wfmark

Hello @thedetoureffect, thank you for reaching out to us.

From the description, I suspect this could be a false positive issue that can be resolved by switching the firewall to Learning Mode. Sometimes, WordPress plugins or themes may exhibit behaviour that resembles known attack patterns, which results in the Wordfence Firewall blocking something that is not malicious

Please try enabling the Learning Mode. From the Wordfence Dashboard, click on Manage WAF. Then, you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode, then try signing up using the MailPoet form. This will help Wordfence learn that any actions during this time are expected, and it will allow them in the future. After you’re done, switch the WAF from Learning Mode back to Enabled and Protecting and test to see that you can still sign up.

Please get back to us in case the above doesn’t solve your issue.

Thanks,

Mark. 

Hello @franckw, thanks for reaching out to us.

To stop this spam registrations on the site, I recommend enabling reCAPTCHA in Wordfence > Login Security > Settings> Enable reCAPTCHA on the login and user registration pages so that the default WordPress registration page can only be used by humans.

General treatment of bots can also be set in the Rate Limiting section of  Wordfence > All Options to limit how many pages visitors and automated crawlers can access your website per minute as described in this article https://www.wordfence.com/help/firewall/rate-limiting/ 

You could also consider installing a dedicated anti-spam plugin if you’re not currently using one. You can find a few recommended plugins here https://www.ads-software.com/plugins/search/antispam/  

Let me know if this helps.

Thanks,

Mark.

Hello @soozie10, and thanks for reaching out to us!

This could be due to an issue with your IP Detection.

To double-check that your IP detection is correct, first check the following site and take note of your IP (note that this detection can sometimes not be 100% accurate on cellular phone network connections): https://www.whatsmyip.org.

Then, head over to your site and go to Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs and reference the area under that section that says Detected IPs and Your IP with this setting. Start from the top and check to see if any of the settings show that both of those show the same IP as the site above does.

If this doesn’t resolve your issue, can you send a diagnostic report to [email protected]? You can find the link at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”.

Please add your forum username where indicated and respond here after you have sent it.

Thanks,

Mark.

Hi @webexs , thank you for contacting us.

Can you please confirm the block reason you’re seeing on the Wordfence Block Page when you access the site? 

If the IP address has been blocked for violating any rules configured in Wordfence, it should be listed under Wordfence> Blocking with a reason for the block. These blocks usually expire after some time, depending on your settings.

To unblock the IP address, navigate to Wordfence > Firewall > Blocking. Select the checkmark next to the block entry, then click the “Unblock” button.

If you can’t find the IP address on the Blocking page above, check the Live Traffic Page under Wordfence> Tools>Live Traffic and use the advanced filters to specify the IP address that is blocked. Expand the results using the view (eye) icon and share a screenshot of the Live Traffic entry.

Thanks,

Mark

Hi @ismailsirajeittembe, thank you for reaching out to us and bringing this to our attention.

ClamAV “UNOFFICIAL” signatures are broad and prone to false positives but it’s best to be safe, so please send the highlighted files along with any pertinent data that may be helpful to our team at [email protected] so that our team can look into it and determine why Wordfence didn’t pick it up.

In your email, please include a link to this forum topic so that our team will know you had raised the issue with us. Remember to obscure any passwords or keys/salts in any files you send us.

Thanks,

Mark

Hi @mtnweekly , thanks for reaching out.

Can you please confirm the Wordfence version you’re on? Wordfence appends a parameter during the process of checking whether a visitor is human but hasn’t used the name wordfence_logHuman for quite some time. We’re unable to provide support for older versions of the plugin and recommend that customers keep WordPress, Wordfence, and other plugins up-to-date at all times to ensure the security of their site.

The Live Traffic feature in Wordfence uses  ?wordfence_lh=x&hid=xxx… query string URLs, and so these are normal to observe. When these URLs are visited, the expected behavior is to return a blank page. With time, Google should recognize that those paths are not useful to crawl.

If the URLs in your case don’t return a blank page, it indicates that Google bots are listing different query string combinations as legitimate site pages, which is often due to a theme misconfiguration – automatically redirecting any invalid page URLs to the homepage.

You may need to consult your theme developer or address plugin/custom code settings that might be causing this behaviour.

Thanks,
Mark.

Hi @songdove , thanks for reaching out.

Can you please provide a precise description of the issue you’re trying to solve? 

Wordfence has a rate-limiting feature that you can use to limit how many pages visitors and automated crawlers can access your website per minute. 

You can read more about it here:  https://www.wordfence.com/help/firewall/rate-limiting/ 

Thanks,

Mark

Hi @alexliii, thanks for reaching out.

Wordfence can’t be deactivated on a subsite, as it can only be installed as a Network-activated plugin on multisite setups.

Do you have specific problems or a particular use-case that requires Wordfence to be disabled on this particular subsite?

Please let me know.

Thanks,

Mark.

Hi @minhazmohamed, thanks for reaching out.

Unfortunately, there is no way to get the activity for each site separately. Wordfence can only be installed as a Network-activated plugin on multisite setups.

Let us know in case you need any further assistance.

Thanks,

Mark.

Hi @grahappa , thanks for reaching out.

This is currently not a feature available in Wordfence. We currently have options to allowlist IP addresses so they can bypass Wordfence Rules and 2FA or reCAPTCHA.

The closest feature to what you want is on the Wordfence > Firewall > All Firewall Options page in the Brute Force Protection section. You can input specific usernames/emails for which you see login attempts in the textbox next to “Immediately block the IP of users who try to sign in as these usernames.” Don’t forget to save the changes before leaving the page.

You can read more about this feature here – https://www.wordfence.com/help/firewall/brute-force/#lockout-usernames 

Please note that this option will not prevent users or bots from registering using the same username or email. If you’re seeing any spam registrations on the site, you will need to enable reCAPTCHA in Wordfence > Login Security > Settings so that the default WordPress registration page can only be used by humans.

General treatment of bots can also be set in the Rate Limiting section of  Wordfence > All Options to limit how many pages visitors and automated crawlers can access your website per minute as described in this article https://www.wordfence.com/help/firewall/rate-limiting/ 

Let me know in case you need any further assistance.

Thanks,

Mark.

Hi @danesthesia , thanks for reaching out.

Unfortunately, our 2FA and reCAPTCHA features are only supported for the default WordPress/WooCommerce login and registration pages and may not work on custom versions of these pages created manually or by other plugins/themes, which explains why you’re having trouble with this. 

We have plans to expand our compatibility in the future, although we cannot commit to timelines here on forums.

Thanks,

Mark.

Hi @satellitewp ,?

Thank you for getting back to us.

We made changes to the free license sign-up process. Existing free site keys created before the change will continue working, but all new installations require you to register for a new key.

You can see the reasoning behind why we changed the free signup process in the following blog post: https://www.wordfence.com/blog/2022/11/wordfence-7-8-0-announcement/ 

Please click on the Resume installation button on the sites with issues and follow the instructions in the video on the page below to obtain a free license key.

https://www.wordfence.com/help/api-key/#installing-your-free-license-key 

Please note that you can use the same email address to obtain license keys for all your sites. There’s no limit to the number of free sites a single email address can configure.

Let me know in case you have any issues.

Thanks,

Mark.

Hi @arsah ,

Thanks for getting back.

It sounds like Wordfence is not detecting IP addresses correctly on your site. Take note of your IP  as displayed on https://www.whatsmyip.org. Please note that this detection can sometimes not be 100% accurate on cellular phone network connections.

Navigate to Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs and reference the area under that section that says Detected IPs and Your IP with this setting. Start from the top and check to see if any of the settings show the same IP as the site above does.

Let me know how it goes.

Thanks,

Mark.

You’re welcome @joeyjosay .

Country Blocking is a premium feature, and we aren’t allowed to discuss those here as per forum rules. Please contact [email protected] for more information on this feature.

For your second question, we do not typically recommend blocking IPs permanently, as attackers rarely reuse IP addresses. For more information, please check out the blog post below: https://www.wordfence.com/blog/2017/11/should-permantly-block-ips/

Thanks, 

Mark

Hi @wpfanar ,

Thank you for getting back to us.

Typically, the Block IPs who send POST requests with blank User-Agent and Referer option is one we recommend keeping enabled. You can see our documentation on that here: https://www.wordfence.com/help/firewall/brute-force/#block-blank-post

Let us know if you’d like to look at the diagnostics to see if anything stands out going forward.

Thanks,

Mark