wfpeter

Hey @thewoosh, thank-you for kindly providing a five-star review and sharing your thoughts!

It’s always a boost for us to see users who’ve found Wordfence more recently enjoying the features on offer and consider it a worthwhile security investment for their site(s).

I agree, it can be quite alarming to suddenly see the sheer number of humans/bots hitting your site with URLs that don’t exist, trying out usernames, or being blocked for trying to access certain areas/plugin files etc. They’re usually just testing for the low-hanging fruit where an unpatched version of a plugin remains, there’s no security measures in place, or where there might be an easily guessed username/password combination. You’re well protected just by having Wordfence installed to spot these for you along with the other settings you mention.

We have been in the WordPress space since 2012, and our mission has always been to provide thorough security to the whole ecosystem regardless of budget. We have expanded the team in those twelve years to include an internal Threat Intelligence team, whose hard work in addition to that of others in the community keep our customers safe with new signatures, firewall rules, and features. Purchasing a Premium license supports our work and comes with certain perks but the free version of Wordfence includes a high percentage of the base features our paid services do.

We appreciate there are many sites ranging from hobbyists to corporations that all deserve to be protected from known and emerging threats. There are certainly no plans to pull the rug from under our free users’ feet.

Thanks again and all the best going forward,
Peter.

We really appreciate your 5* review @mulwani1988! It’s great to see that the plugin fulfils the WordPress security requirements you were looking for.

Peter.

Thank-you @ashley6666 for your excellent review of Wordfence! We’re glad you find it useful and took the time to let us know.

Peter.

Thanks for getting in touch @ali2woo,

Our reporting of this seems to be down to a CVE ID being issued, and the vulnerability being verified on Patchstack. Wordfence will report these, even though we weren’t the entity that decided it was a valid vulnerability. I notice that Patchstack currently states, “No fully patched version available.“

It’s best to fully patch the vulnerability and inform Patchstack to verify it as Wordfence Intelligence will, in turn, also update when a fix is confirmed by the vulnerability’s origin source. If you send us the original report to wfi-support @ wordfence . com for review, our team can check that with the latest plugin version to confirm if the issue is patched. For anybody finding this topic, that’s for Wordfence Intelligence only and is not available for plugin support queries.

Many thanks,
Peter.

• This reply was modified 8 hours, 18 minutes ago by James Huff.
• This reply was modified 8 hours, 16 minutes ago by wfpeter. Reason: Added our WFI email contact details

Hi @slamchez, thanks for reaching out before your migration.

If you’re planning to do a fresh plugin install from a totally different environment I think that’s reasonable as the new environment’s .htaccess/.user.ini requirements will be detected from scratch when you enable Extended Protection.

You can usually remove sites from Wordfence Central by clicking the “Disconnect This Site” link on the Wordfence plugin’s?Dashboard?page before you migrate. If the site ends up in Central’s Connection Issues tab, simply click the trash icon to remove it. You can then set up from scratch after the migration from the Central or plugin end as both options are available to you.

If you use?Wordfence > Tools > Import/Export Options,?make sure to keep the long string of text for the import. Wordfence > Firewall > All Firewall Options > Allowlisted URLs are?NOT?included in the Import/Export, and will be lost during the reinstall. Here is what is exported:?https://www.wordfence.com/help/tools/import-export/

Many thanks,
Peter.

Hi @kristinubute, thanks for getting in touch!

You don’t need to manually reinstate Extended Protection in the .htaccess, you can just follow the wizard again in Wordfence > Firewall > All Firewall Options if that’s been accidentally removed. Wordfence would only remove this if “Remove Extended Protection” was clicked on the same page.

Knowing that a scan stage failed to start with no scan log information or knowledge of platform, settings etc. wouldn’t be immediately knowable from our end. Feel free to send the diagnostic from the problematic site to see if we can spot a configuration issue.

Send it to wftest @ wordfence . com directly from the link at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Many thanks,
Peter.

Hi @helani,

I think this may be related to your other topic, or at least we can look into both at the same time. I will close that one but link it here so we can refer back to the detail you left there easily: https://www.ads-software.com/support/topic/assistance-required-wp_remote_post-failure-and-error-520-with-cloudflare/

Usually having a “Connecting back to this site via IPv6” error in?Wordfence > Tools > Diagnostics?doesn’t cause trouble reaching a site. However, configuring your server to use IPv6 to reach the origin?could?be related if you have – especially if you’ve already tried allowing the IPv4 addresses.

On top of allowlisting our IPs, the loopback (connecting back to your site) can be an issue with Cloudflare too. If you check?this link, did you already change your Cloudflare settings to allow the IP(s) seen at?Wordfence > Tools > Diagnostics > IP(s) used by this server?

If you’re still unable to connect, I think a site diagnostic will give us something to go on as many sites running Wordfence are also running with Cloudflare successfully. You can do that from?Wordfence > Tools > Diagnostics?to us at?wftest @ wordfence . com. Click on?“Send Report by Email”. Please add your forum username where indicated and?respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks,
Peter.

Hi @helani, thanks for your messages.

We’ll group these together, so I’ve linked back to this topic from the following one: https://www.ads-software.com/support/topic/assistance-required-for-429-too-many-requests-error-with-wordfence-connectivity/

Thanks,
Peter.

Hi @zpupster,

Whenever you’ve been blocked and cannot take further actions on your own site, rename the?/wp-content/plugins/wordfence?plugin folder to “wordfence_bak” (without quotes). This should let you access and log into your site normally.

You can then rename the folder back to “wordfence”, but?if you become blocked again immediately?it’s sometimes necessary to install the?Wordfence Assistant?plugin to?disable?the firewall before trying to reenable Wordfence. This would allow you to remove your (and your boss’) IP block from the?Wordfence > Blocking?page too.

There is a chance you were blocked because your password recovery email attempts or other settings are limited too heavily in your?Brute Force?or?Rate Limiting, so check those. It’s also worth double-checking How Does Wordfence get IPs on your site in case everybody is being detected as the same IP and blocks are occurring for everybody when a single user/bot gets blocked.

Don’t forget to also reenable the firewall again if you had to disable it earlier.

Many thanks,
Peter.

Thanks for sending that over @miziol,

As you’re on Litespeed, it looks like $_SERVER['noabort'] is already set to prevent scans stopping without warning, which is documented here: https://www.wordfence.com/help/advanced/system-requirements/litespeed/

Secondly, I notice your?max_execution_time = 300?in?php.ini. We have noticed problems when numbers are set higher than 60, or when it’s 0 – which effectively means “no limit”.?Wordfence only ever attempts to use half of the value set here, so it would be good to change to?max_execution_time = 60?to see if the scan continues.

Also, check?Wordfence > Scan > Manage Scan?and locate the “Performance Options” section. Set “Maximum execution time for each scan stage” to 20 as it currently appears to be 0. Try running a fresh scan after changing that along with the max_execution_time.

Finally, if those approaches don’t seem to help, does setting?Wordfence > Tools > Diagnostics > Start all scans remotely?make any difference?

Many thanks,
Peter.

Hi @miziol, thanks for reaching out.

It could be an issue with timeout settings that didn’t present until maybe the site was a little bigger in terms of content, or had more plugins installed etc. but it’s probably best to see which platform you’re running on and if there are any clear issues reported from Wordfence.

Visit the?Wordfence > Tools > Diagnostics?page. You can send the output to us at?wftest @ wordfence . com. Click on?“Send Report by Email”. Please add your forum username where indicated and?respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Many thanks,
Peter.

Hi @steviek, thanks for reaching out!

I have seen one other issue with 45 files this update cycle from 6.6.x to 6.7, and these do happen from time-to-time during a WordPress core update but aren’t common to everybody. If you still receive this result after running another scan, it could be down to file/owner permissions on your server but if it’s a one-off (or at least the first time) then it was likely a temporary issue when the core update was done.

I’ve modified my response if you received a prior notification via email.

Could you please send us a diagnostic as we’ll be able to see which files were detected in the most recent scan from there. I now think it’s best to check if they are indeed core files before confirming they’re OK to ignore until the next update.

Visit the?Wordfence > Tools > Diagnostics?page. You can send the output to us at?wftest @ wordfence . com. Click on?“Send Report by Email”. Please add your forum username where indicated and?respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Many thanks,
Peter.

• This reply was modified 1 day, 7 hours ago by wfpeter. Reason: Modified to request a list of some files

Hi @jonathanvargasr, thanks for reaching out.

If your Brute Force Protection toggle is set to “ON”, then the site should observe your rules on how many failures and attempts the user is allowed before they’re blocked, and how long they’re locked out for. We generally recommend trying somewhere around?3-5?for login attempts and forgotten passwords in?Wordfence > All Options > Brute Force Protection, counted over?4 hours, with a?30 minute lockout. Is the “hide invalid login” referring to “Don’t let WordPress reveal valid users in login errors”?

You can test this by accessing your login page from a mobile device (disconnected from wifi, using mobile data, to prevent your other devices being locked out too) and trying to break those rules. If you receive a Wordfence-branded block page as a user then you should also see the event logged in Live Traffic afterwards. You can always unblock your mobile device from the Wordfence > Firewall > Blocking page so you don’t have to wait until the lockout time has elapsed.

If that doesn’t work and you don’t wish to make your domain public on here for us to test, you could send us a diagnostic as we’ll be able to see it from there. Visit the?Wordfence > Tools > Diagnostics?page. You can send the output to us at?wftest @ wordfence . com. Click on?“Send Report by Email”. Please add your forum username where indicated and?respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks,
Peter.

Hi @keraweb,

It may be worth getting a definitive answer from Zapier, although I found two separate answers updated relatively recently depending on what it is you’re connecting to. The following page was last updated 3 months ago stating that “In order to connect to WordPress, you must have XML-RPC functionality turned on.”: https://help.zapier.com/hc/en-us/articles/8495969550989-Common-Problems-with-WordPress

Although when connecting to WooCommerce specifically they do seem to utilize the REST API, “Zapier provides integration with WooCommerce, but the technology used to connect to WooCommerce is not XML-RPC API. Zapier uses WooCommerce’s REST API to connect to the platform.”: https://community.zapier.com/how-do-i-3/does-zapier-uses-wordpress-s-xml-rpc-api-21942

We already recommend leaving XML-RPC on if you need something that uses it like the WordPress app or Jetpack although I would imagine now Application Passwords are easily available some services may move over to this, or default to the REST API in the future.

Many thanks,
Peter.

Thanks for sending that over @gwcm,

The tables sound like an acceptable size, the case I mentioned before had over 1000 rows when it clearly should have less. Would it be possible to also send your full database slow query logs over? You can use the same email address and include your forum username in the subject so I can find them.

As you have quite a high number of plugins installed, it’d be quite important for us to see whether Wordfence’s scans or other queries are affected by that, or if any other plugins (or WordPress itself) are also experiencing slow queries elsewhere. If they are, it could suggest less resources are available than required.

Thanks again,
Peter.