wfsteve

Hello @billmc,

You referenced a couple different items in your request so let me address each.

The “Protect More Sites” link is hardcoded and links you to the Wordfence.com login page to manage such items as your API Keys and Billing Information. This link is unable to be hidden.

The other item mentioned was the orange notification bubbles with a number “1.” The notifications can be customized to minimize the number of notifications you see. Another option to reduce the number of notifications is by ensuring you keep plugins current by either manually updating them or if they have an auto-update feature, making sure that is enabled.

Hope this helps.

Thanks,
Steve

@relenbaas,
That’s great you are optimizing the firewall! Have you taken a look at Firewall Optimization Troubleshooting guide yet? I suggest going through this document and especially the ‘Sites using lsapi instead of mod_php’ section as that most applies to your configuration.
Let me know if we can further assist you.
Thanks,
Steve

Hello @amsakwp,

Can you open up the Firewall > Rate Limiting page and let me know what the values are set to for the “Rate Limiting Rules?” This section lets you limit how many pages visitors and automated crawlers can access on your website per minute.

When looking on the Live Traffic and Blocking pages, do you see any IPs listed or is the list empty? If it’s empty, it’s possible you have CloudFlare’s Rocket Loader service running on the site. We’ve seen a couple times where Rocket Loader breaks the javascript/jQuery on the page. Going in and turning off Rocket Loader on the CloudFlare site resolves the issue and lets you see the blocked IP addresses.

Thanks,
Steve

Hello @webby1973,

First off I want to apologize for the delayed response. If this has been working and stopped recently as you mention, I suggest reaching out to your hosting provider and determine what changes on their end have triggered the images to no longer display on your site.

Every once in while we see a plugin author insert php files into the uploads folder such as images. Typically when this is seen, the plugin will give an error indicating the issue. Deselecting the option restores the functionality.

Can you please go to Firewall > Manage WAF and tell me how it is configured. Wordfence typically finds the best configuration option for you. In your specific case, the setting is likely set to ‘Apache +CGI’ which is the correct option. Have you had as chance to check out our firewall optimization guide for information about If php.ini has been edited manually but the changes still do not take effect

Thanks,
Steve

Hello @collinslad,

Great job in your initial troubleshooting by disabling plugins to help isolate if the issue is related exclusively to Wordfence or if it’s an issue with interference between the Wordfence plugin and another plugin on the site! You are on the right track.

The next step I suggest is to use our Wordfence Assistant to delete all Wordfence data from your database before re-installing the Wordfence plugin.

Let us know if you are successful in installing after using the Wordfence Assistant tool.

Thanks,
Steve

@spiros,
Can you please send me a screenshot of your Live Traffic page? I want to see if there is another internal request from a separate plugin being blocked by the firewall. To ensure you don’t have the issue of your server IP address getting blocked again , I would whitelist that IP address.

Thanks,
Steve

@11whyohwhy15,

Removing the /xmlrpc.php file does look like it resolves the issue of WPFC being blocked. However, if you see this happen again you will probably need to whitelist WPFC‘s IP address range In the advanced firewall options section of the firewall options page.

The Rocket Loader service is still considered in a Beta stage so I advise not running the service on a PRODUCTION server. My suggestion is to leave the service disabled for now. I would also monitor the Cloudflare site and look to see when Rocket Loader is updated and moves out of the Beta phase.

Thanks,
Steve

@rlweiner,

Thanks for sending the latest email report. Do you recall if there is an uncompressed site stored on the server? If so, connect via FTP/SSH and rename the Wordfence folder found in wp-content/plugins in the UNCOMPRESSED backup folder. What’s I’m thinking is there may be another backup that is emailing the reports, and since it’s not an active site, the reports would contain no data.

Let me know your findings.

Thanks,
Steve

Hello @jorgitobg,

Currently there is not a way to block visitors based on comments. However, we do offer a “Comment Spam Filter” that can be configured to hold anonymous comments and filter comments for malware and phishing URLs to prevent attacks on your site.

I think this is a great idea and I will make sure to inform our developers of the suggestion.

Thanks,
Steve

\@relenbaas,

I wanted to follow up with you and ask a question to make sure I’m understanding your initial request. Are you looking to optimize the firewall or edit specific settings and customize the firewall.

Thanks,
Steve

Hello @liberatores,

I wanted to make sure I understand your inquiry. You changed the name of the /wp-admin folder to something else but are not sure what it is. Is that correct?

It sounds like another security plugin was installed such as iThemes or the Rename wp-login.php. Plugin. I suggest reaching out to the developer for assistance in finding the login URL.

Thanks,
Steve

@amsakwp,

Thanks for the screenshot. Do you know if you are using Cloudflare’s Rocket Loader feature? We’ve seen a couple issues with clients using that and receiving the jQuery messages on the Blocking page like in your screenshot. If you do have that plugin, can you temporarily disable it and see if the blocked IPs are now visible.

Thanks,
Steve

@jason Ryan,

You mention it wasn’t in that view. Can you tell me if other IPs are listed in that view or is the window blank?

Out of curiosity, are you using the Cloudflare “Rocket Loader” feature? We’ve seen a couple of times where that feature causes JQuery to break and blocked IPs do not show on the page.

To verify the page is loading, can you open the “console” by pressing F12 on your keyboard and looking for any red text in the “console” and “network” tabs. If you see any there, a screenshot would be great so we can examine what is happening on the page.

Thanks,
Steve

@11whyohwhy15,

Thanks for the data! It definitely looks like Rocket Loader is causing jQuery to break.

I suggest reaching out to Cloudflare support to examine what is happening with the Rocket Loader that triggers jQuery to break. It’s possible that a recent update with Rocket Loader caused this issue to appear. I would verify you have installed the latest release of that plugin.

Let us know how else we can assist.

– Steve

@amsakwp,

Do you mind opening the console your browser (access via the [F12] key) on the Blocking page and look for any red text in the “console” and “network” tabs? I want to make sure there are no javascript errors on that page causing the blocked IPs to not display on the page.

Let us know what you find on that page.

Thanks,
Steve