userpqr

Thanks a lot Daniel. It works.

Thanks for the quick response. I see here: https://yoast.com/which-pages-noindex-or-nofollow/ wordpress noindexes login pages by default. Is there any way I can overwrite it?

I checked the page source. But, there is no indication that the page was optimized by any caching plugin.

Hi Steve,
When I login as a non-admin user and click on a page, I can see a page which is cached for anonymous user(including a login form). In that page, I can see the following headers:

General Header
Request URL: https://localhost/****/
Request Method: GET
Status Code: 200 OK
Remote Address: [::1]:80
Referrer Policy: no-referrer-when-downgrade

Response Headers
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 11 Sep 2019 18:57:31 GMT
Expires: 0
Keep-Alive: timeout=5, max=100
Link: ********
Link: ********
Pragma: no-cache
Server: Apache
Set-Cookie: *******; expires=Wed, 11-Sep-2019 19:27:32 GMT; *****
Set-Cookie: *********; expires=Thu, 08-Oct-2020 18:57:32 GMT; ******
Set-Cookie: **********; expires=Wed, 11-Sep-2019 19:27:32 GMT; *******
Transfer-Encoding: chunked

Request Headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cache-Control: max-age=0
Connection: keep-alive
Cookie: *******
Host: localhost
Referer: https://localhost/
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: **********

Please let me know if any more information is needed.

Hi Steve,
Thanks for the reply. I see this issue on a development server that cannot be accessed remotely. Since WP_CACHE is disabled, and entries related to caching plugins are removed from .htaccess, are there any other ways WordPress server can still cache? I am running WordPress on Apache server.

For example, I see the following JS code getting added in login, registration forms :

/* <![CDATA[ */
var wpcf7 = {“apiSettings”:{“root”:”***/contact-form-7\**”,”namespace”:***},”recaptcha”:{“messages”:{“empty”:”Please verify that you are not a robot.”}}};
/* ]]> */
</script>

How can I remove it ?

Hi @wfalaa

Thanks for the response. It worked.

To add some clarity in the response – Not all traffic in Live Traffic section shows my server IP. Only some requests do. Those requests typically try to access some vulnerable or banned urls. So, I believe the problem is IP address spoofing.

I searched and found out that if I can do ingress filtering to drop packets with conflicting IP, the problem may be solved. I also saw some articles (e.g. https://www.cyberciti.biz/tips/linux-iptables-8-how-to-avoid-spoofing-and-bad-addresses-attack.html ) that says it is advisable to block own server IP in network interfaces. I am not sure if that helps. Again, I use CSF and it does not allow blocking own server IP. Is there any other way to prevent this type of hacking attempts ?

Hi @wfalaa

Thanks for the response. I have checked the IP in use. I see Wordfence is using CF-Connecting-IP and it is detecting my IP correctly. Also, Wordfence is using the option – Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites. (Recommended) I am using Cloudflare also. Do I need any change here ?

Also, I saw some malicious traffic in Live Traffic section, that showed malicious attempts from IP of my server. I think with packet inspection we can discard the packets that have conflicting IPs, especially if they spoof IP of any internal server. I was wondering do we get any such option in Wordfence ?

Thanks,

Thank you all for the responses. Even I too had the issue of resource limit reached and I had RocketLoader enabled. I have disabled it and things look alright now. Now I am able to change Wordfence options.