wfmark
Forum Replies Created
-
Hi @willrv, Thanks for reaching out, and sorry to hear you’re having trouble with this.
Can you confirm the “reCAPTCHA human/bot threshold score” you have set in Wordfence > Login Security > Settings? The threshold is set to 0.5 by default. A higher threshold setting like 1.0 will cause the verification process to be more frequent as it would need to definitely be seen as a human to log in without verification and may cause valid users to be locked out.
I recommend setting that to 0.5 and then using the “Run reCAPTCHA in test mode” option below that for a short time to see what sort of scores you see during your logins. You may need to reduce or increase the threshold score slightly after looking at the test mode score.
If you’re still having trouble logging in, please disable Wordfence manually via FTP/cPanel by following the steps below:
- Open the FTP client and connect to your site via FTP/SFTP, depending on your setup.
- Once you successfully connect to your site via FTP/SFTP, navigate to the wp-content folder.
- Browse into the plugins folder.
- Find the wordfence folder
- Right-click on the folder and rename it to wordfence_bak
- Once you have logged in to your WordPress admin, you can name the folder back to Wordfence again.
- Refresh your dashboard, and you should be able to see Wordfence Active again. If not, go to the Plugins page and Activate it.
Once you log in, you can add your IP addresses under “Allowlisted IP addresses that bypass 2FA and reCAPTCHA” under Wordfence >Login Security >Settings >General. Remember to Save your settings.
Additionally, please note that if you use a custom login page, it can also cause 2FA and reCAPTCHA not to work right since our 2FA feature is only supported for the default WordPress login page and the login page for WooCommerce.
Please let us know if this helps.
Thanks,
Mark
You’re welcome @sagetone.
I’m glad Microsoft Authenticator worked for you.
In case you need any further assistance, please create a new topic and we’ll be happy to help.
Thanks,
Mark.Hi @ashoklale,
I can’t seem to find your diagnostic in our inbox. Did you attempt to send it after all, or do you no longer need assistance?
Thanks,
Mark.
Hi @aaron13100 , thanks for reaching out.
The “Blocked by Wordfence Security Network” block reason means you have enabled the option Participate in the Real-Time Wordfence Security Network found in the Brute Force Protection section on the All Options page.
Enabling this feature causes your site to share data with Wordfence about hack attempts anonymously. In return, your WordPress site receives the IP address information of hackers that are currently engaged in brute force hacking activity so that your site can immediately block those hackers before they are able to engage in a brute force attack on your site.
https://www.wordfence.com/help/firewall/brute-force/#wordfence-security-network
The “Blocked by login security” block reason is normally triggered by the setting Immediately block the IP of users who try to sign in as these usernames under Wordfence> All Options> Firewall options > Brute Force Protection.
Please review the settings above and let me know what you find.
Thanks,
Mark
Hi @hobby365, thanks for reaching out.
Can you do the following so I can get the information I need to help you?
- Kill the existing scan if it is still running (The “Start New Scan” button turns in to a “Stop” button while the scan is running)
- Go to your Scan > Scan Options and Scheduling page and locate the “Performance Options” Set “Maximum execution time for each scan stage” to 20 on the options page
- Click “Save Changes.”
- Go to the Tools > Diagnostics page
- In the “Debugging Options” section, check the circle “Enable debugging mode”
- Click”Save Changes”.
- Start a new scan
- Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log and paste them in the post.
On occasion, this fixes it straight away. That’s because adding 20 for the “Maximum execution time for each scan stage” tells the scan to pause every 20 seconds and start again where it left off. If this fixes the issue and scans run again, you can leave all the settings above except for “Enable Debugging Mode”.
If the above doesn’t solve your issue, please send a diagnostic report to [email protected]. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
ThanksMark.
Hi @roberthu007, thanks for reaching out.
Normally, Wordfence-related blocks show a block page with a reason for the block. The HTTP 429 Too Many Requests response status code indicates a user has sent too many requests in a given time.
If you suspect Wordfence is causing the issue, I recommend disabling it manually via FTP/SFTP by following the steps below:- Open the FTP client and connect to your site via FTP/SFTP, depending on your setup.
- Once you successfully connect to your site via FTP/SFTP, navigate to the wp-content folder.
- Browse into the plugins folder.
- Rename the wordfence folder to wordfence.bak
If you’re still not able to log in with Wordfence disabled, please reach out to your hosting provider for assistance.
Thanks,
Mark.Hi @helenvrees , thanks for reaching out.
Have you, by any chance, made any recent changes to your WordFence settings? Loosening the security settings means that no user would get blocked while trying to access your site. This may explain why you’re not seeing any blocks on the report.
Also, can you please confirm whether you’re seeing any details in the Recently Modified Files and Updates sections of the report, or is the whole report blank?
Please let me know.
Thanks,
Mark
Hi @truongmarl , Thanks for reaching out.
Aside from optimizing the firewall, where we give the user an opportunity to download a copy of their .htaccess so that it can be reinstated in the event of a site-breaking problem, Wordfence doesn’t update .htaccess.
What’s the specific change you’re seeing on the .htaccess file?
It may be easier if you email your .htaccess file along with an explanation of what you’re seeing to [email protected] to help you interpret what’s happening. Please add your forum username to the subject line and respond here after you have sent it.
Thanks,
Mark
Hi @soolee, thanks for reaching out and sorry to hear you’re having trouble with this.
I tested this on my end, but I didn’t get any errors.
Could you please try adding it manually in Wordfence > All Options > Allowlisted URLs then set something like the below:
URL: /path/to/script.php
Param Type: Query String
Param Name: theme_nameThis could also be an issue with plugin/theme conflicts too. The best way to test is to run Wordfence and Beaver Builder as your only enabled plugins and also revert to a default theme such as Twenty Twenty-Three. If you are able to create entries on Beaver Builder, then reenable your plugins and theme one by one until it breaks again to help find the cause.
Let me know how it goes.
Thanks,
Mark.
Hi @sagetone , Thanks for reaching out and sharing the troubleshooting steps you’ve taken.
I know this might seem strange, but does another authenticator app of your default choice work? I have seen cases where Google Authenticator (for example) won’t activate the exact same codes that Authy or another app will.
I understand you’ve synchronized the time there, but this test should just rule the codes being presented on your site in or out as the root cause.
Here is a list of apps we’ve tested: https://www.wordfence.com/help/tools/two-factor-authentication/#how-to-enable-two-factor-authentication
Let me know how it goes.Thanks,
Mark
Hi @paulproe, Thanks for reaching out.
Unfortunately, our 2FA and ReCAPTCHA features currently only work for the default WordPress and WooCommerce login and registration pages and may not work on custom login and registration pages generated by other plugins or themes.
We have plans to expand our compatibility in the future, although we cannot commit to timelines here on forums.
Thanks,
Mark
Thanks for the update @scruffy1.
Glad to hear that blocking the domain on .htaccess worked for you.I have forwarded your request to the Threat Intelligence team so they can look into it.
Thanks,
Mark
Hi @anafasia,
Thank you for sending the debug log.
To send the diagnostic report, please try the below instead:
Navigate to Wordfence > Tools > Diagnostic page and then click the “Export” button. Send the txt file to [email protected]. Add your forum username in the subject and respond here once done.
Thanks,
Mark.
You’re welcome, @binaryfabric .
You could also consider installing a dedicated anti-spam plugin if you’re not currently using one. You can find a few recommended plugins here https://www.ads-software.com/plugins/search/antispam/
Thanks,
Mark
Hi @alamana , thanks for reaching out.
Can you please confirm the location of the modified files? Depending on the location of the modified files, head over to Wordfence>All Options>Scan Options>General Options and scroll down to confirm that these three options are enabled:
- Scan core files against repository versions for changes
- Scan theme files against repository versions for changes
- Scan plugin files against repository versions for changes
Additionally, make sure you have not included the directories that contain the modified files in the List of directories to exclude from the recently modified file list option under Wordfence>All Options>Activity Report.Please note that the Recently Modified Files section in the Activity report only includes a maximum of the 10 recently modified files at the time the report is sent.
Let me know how it goes.
Thanks,
Mark.