I could see what zip was outputting, and I got this message:
BackUpWordPress detected issues with your last backup.
deleting: database-172-16-1-131-backup.sql
adding: wp-settings.php (deflated 69%)
adding: wp-signup.php (deflated 75%)
adding: wp-cron.php (deflated 56%)
adding: wp-comments-post.php (deflated 68%)
(…)

So zip is actually removing the SQL file on purpose, but I still don’t know why it does it on one site, but not on the other. I even tried removing all of my excludes, as I was excluding some folders from a cache I’m no longer using, but that did not help.

Strange?

Ok, so large files must not affect it then.

The mysqldump portion does seem to be working correctly for me, it’s just that after the .sql file added to the initial zip file, it is then removed when the rest of the files from the site are added — so the “-FS” option of zip is the problem for me.

Paul,

Thanks for the quick response. I do not get any error messages when running a manual backup, and all of the other files are included in the zip file, except for the database.

Previous backups did include the database file successfully. On the live server, I’m running version 3.1.3 of BackUpWordPress, which still is working correctly.

My backups are very large, at about 500 MB, so it might be the same problem this user was having:
https://www.ads-software.com/support/topic/complete-backup-does-not-contain-sql-database-file?replies=4

Since the backups are large, it takes a few minutes for them to run, soI could see that the zip file initially contains the .sql file before the regular site files are added. (That was what led me to test removing the -FS option.)

I’m running a CentOS 7 box with no custom packages installed. In a shell, if I type “zip –version”, I have Zip 3.0 by Info-ZIP — I don’t know if there are other zip variants in other distributions, but maybe that is worth checking, in case they handle the -FS option differently.

Thanks for looking into this — let me know if any additional information would help.

I don’t work for Wordfence — I was just trying to help by telling you what I know from using Wordfence myself, and dealing with slow search engine indexing. I don’t see any way that wp_wfHits data would be visible to anyone who is not logged in as an admin, since it is basically a log of user visits. If anyone else knows a way it is publicly visible, maybe they can help.

The wp_wf_hits table shouldn’t make any content that is visible to search engines. But, search engines don’t re-scan every page of each site constantly, so it’s possible that they still have old versions of the pages, and Wordfence probably is not related to the problem at all. (I have seen Googlebot check a site to find a page that was deleted more than a year earlier.)

Hopefully the competitor gave some examples of search results that they are complaining about — if you can find the same search results they saw and view that page on the site — can you find the product name anywhere on the page? (You can “view source” and search the source of the page, just to be sure.)

If it doesn’t appear anywhere on your site, you might be able to get search engines to re-index most of the site faster (to knock out the bad search results) by resubmitting your sitemap. Google and Bing both have “webmaster tools” sites you can use for free, to submit sitemaps, among other functions.

I would also double-check to make sure no one at the company has active search campaigns related to the old product name (google ads, bing ads, etc.) It might sound obvious, but could be overlooked.

@rosie_pb: I think the typical header for the actual client’s IP through Varnish is “X-Forwarded-For” (which you can select in the “How does Wordfence get IPs” option), but I don’t know for certain that Bluehost sets it up that way.

I would try that option, and then check the Live Traffic view to be sure it is working — even if you turned off live traffic, you should see recent logins, so if you log out and log back in, you should see your own IP. (If you’re not sure what your PC’s IP is, google “ip address”, and google should show an address in a box labeled “Your public IP address”.)

I haven’t used Cloudflare myself yet — I have heard good things about it, but in this case, it might make this issue more complicated if you’re already using Varnish.

The link “How does wordfence get IPs” (above) might still help. Are you running any other type of reverse proxy, such as Varnish?

In the Wordfence options, you should see a drop-down list for choosing how Wordfence determines IPs. If you use Cloudflare, there is an option for that specifically.

There are more details about the options here:
https://docs.wordfence.com/en/Wordfence_options#How_does_Wordfence_get_IPs

If you’re not sure which one to use, your hosting company should be able to tell you if you are behind a reverse proxy, and what kind it is. (If they can’t tell you which headers it uses like “X-Forwarded-For”, the name of the proxy might help someone on this forum tell you which option should be match.)

The thread above still needs to be resolved, though. The error still happens in the latest version of Wordfence, because the problem in wfUnlockMsg.php has not been fixed yet.

For what it’s worth — I have the same problem with these emails on Outlook 2010 with an Exchange server at work.

I don’t work for Wordfence, but I can say that “ModSecurity” rules are definitely separate from the Wordfence plugin.

ModSecurity is good software, but some of the common rules are overzealous on WordPress sites.

The “business directory” plugin you are using may have been the cause of the false postive (or “false alarm”), but it is hard to say — I’ve also found that parts of WordPress itself can trigger it.

When a table appears to exist, but also gives errors when trying to use it, it is probably a MySQL InnoDB issue, and not Wordfence itself.

I don’t work for Wordfence, but I remember a post here by another user a few months ago who refused to believe that it was a MySQL issue. (Tim might remember — the user was extremely rude!)

Make sure to back up your databases before trying anything! But here are a couple pages that explain possible solutions — though if your hosting company offers support for database issues, you might also see if they can fix it — they may have seen the problem before, with any InnoDB table:

https://dba.stackexchange.com/questions/69656/cant-create-table-but-table-doesnt-exist

https://forums.cpanel.net/f354/innodb-tables-exist-but-phpmyadmin-gives-error-1146-table-xxx-doesnt-exist-393491.html

No, I’m fine with the message itself, it’s just that it sometimes causes the fatal error, mentioned by the first poster above:
PHP Fatal error: Call to undefined function wp_create_nonce() in /public_html/wp-content/plugins/wordfence/lib/wfUnlockMsg.php on line 4

I found that it is happening only in ajax requests, and either of these options to fix it is fine with me — either not displaying the message for ajax requests (since most ajax responses wouldn’t be seen directly by real users anyway), or making sure wp_create_nonce() is available before it is used (since WP must not be loading it automatically during ajax requests).