wfpeter

That’s great to hear @rfahn27 and I’ll pass your kind words on to the rest of the team. It’s always appreciated when a customer takes the time to leave a glowing review to help the rest of the community decide on which security plugin they want to choose.

Peter.

No worries @khairulhasanmd, we believe the entire WordPress community deserves great security regardless of budget and it’s fantastic to hear you’re happy with the Wordfence Free plugin!

Thank-you for your five-star review!
Peter.

The important thing is that you’ve found it now @cipps! Delighted to hear you’re happy with it and took the time to leave a review.

Peter.

We sure will @doksplace, helping to keep the WordPress community safe is our #1 aim!

Thanks for your review,
Peter.

Thanks for letting us know @scisols – we’re glad you’re satisfied!

Thank-you @primalmover for providing a 5 star review of Wordfence, we’re pleased to hear the plugin helps you feel at ease with managing your site!

Peter.

Thanks @nasmet for your five-star review!

Hi @lubos55, sorry to see you’ve been having trouble with malicious code on your site.

When you refer to 7.11 as the time you started noticing problems, and then 16.11 and 18.11, are those intended to be Wordfence versions or am I missing a detail? It may be 7.11.6 and 8.0.1 you’re referring to, but either way I don’t think the version of Wordfence would be as important to detecting new malware as the malware signatures, firewall rules etc. These would be updated regularly regardless of the latest version of the plugin at the time.

It’s highly likely from your description that your site is affected to the point where your first clean may have not removed every detail, allowing the malicious code to be regenerated.

Unfortunately we can’t follow a site cleaning through step-by-step here on the forums, but we do have some excellent resources, an internal point of contact, and general advice that can assist you. You should try the following checklist if you didn’t with your original clean:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

You might find the WordPress Malware Removal section in our free?Learning Center?helpful for this too.

Make sure all of your plugins and themes are up-to-date and that WordPress core is on the latest version. As a rule, any time someone thinks their site has been compromized, we tell them to?update the passwords for their hosting control panel, FTP, WordPress admin users, and database?in order to cover the key access points where somebody could change or upload things on your site. Make sure to do this!

Check for administrative users you don’t recognize in WordPress > Users > All Users, just in case there is anything suspicious there. Delete any that you know shouldn’t have this kind of access.

If you (or Wordfence) finds files/code that are suspicious, but you’re unsure of the next steps, you can send files/code to?samples @ wordfence . com.?If you do, just make sure to?remove any database credentials or keys/salts?in any files you do send over. Our team could help identifying real threats from false-positives and advise on steps that may need to be taken from there.

If you’re unable to clean the site without assistance, we do offer paid services. Site cleaning services are available from other sources too. Please contact?presales @ wordfence . com?if you’d like to discuss things further as we can’t go into detail here on the forums.

Whether you choose to follow our guides yourself, or let someone else take a look, we recommend that you always?make a?full backup of the site beforehand.

Many thanks,
Peter.

Hi @gwcm, thanks for getting in touch.

Generally when we’ve seen issues with wfconfig, it can be down to an excessive number of rows. That isn’t particularly common though and I haven’t seen similar cases recently with wfls_settings that might point to a common reason why both tables would be affected together. Extra overhead could be down to temporary disk space that the database uses to run some queries.

You could try optimizing the table in phpmyadmin (or however you usually administer your database) to see if it removes them from the slow query log. This is good to keep an eye on to ensure everything continues to run smoothly and may improve efficiency if maintenance hasn’t been performed for a while.

If not, it could be worth seeing a copy of your PHP error log and diagnostic report to us. You can send that to?wftest @ wordfence . com? You can find the link to do so at the top of the?Wordfence > Tools > Diagnostics?page. Then click on?“Send Report by Email”. Please add your forum username where indicated and?respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Many thanks,
Peter.

Hi @someone3210, thanks for your question!

Our reCAPTCHA and 2FA are designed to be compatible with the default WordPress and WooCommerce logins only. If our reCAPTCHA is enabled and not compatible with your current login page, it will need to remain disabled until we have looked into additional compatibility updates for custom login pages and/or other popular plugins such as Ultimate Member.

Ultimate Member may offer their own reCAPTCHA solution as an add-on module for logging in, or it may be more appropriate to look into a plugin that can add reCAPTCHA to other forms around your site for comments on posts, etc. if that’s the kind of spam protection you’re looking for.

Thanks,
Peter.

Hi @tcmartin, thanks for getting in touch.

What is the specific error you’re seeing in your logs when the site fails to load? Your site is inaccessible to me but as an admin you may have access to clear messages that could point to the cause.

The most common problem that could prevent a site from loading at all is if the path to wordfence-waf.php is incorrect in .htaccess, resulting in an error – which may present as a blank page or Error 500 page in a browser. This most often happens if a site has been migrated to a new server or changed in some other way without the firewall optimization being removed first:

; Wordfence WAF
auto_prepend_file = '/your/path/to/wordfence-waf.php'
; END Wordfence WAF

The firewall will run in Basic Protection rather than Extended Protection if that line is removed manually. The optimization wizard should correctly detect the path the next time it is run from inside Wordfence.

Many thanks,
Peter.

Hi @moodyhosam, thanks for reaching out about this.

Errors like?Allowed memory size of x bytes exhausted (tried to allocate x bytes), or?Out of memory (allocated X) (tried to allocate X bytes)?are?almost always?memory exhaustion occurring somewhere else on the server. Once this happens, anything that requires some memory, like our scans or plugin updates can trigger the error but it’s not the root cause from multiple tests with customer server logs and Wordfence diagnostic data.

Your operating system/web server log files will likely show if memory is being exhausted somewhere outside of PHP and why. This is usually a job for your hosting company’s support as they have access to those logs, can diagnose the source and potentially resolve the problem internally. Shared servers especially could be susceptible to this problem, but that’s from other cases we’ve seen, and may not be the same cause for you.

Let us know what you find out!
Peter.

Hi @maorb, thanks for your question.

Automatic (or manual blocks you make via Live Traffic) will block an IP for the duration you have specified under Wordfence > All Options > Rate Limiting Rules > How long is an IP address blocked when it breaks a rule or Wordfence > All Options > Brute Force Protection > Amount of time a user is locked out, depending on the reason for the initial block. This timescale could be as low as 5 minutes. You can increase this value to hours, days, or months if you’d prefer.

During the timescale specified in the above setting, they’ll appear on the list in the?Wordfence > Blocking?page. It is possible to click the “Make Permanent” button here after checking the box next to one or more IPs. It is important to note that some blocks Wordfence makes for reasons outside of your settings may?never?appear on the?Wordfence > Blocking?page and just be handled when they hit your site in real-time.

We believe a manual or permanent blocking regime is mostly unnecessary as a result of the above. The reason why Wordfence itself doesn’t permanently block on your behalf is down to the extra workload created for the administrator should that IP later be reassigned to a legitimate visitor, plugin, or service. If unwanted blocks started happening as a result of that, it may not be immediately apparent to most users why it’s happening.

Many thanks,
Peter.

Hi @futuradv, thanks for your question.

Wordfence is unintrusive and generally runs well on the vast majority of ~5m sites it’s installed on despite having to consider many server and plugin/theme combinations. We constantly work on making the plugin faster, perform better, and use less resources but there are not set amounts of RAM, CPU or database queries that we know Wordfence will definitely require in each use-case or hosting environment. Shared hosting, larger databases, or more installed plugins could all be a factor in slower operation in specific cases.

Aside from this, if?Litespeed?or Cloudflare run on your server, you could check if their configuration with Wordfence is contributing in any way to the slow-down of your site. Cloudflare for example requires a bespoke Wordfence IP detection option selecting, and whitelisting of your own server’s IP in their settings for scans to run correctly. Litespeed requires a noabort setting to prevent scans from stopping whilst in progress.

Let us know if you see anything specific in your server/PHP/database logs that might point to Wordfence as we could make further suggestions based on the kind of specific errors or messages you’re seeing.

Thanks,
Peter.

Hi @aitta10, thanks for reaching out.

You can check the permissions for file reading/writing on the?Wordfence > Tools > Diagnostics?page. The first error may suggest there’s a problem with permissions on your server, but could have just been a temporary issue if everything there seems fine.

The GeoIP database to report the location of IP addresses targeting your site, and most files in the wflogs folder do get regularly updated so that doesn’t seem unusual activity.

Many thanks,
Peter.