wflandon
Forum Replies Created
-
That is normal behavior for a scan that gets stuck for that long.
I was looking at your sites and https://sleazefreeselling.com/ is giving me a malware warning in chrome. I would recommend getting a professional to clean that up. It may just have too much going on for the scan to complete.
In general, I would disable Wordfence scan options and see if you can get a scan to finish. Then add them back one by one. You could also try putting wp-content/plugins in the excludes and see if you can get a scan to finish. However, you need to get those scanned. Hopefully you can get some scans to finish and remove that entry from the excludes.
https://intuitivebusinesswoman.com/ appears to be running on a LiteSpeed server. LiteSpeed can be a problem. Take a look at this and follow directions https://docs.wordfence.com/en/LiteSpeed_aborts_Wordfence_scans_and_updates._How_do_I_prevent_that%3F.
References:
https://www.evernote.com/shard/s481/sh/b562f4d6-ac73-420e-b873-7397d5f64554/36965134386630f2
https://www.evernote.com/l/AeHuhadsypBO4bBxdgMonvpjYU1IrUOxdqwGlad to hear it!
Hi bripa92,
Are you able to access the WordPress dashboard when the error occurs? Did you delete anything in your database when you removed the Wordfence files? What steps did you take to reinstall Wordfence? Please send your rules.php file to [email protected].
You should be able to delete the rules.php file and it will auto create a new one. But if this happened already during your reinstall, manually removing that file will not help. However, it is worth a shot.
Reference: Your issue seems be related to this thread https://www.ads-software.com/support/topic/parse-error-398?replies=3#post-8429846 which has an internal case number of FB1845.
I did think of an alternative. You could add “wp-content/cache”, without quotes, into the setting “Exclude files from scan that match these wildcard patterns” on the Wordfence Options page. That would probably work. However, it would be better to remove the old cache completely as it is not being used and could cause problems elsewhere.
Let me know how it goes.
One other thing I should have communicated more clearly. W3 Total Cache and Wordfence cache are totally different. Clearing Wordfence cache will have no effect on W3 Total Cache. I am not 100% sure, but it looks like even though W3 Total Cache plugin is deleted, the wp-content/cache folder did not get remove/cleared as it should have and that is the main problem.
If the cache was never cleared before deactivating/deleting w3 cache it very well could still have cache stored on the server. I would post in their forum, do some research, and find the best way to get rid of it. I assume you can delete the wp-content/cache folder, but I am not certain.
A quick google search came up with a few helpful posts. I would check this thread https://www.ads-software.com/support/topic/wp-contentcache-folder-is-huge?replies=7 as well as others in their forum. But it appears there is a lot of cache that never got cleared/removed and that is what Wordfence is getting stuck on.
It looks like w3 total cache is the problem. First, it is probably time to clear your cache. My bet is that cache directory is getting large. Second, try disabling Database Cache and Object Cache in the w3 total cache settings. Then clear cache again and re-run Wordfence scan.
You can read more here:
https://support.tigertech.net/w3-total-cacheWe have gotten requests to add that as a feature. I am not sure it is officially on the roadmap. However, there are quite a few plugins that hide / move the login, as mountainguy2 mentioned, and work well with Wordfence.
Hi JuliaKline,
Does your other site also have Optimize Member Plugin? Are they both getting stuck on that plugin? Do you ever see an error in the logs? Can you add another 20 lines or so to your log? How long did you let the scan run?
If the sites issues are similar you do not have to open another post. Let me know the answers to the questions above and we will go from there.
Hi josiegamble,
I have not seen any sites targeted because of Woocommerce specifically. However, anytime there is a plugin with known vulnerabilities it will attract a lot more attention to the site. I would just confirm everything is up to date and there isn’t any installed plugins with known vulnerabilities. Including inactive plugins! It sounds like you have tighten your security settings which is good. You might look at the Advanced Blocking page if you see any patterns to the attacks. However, once you are on their list, you could be on that list for a while. At least until they figure out its a lost cause and move on.
Hope that helps.
Hi BranigansLaw,
If I understand you correctly, Wordfence does scan for recently modified files. It also checks files against the official repositories. There is a setting, “Comma-separated list of directories to exclude from recently modified file list:”, in the Wordfence Options page.
To answer your question, I do not believe there are any known issues between the two plugins. I would just make sure they are not doing the same job at the same time. You should be able to disable any overlap through the option pages.
Hope that helps.
Hi cynep,
I would start by verifying there are no files with extensions, other than image extensions, inside your uploads directory. For the most part, there should only be images in your uploads. Some plugins do put other files inside the uploads folder but if you manually look through, you should be able to see if something looks out of place.
Let me know if you find anything.
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Unknown URLAfter looking at this a little closer, this was probably a failed attempt to use your server as a proxy. Your issue is not directly related to the other thread. Sorry about that.
If your server was misconfigured or compromised the request would have been forwarded to the url. Since it was logged as a hit in Wordfence, your server did not forward it. If it had, the hit would have never gotten as far as your WordPress installation.
Do you see these items in your live feed often?
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Unknown URLHi MrWrightAZ,
I just replied on a similar thread:
Summary: Not sure how this is happening. Their domain could be pointed to your IP but doesn’t exist on your server. If you are the default site, and since wordpress does not filter domain names, your server could be sending nonexistent domain traffic to your domain. It is just hard to say for sure without more information.
I will check with the dev team, but this seems to be a pretty new, rare issue. So not sure they will have much to add yet.
Let me know if you discover anything new that might help us troubleshoot the issue.
Hi wjwc,
Do you, or your host, use Amazon Web Services? If not, then I think it is safe to to block those hits completely. Go to Wordfence Advanced Blocking page and do something like this:
*compute.amazonaws.com*?
That should block those requests. You could also play with the “Rate Limiting Rules” on the Wordfence Options page. If they are always hitting 404s then focus on the 404 limiting options.
Now why the presslabs domain is showing up in your feed is hard to say. It could be that the their domain is hosted on the same IP address as yours and you are the default domain for the server. Or it might be that their domain’s DNS is just really misconfigured. I am not exactly sure how that could happen.
Try the advanced blocking and limiting options.
Let me know how it goes.