wfchristian

Response:

Hello @generosus , thank you for reaching out.

It looks like Sucuri is most likely looking for its own plugin or software in the Site Check.

Having Wordfence installed on your website provides monitoring services through our Scan and Firewall functions.

Thanks again,

Christian

Hello @mixedmoso ,

The files that are coming up as blank are most likely deleted files such as cache files. If the scan is not giving you any warnings then it is safe to ignore the blank filenames.

Happy to help,

Christian

Hello @sayedr , glad I could be of assistance.

If the only changes are with http to https and there are no changes to the files prior to the introduction of SSL then you are safe to mark IGNORE on those results.

Thank you,

Christian

Hello @sayedr , thank you for reaching out.

You are correct with the change from HTTP to HTTPS causing the file scan result, it is safe to disregard those alerts. If you click Ignore on the right side of the scan results then it will hide those alerts in the future.

As for the tutor lms plugin, were there any changes made to files before the installation of SSL?

A diagnostic might help me check the version for any vulnerabilities in our database, you can send the diagnostic report to wftest @ wordfence . com. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thank you,

Christian

Hello @mixedmoso , thank you for reaching out.

Can you run a High Sensitivity Scan for me? You can do this by logging into your site and navigating to Wordfence > Scan > Manage Scan > High Sensitivity > Save – then run the scan from Wordfence > Scan > Start New Scan.

Take note of any Critical or High items and let me know if you had any of those results.

Let me know if this was helpful,

Christian

Hello @adoromicocina , thank you for reaching out.

Are you seeing any results from your Wordfence scan? That will help determine if your site is compromised.

As for the allowlist in your cPanel, it would be best to request your host’s assistance as Wordfence cannot interact with the cPanel.

Thank you again,

Christian

Hello @scottbboss , thank you for reaching out.

Changing the /wp-admin path is known to cause signature errors when scanning. The plugin you used to change the /wp-admin path is known to cause these issues.

https://www.wordfence.com/help/advanced/plugin-theme-conflicts/

This page has a list of plugins known to cause issues with the Wordfence plugin.

Disabling the plugin, Change wp-admin login will resolve the issue and allow the scan to complete.

Wordfence is actually designed to lock down and secure the /wp-admin page with Brute Force Protection. Here is a good video our CEO posted a few years ago that lays out why you shouldn’t worry about your admin page.

https://www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/

Thanks again,

Christian

Hello @kikeconk , thank you for clarifying,

It could be that the IP Detection functionality of the firewall page is not working properly, I would need a diagnostic to identify the issue. You can send a diagnostic report to wftest @ wordfence . com. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

To answer your second question, you are referring to the Brute Force Protection in our firewall. 

What Brute Force Protection does is block an IP from attempting to login after a set number of incorrect attempts, the default is 20. 

It then blocks them for a set period of time, the default is 4 hours. This is an IP block so a blocked IP should not be able to access the site at all.

If you would like to change these default settings you can do so by navigating to Wordfence > Firewall > All Firewall Options > Brute Force Protection. The settings are labeled Lock out after how many login failures and Amount of time a user is locked out.

Let me know if this helped,

Christian

Hi @joeyjosay ,

Blocking xmlrpc.php does not affect Wordfence, we actually have a built in system to remove it in Worfence > Login Security > Settings but I would recommend the htaccess method you used to remove it.

Happy to help,

Christian

Hello @dawoodward ,

You could try and deduce which device is causing the problem by trying to set up 2FA on a separate site. You can try your wordfence . com account, this will help us see if the issue is with the site or with your authentication device.

Let me know what you find,

Christian

Hello @user, thank you for reaching out.

It looks like you might be missing files from your Wordfence installation, we just released an update and it is possible something went wrong on your site when updating. A complete re-installation of Wordfence might be a good step. It’s always best to make a backup of the site and database before installing/removing plugins, just to be safe.

Additionally, you can backup your Wordfence settings via the Export option. Navigate to Wordfence > Tools > Import/Export Options and click Export. You can also take note of the current Whitelisted URLs you have in Wordfence > Firewall > All Firewall Options > Whitelisted URLs as these are NOT included in the Import/Export and will be lost during the re-install.

Here is what is exported: https://www.wordfence.com/help/tools/import-export

During the export, you will be given a long string of text. Keep this safe, you’ll need it in a few minutes. 

After that, enable the option to Wordfence tables and data on deactivation in All Options > General Wordfence Options. You will want to remember to disable this after you reinstall Wordfence again.

After you enable that option, you can deactivate Wordfence from the Plugins area of your site, then delete it. Next, from the plugins area, search for and re-install Wordfence like normal.

It will be like setting Wordfence up for the first time. You will need to enter an email address, and then go into Tools > Import/Export Options and paste that string of text into the Import Wordfence Options field and click the button there.

The firewall will be in Learning Mode by default for 7 days. I would recommend switching this to Enabled and Protecting as soon as possible.

If that does not work, I will need a diagnostic in order to determine where the issue is. You can send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thank you,
Christian

• This reply was modified 1 year, 5 months ago by wfchristian.

Hello @amwest97 , thank you for your response.

It looks like the diagnostic did not go through to the email, 

Could you send me the diagnostic manually to review? If you navigate to Wordfence > Tools > Diagnostic page and then click the “Export” button, attach the txt file to an email and send it to wftest @ wordfence . com with your forum username as the subject line.

Thank you,

Christian

Hello @tabledesigns , thank you for reaching out.

A diagnostic will help me evaluate the issue you are facing.

Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

@hypnocox As per forum guidelines below, please open your own topic and we would be glad to assist you:

“Unless users have the exact same version of WordPress on the same physical server hosted by the same hosts with the same plugins, theme, and configurations, then the odds are the solution for one user will not be the same for another. For this reason, we recommend people start their own topics.”

Thank you,

Christian

Hello @webdados , thank you for reaching out.

Can you verify that you are using the Standard scan option in Wordfence > Scan

If that does not resolve the issue you could look at Wordfence > Scan > Advanced Options > Exclude files from scan that match these wildcard patterns (one per line) and verify that php files are not in the list.

Please let me know if this helps,

Christian

Hello @dawoodward , thank you for sending the diagnostic.

It looks like you have two plugins that have been known to conflict with our 2FA:

• Cookie Notice & Compliance for GDPR / CCPA (cookie-notice)

• Limit Login Attempts Reloaded (limit-login-attempts-reloaded).

Try disabling those plugins and testing if that resolves the issue, if not, you can try a different authenticator alongside disabling the plugins.

Let me know if this helps,

Christian