Sue

My weekly database backups on several sites failed with errors today…the S3 secret key was gone. I re-entered it (by logging in to each site’s dashboard and putting it back…tedious but not complicated). While there I checked my monthly full site backup jobs, and the secret key was missing there as well, so I put it back, and hopefully it will stay in place for the coming backups.

I will join others in asking to PLEASE get this fixed before another update … it is time consuming to have to check and re-enter the S3 keys for multiple sites.

That did seem to work, temporarily. I am currently getting this error again:

[Oct 28 08:47:19] gzencode(): stream error (2) File: /usr/home/sitename/www/htdocs/wp-content/plugins/wordfence/lib/wfConfig.php Line: 440
[Oct 28 08:47:20] Scan can’t continue – stored data not found after a fork. Got type: boolean
[Oct 28 08:47:20] Warning: gzencode(): stream error in /usr/home/sitename/www/htdocs/wp-content/plugins/wordfence/lib/wfConfig.php on line 440

This site is also being hammered by hundreds of login attempts from IP addresses in Russia over the past 6-8 hours, all blocked by WF rules, but I got hundreds of emails overnight about IP lockouts due to login attempts with invalid usernames, and I am still receiving emails, though at a slower rate. Connected?

Update: Each time I try to edit the stlye.css (via WordPress APpearance editor, so I KNOW it’s grabbing the child theme stylesheet) it does change it, but there seems to be another stylesheet that supercedes those changes.

Using the developer extension in Chrome, I’m trying to reduce the space on top of the header title and image from 32px to 12px. Here’s what I see after editing my child theme style.css:

html {
    margin-top: 32px !important;
}
html {
    <del>margin-top: 12px !important;</del>
}

The lined out change I want to make does refer to my localhost/domain/wp-content/themes/mychildtheme/style.css when I hover on the style.css?ver=4.6:13

The one that’s being seen (for this and other things I’m trying to change, I’m using this as an example) is localhost/domain/:92 it’s (index):92

So how do I get MY stylesheet to take precedence??

You should create a child theme, and then rearrange the header as you desire. If you simply edit the theme files for twentysixteen, then the theme is updated, you’ll lose the edits as they will be overwritten by the update.

Read the Codex on creating your child theme based on twentysixteen, then start experimenting with moving the elements around to your liking within the child theme.

I just did this on a site I’m working on – (put the logo to the left of the sitename and tagline, rather than above it). I simply moved the php for the logo out of the “site-branding” div – as below:

<?php twentysixteen_the_custom_logo(); ?>

<div class="site-branding">
  <?php if ( is_front_page() && is_home() ) : ?><h1 class="site-title"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" rel="home">
  <?php bloginfo( 'name' ); ?></a></h1>
  <?php else : ?><p class="site-title"><a href="<?php echo esc_url( home_url( '/' ) ); ?>"

Use a tool like Web Developer broower extension (Chrome) or the equivalent in whatever browser you choose – find the css that controls that element and adjust the height –

.site-footer
.footer-widget-container
.columns-2

Try adding a height to each of those to get the results you are looking for.

Site is back, up and running on the new server. Ugh, I wish it didn’t take all day to do this!! But it is up and running, it’s wine o’clock on Friday afternoon, and all is well.

Thanks for your feedback and suggestions!

**UPDATE**

An error_log showed up in my files on server; WordFence, a few weeks ago, had added a WAF Firewall, which added a user.ini file, and that path was not correct. I deleted the user.ini file and I am able to get into the Dashboard via wp-admin. Whew!!

There are other issues it seems but I am confident I can resolve them – now that I can at least get to the dashboard.

I didn’t copy the license.txt file when I transferred files…it is there now and shows up when I browse to it directly.

I also did as you suggested, Mark, and added info.php – and that gives me a white screen. Hmmmm…..

In my CPanel, I’m showing PHP v. 5.5 is running. I can see the options that are set via CPanel. Continuing to explore and see what else may be the problem….

Your email address is listed in the settings as the administrator for that site. Do you still have access to login to the site via sitename/wp-admin? If you do, then you can login and change the administrator email to whoever it should be for the site now.

If you are no longer an admin for the site and don’t have access, you need to contact whoever IS the admin and tell them to change the email so they receive the notices, not you.

Good luck!

I’m seeing similar stuff on many of the sites I manage. The IP addresses are typically Russian, Ukranian, Chinese, French, etc – and match users locked out from login.

So my thinking is that these are attempts to get into the site via a plugin upload script , perhaps an old plugin or one that hasn’t been updated in awhile. (The Aviary add on to Gravity forms hasn’t been updated in 10 months, Inboundio has been 9 months since an update). Hackers looking for vulnerabilities … so if you don’t have that plugin, Disable the whitelist and block the IP that tried to use it.

As I see it, that whitelist showed me just one more way hackers try to gain access to my sites – in addition to trying to login with bogus usernames, admin, the site name, and others, they are also looking for vulnerabilities in old or out of date plugin files.

The instructions are very clear now, and the step I was missing was to add:

SetEnv PHPRC /home/user/public_html/sitename/php.ini

to each of the three .htaccess files. Once I did that, the lights were green, (Enabled) and in Extended Protection mode.

Thanks again – it’s all working!!

Thank you for all the changes that came with the update 6.1.4 today. All sites are now running the scan with all options checked, and thank you , thank you for the bulk edit options on the whitelist!! Awesome!

All my sites are now Enabled; the three sites on SiteGround are running Basic Protection and still are not configured for Extended, although the .htaccess and php.ini seem to be configured. All the other sites I manage are on Extended Protection and the Firewall appears to be running properly.

Again, thanks to you and the dev team for the endless hours I know you have been putting in since the WAF release a week ago.

I have sites I manage on several different hosting services, and GoDaddy was one of the trouble-free ones in my case. Configuration worked (I can’t remember now if it needed the 5 minute window or not) and the Firewall has been in learning mode, is set to switch today to enabled mode on at least 5 sites, one of which is a multisite install.

I have had issues on Siteground, Hostgator (though that one is working now), and others, but bit by bit the issues are being worked out.

In all GoDaddy cases, I’m using the recommended server configuration,and the default setup options…it just worked.

Thanks for the helpful info, Matt. I’m seeing the same IP addresses on multiple sites, whitelisted while in learning mode, and I am blocking them manually with WordFence. I’m looking forward to the bulk edit feature to be added…

Yeah, I’ve been spending way too much time on this the last couple of days. I maintain WP websites for clients (monitor, update plugins, do routine backups, etc) and most installed the firewall and configured smoothly. I have one site on HostGator and 3 on SiteGround that are still not working.

The recent release (6.1.3) allows me to Dismiss the warning to configure, and disable the Firewall, for now. WordFence continues to do it’s thing as before, except for the scan not completing, as noted in another thread ( https://www.ads-software.com/support/topic/scanning-stops ) The blue “Optimize Firewall” is a more subtle reminder that it still needs to be configured.