wfmark

You’re welcome @stevebrett.

Let me know if you need any further assistance.

Thanks,

Mark.

Hi @dimalifragis,

Apologies for the delayed response. Yes, the URLs redirect to the homepage, but they should return a blank page.

When these URLs don’t return a blank page like in your case, it indicates that Google bots are listing different query string combinations as legitimate site pages, which is often due to a theme misconfiguration – automatically redirecting any invalid page URLs to the homepage.

You may need to consult your theme developer or address plugin/custom code settings that might be causing this behaviour.

Thanks,
Mark.

Hi @psypat,

Apologies for the delayed response.

It looks like the redirects happen before Wordfence blocks the URL.

So when the user is redirected to https://banned.se, the block won’t take effect.

Thanks,
Mark.

Hi @voiceguy,

A cURL error 7 often indicates that communication to our servers and back to your site cannot happen at all. This error number can be solved from the hosts’ end, so it might be worth checking in with their support channels to see whether they can communicate with?noc1.wordfence.com?or whether this is blocked at their end.

Additionally, can you send the diagnostic report to?wftest @ wordfence . com? You can find the link to do so at the top of the?Wordfence > Tools > Diagnostics?page. Then click on “Send Report by Email”.?Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks,
Mark.

Hi @kwisatz, Thank you for reaching out.

Are these login attempts being blocked by Wordfence?

When logged in to the site, could you please navigate to Wordfence> Tools> Live Traffic and confirm whether you see any Traffic entries of the blocked login attempts on this page?

Brute force login attacks are one of the most common attacks that we see and are normal. We see millions of brute force login attempts per hour on WordPress sites protected with Wordfence.

Wordfence does all of the important blocking for you automatically so you don’t have to, but if you wish to make your brute force or rate limiting rules a little stricter so that they can’t retry as frequently, for example reducing login failures to 3 or 5 instead of 20, you might find the following links useful:

https://www.wordfence.com/help/firewall/brute-force/ 

https://www.wordfence.com/help/firewall/rate-limiting/ 

If there are successful login attempts and the user has administrative access, please let me know.

Thanks,

Mark.

Hi @stefanp44, Thank you for reaching out.

I couldn’t find your diagnostic report. Please try the below instead:

Navigate to Wordfence > Tools > Diagnostic page and then click the “Export” button. Send the txt file to [email protected]. Add your forum username in the subject and respond here once done. Let me know once you have sent the report.

Thanks,

Mark.

Hi @michael2010, thank you for reaching out.

Have you tried starting scans remotely from the Wordfence > Tools > Diagnostics > Debugging Options section? Does the exact same issue occur? There are other scan troubleshooting tips here: https://www.wordfence.com/help/scan/troubleshooting/

If nothing that I’ve suggested there works and you’re on Cloudflare or Litespeed, there can be other configuration requirements to prevent scans from stopping but the best way for me to determine this would be getting a scan log and diagnostic report from you.

If you could do the following steps for me:

• Go to the Wordfence > Tools > Diagnostics page
• In the “Debugging Options” section check the circle “Enable debugging mode”
• Click to “Save Changes”.
• CANCEL any current scan and start a NEW scan
• Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log once the scan finishes and paste them in this post.

Wordfence > Tools > Diagnostic > Debugging Screenshot

This will help me see exactly what is happening when the scan fails.

Then, can you send a diagnostic report to [email protected]? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks,

Mark.

Hi @cds71, Thank you for reaching out.

If you’re a Premium Wordfence Customer, I recommend opening a support ticket at https://support.wordfence.com. They will be able to assist you faster and more efficiently.

You can also access premium support via the Help menu item in the plugin, Help link on the plugin’s Dashboard page, on our documentation homepage or via the HELP link in the footer of all wordfence.com pages.

Thanks,

Mark.

Hi @stevebrett, Thank you for reaching out.

Wordfence has three rules that check for unsanitized files containing malicious code that can be uploaded to and executed by the web server. The rules are  “Malicious File Upload“, “Malicious File Upload (PHP)“, or “Malicious File Upload (Patterns)” and can be found in Wordfence > All Options > Firewall Options > Advanced Firewall Options > Rules after expanding the list.

There have been occasions when customers needed to disable one of these to prevent false positives. There are layers to how uploaded files are checked, so having to turn one of these rules off to fix any issues should still ensure malicious files are caught at a different stage of the checking process. Disabling/enabling them one by one can reveal exactly which one(s) can be permanently turned off to prevent any upload issues from reoccurring for your users.

I hope this is helpful.

Thanks,

Mark.

Hi @nfspck, Thank you for reaching out.

Could you please send a diagnostic report to [email protected]? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

Thanks,

Mark.

Hi @beingbaban, Thank you for reaching out to us.

Unfortunately, you cannot block an IP using templates on Wordfence Central. You can only block an IP address from the “Blocking” tab at the top of the “Firewall” page and then use the “Block Type” button that says “IP Address”. Make sure that you know that the IP address is malicious before you block it. 

You can also block an IP address on the Live Traffic tool page, with instructions on the documentation page here – https://www.wordfence.com/help/tools/live-traffic/#understanding-a-live-traffic-record 

Hopefully we can add this feature in a future release.  

Thanks,

Mark

Hi @russellcardiff, Thank you for reaching out to us.

Try clearing cache (site plugins and local browser) and disabling all other plugins except for Wordfence, then trying again to see if there’s a plugin or theme conflict causing the issue. You could also revert to a default theme, such as Twenty Twenty-Three.

If it works as expected, then re-enable your plugins and theme one by one until the issue recurs to help find the cause.

Also, can you send a diagnostic report to [email protected]? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

Thanks,

Mark.

Hi @sinapars, Thank you for reaching out.

Please confirm that you are not blocking outbound or Inbound requests from your site to our servers. Allow the IPs below on ports 80 and 443.

52.25.185.95

54.148.171.133

35.83.41.128

44.235.211.232

54.68.32.247

54.71.203.174

You may also want to confirm that IP detection on your server is correct. Take note of your IP as displayed on https://www.whatsmyip.org. Please note that this detection can sometimes not be 100% accurate on cellular phone network connections.

Navigate to Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs and reference the area under that section that says Detected IPs and Your IP with this setting. Start from the top and check to see if any settings show the same IP as the site above.

Let me know how it goes.

Thanks,

Mark
?

Hi @antonb99, Thank you for reaching out.

To rule out any caching issues, could you please try an incognito/private browsing window or a different browser than your default one? 

If the issue still persists, are you seeing any errors in your browser console for scripts related to Wordfence?

Thanks,

Mark

Hi @xonnext, Thank you for reaching out.

At the moment,the only way you can customize block pages is by adding a custom message using the option Custom text shown on block pages found in the Brute Force Protection section on the All Options page.

I have added your feedback to the feature request for this, as we have had many requests for this. We can’t provide ongoing updates here on the forums or comment on possible delivery dates, but any features we do add will appear in our changelog when new versions of the plugin are released.

Thanks,

Mark