wfchristian
Forum Replies Created
-
Hello @fferrari
Glad you resolved the issue, I would have recommended the same solution.
Changing the wp-admin location is known to cause problems with our scanning feature.
Wordfence has built in protection for your login page so you don’t need to change its location. Our CEO released a video a few years ago detailing why this is the case if you would like to learn more: https://www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/
Glad I could be of assistance,
Christian
Hello @kikeconk , thank you for sending over the information.
I reached out to our QA team about your issue and they told me the following:
“when failing logins repeatedly (or breaking most other login-related rules), Wordfence “locks out” the user, which prevents them from logging in or viewing normal WP login pages (though other plugins may allow logins in non-standard ways.) If the site has a contact form or support email address(es), this lets locked-out users reach the site owner about any issues.
When other kinds of rules are broken, like Immediately block IPs that access these URLs, rate limiting, manual blocks, or Immediately block the IP of users who try to sign in as these usernames (even though it’s related to logins), Wordfence “blocks” the IP instead, which covers the whole site.”
The brute force protection only prevents access to the WordPress login page and blocks users from logging in.
About being unable to view the blocked user so you may unblock them, it may be a caching issue. This would explain why it appears on your Top IPs Blocked widget but not on the blocking page as the Firewall page is cached.
In order to diagnose it I would need some screenshots of the Firewall home page, making sure to include the specific message you are receiving on Top IPs Blocked and a screenshot of the blocking settings you have enabled, you can reach this by going to All Options > Rate Limiting. If you could send those screenshots to wftest @ wordfence . com that would be greatly appreciated.
You may also want to check the live traffic to determine what kind of block was done on the user. You can find that page at Wordfence > Tools > Live Traffic.
I hope this helps,
Christian
Hello @fferrari , thank you for the diagnostic.
You mentioned having the IPs allowlisted in Cloudflare, but you need to allowlist your server IP, not Wordfence IPs
If your site is protected by Cloudflare, you may need to update your Cloudflare settings to allow your site to connect back to itself. You should be able to do this by going to your Cloudflare control panel.
- Login to Cloudflare
- Go to “Firewall”
- Click the “Firewall Rules” tab
- Click “Create a Firewall rule”
- Name the rule under “Rule Name”
- Set the “Field” under “When incoming requests match…” to “IP Source Address”
- Enter your site’s IP address under “Value”
- At the bottom, under “Then…Choose an action” change “Block” to “Allow”
- Click “Deploy
Once you have added your site to the Cloudflare Whitelist, head back over to your site and attempt another scan.
Let me know if this helps and if you have any questions!
Christian
Response:
Hello @fferrari , thank you for reaching out.
I would not recommend deleting the .htaccess file, this is not a Wordfence file but rather a WordPress one which allows your site to interact with Ajax. It is also where we store waf configuration information, which is not related to your scan.
A diagnostic would help me identify what issue you are facing. Can you send a report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email
Hope this helps,
Christian
- This reply was modified 1 year, 5 months ago by wfchristian.
Hello @calvinyhobbes , glad I could help.
I would not recommend the disabling of the Don’t let WordPress reveal valid users in login errors setting as it is important in keeping your site secure.
Wordfence will not invalidate or hide the remember password form. The amount of attempts you set it to is a good number and I would recommend double checking the timeout period to ensure it is set to a long enough duration.
There is not much else you can do other than to make sure that the Web Application Firewall Status is set to Enabled and Protecting.
Glad I could help,
Christian
Hello @madgulkar , thank you for reaching out.
Country Blocking is a premium feature, and we aren’t allowed to discuss those here as per forum rules. I recommend opening a support ticket at https://support.wordfence.com. They will be able to assist you faster and more efficiently.
You can also access premium support via the Help menu item in the plugin, Help link on the plugin’s Dashboard page, on our documentation homepage or via the HELP link in the footer of all wordfence.com pages.
Thank you,
Christian
Hello @torontodigits , thank you for reaching out.
We unfortunately cannot help with CSP as it is not associated with the Wordfence product.
The plugin page you linked is of the deactivation screen for the Wordfence plugin, it appears that there is an error with data removal upon deactivation. If you would like to deactivate the plugin, I would need more information to diagnose the issue.
Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email
Hope this helps,
Christian
Hello @kikeconk , thank you for sending the diagnostic.
We need to figure attempt to replicate the problem, if you could send us the login link to wftest @ wordfence . com so that we can troubleshoot the problem that would be greatly appreciated.
Thank you,
Christian
Hello @sirrahikkala , thank you for reaching out.
Wordfence is just checking if it needs to show the onboarding message, in case setup hasn’t been completed.
The reason for multiple checks on each pageload is that some other admin notices need to check if there is already an onboarding notice, to avoid showing multiple notices when onboarding has not been completed yet.
The functions alone are extremely fast, and even if we could skip calling some of them, there wouldn’t be a noticeable speed difference. The one
SELECTquery to check theonboardingAttempt3is one of the few config values that we do not autoload along with the rest.Thanks,
Christian
Hello @solsolaro , thank you for reaching out.
In order to allowlist a URL so that Wordfence does not scan or block it using the firewall you can add it at Wordfence > Firewall > Manage WAF > Allowlisted URLs it should be at the very bottom of the page.
It may also be useful to put the firewall in learning mode, from the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.
https://www.wordfence.com/help/firewall/learning-mode/ is an amazing resource for learning more about the WAF and learning mode.
Hope this helps,
Christian
Hello @user, thank you for reaching out.
Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email
Thank you,
Christian
Hello @calvinyhobbes , thank you for reaching out.
It may be useful to enable learning mode, from the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.
https://www.wordfence.com/help/firewall/learning-mode/ is an amazing resource for learning more about the WAF and learning mode.
As for parameterizing the Brute Force protection, you can navigate to Wordfence > Firewall > Manage WAF > Brute Force Protection to change the number of failed attempts required as well as the timeout period.
https://www.wordfence.com/help/firewall/brute-force/
Hope this helps,
Christian
Hello @marketingbugle , thank you for reaching out.
Wordfence offers a variety of security services for our members.
We offer several forms of login security in the form of reCAPTCHA to filter out bot users, Brute Force Protection in the form of IP blocking users after a set number of failed attempts, and Two Factor Authentication to further secure user and administrator accounts. We also offer WooCommerce Integration as well as allowing you to add Two Factor Authentication to custom pages.
Wordfence comes with IP Blocking, as well as protection against other forms of malicious activity such as SQL Injections and DOS Attacks through our Firewall.
Since the traffic typically will look like valid traffic, Wordfence cannot detect a good credit card vs. a bad credit card, or a valid purchase vs. an invalid purchase. We don’t want to block anything that might be actual business for your site.
When it comes down to it, in Wordfence, blocking the IPs or user-agents (if you notice patterns between either) are a few things to consider.Rate Limiting can be an excellent tool in providing help, depending on how frequently the IPs are changing. Wordfence Rate Limiting can detect an increase in requests and can be used to throttle the attack from both human and bot traffic. You can check that out below to reference our recommended settings. You can set those up to be a bit more strict than we recommend, however, if you set them too strict, you will see warnings and may have unexpected blocking occur: https://www.wordfence.com/help/firewall/rate-limiting/
You might also want to consider using a captcha specific to your billing plugin. You can also look into AVS and CVV matching. The Address Verification System (AVS) checks the billing address that buyers provide at checkout against the address that the credit card company has on file for them. The credit card company sends a response immediately to let you know if the billing address matches. You will want to check with the billing system for information on AVS verification.
While preventing Carding Attacks completely is nearly impossible, we can provide you the tools to limit their abilities and make it a lot harder for them. We covered carding attacks on a Wordfence Live episode which has helpful information on this issue: https://www.youtube.com/watch?v=dXEjgyqWKPs
For any additional information you can reach out to presales @ wordfence . com for assistance.
Hope this helps,
Christian
Hello @ozmensemih , thank you for reaching out.
The issue you are experiencing is most likely from the reCAPTCHA option in the login security settings. You can find this setting by going to Wordfence > Login Security > Settings > reCAPTCHA.
As you may know, reCAPTCHA is used to filter out bots from actual users, the version of reCAPTCHA that Wordfence uses uses an invisible scoring method to determine which users are bots and which are human.
If a user is being given a false positive then it could be that you need to modify the threshold score. You can modify this score by going to Wordfence > Login Security > Settings > reCAPTCHA > reCAPTCHA human bot threshold score. The threshold score is set to 0.5 by default but can be lowered to be more lenient or higher to be more strict.
If you would like to know more about reCAPTCHA and it’s implementation in the Wordfence plugin here is the documentation on it: wordfence.com/help/login-security/#captcha-options.
Thanks again,
Christian
Response 2:
Hello @adoromicocina , glad I could be of assistance.
Unfortunately we cannot help with the removal of the link from the original post. I took a look through the WordPress support docs and see the following regarding URLs in posts:
Your URL is only visible to logged in users and is not indexed.
Hope this helped,
Christian