wfsteve

Good evening @11whyohwhy15,

Thanks for your continued feedback trying to resolve this issue. I’ve been researching a little more and a couple things come to mind. It’s possible that WP Fastest Cache has started doing their precache queries via xmlrpc.php which would trigger the banned URL block.

Can you open the console your browser on the Blocking page and look for any red text in the “console” and “network” tabs? I wonder if there is a javascript error preventing the blocked IPs from showing on the page.

Thanks,
Steve

@mighty Good,

Due to WordPress forum guidelines, we are not able to discuss Premium options. If you are interested in more information feel free to contact [email protected]

Site security is most important and I agree with @logan Kipp in that both applications can coexist on the same site for additional protection. The only caveat is that you want to ensure both applications don’t access the same function such as two-factor authentication to prevent any possible issues.

Let us know if we can be of further assistance.

Thanks,
Steve

@jason Ryan,

Blocked IP addresses are found on the Wordfence > Blocking page. There you can select the IP of your client and press the [Unblock] button to allow that IP access to the site.

I advise using this approach rather than whitelisting the IP address as that allows all security to be bypassed for that IP address which could open the site to XSS and CSRF attacks

Thanks,
Steve

@rlweiner,
Thanks for sending those logs. There are a couple things I noticed after looking at the logs you are using an older version of Wordfence. Can you upgrade to our latest 7.1.7 release and run an email report to let us know if that resolves the issue for you.

Also, do you know if your site setup uses multiple databases? If it does, it’s possible that when the email reports are generated, the data pulled is from a stale database and not the current database.

Awaiting your response,
Steve

Hello @relenbaas,

I’m sorry to hear you are having issues configuring the WAF with the recommended setup and unable to get the firewall working the way you desire it to work. Do you mind sending a diagnostic report to stevenr[at]wordfence[dot]com so I can take a look at what the setup should look like and how to best assist you?

Thanks,
Steve

Hello @wondermike,

We’ve seen a similar issue to this about a year ago. Can you please provide us the exact domain as listed in the WordPress Settings page so we can further examine this issue?

Thanks,
Steve

• This reply was modified 6 years, 5 months ago by wfsteve.

Hello @spiros,
The first thing I would examine is to verify the How does Wordfence get IPs value is set to the correct option.

If the setting on how Wordfence gets IPs is set incorrectly, the server will see all incoming IP addresses the same way and apply the same “Rate Limiting Rules” to all IPs potentially blocking a request from a valid IP address.

Can you verify that you are running the latest 7.1.7 version of Wordfence? We made an update in version 7.1.6 to automatically whitelist server’s own IP for known safe requests.

Let us know if adjusting those settings resolves the issue for you.

Thanks,
Steve

Hello @11whyohwhy15,

Let me start with your first question about Wordfence blocking WP Fastest Cache. It appears there might be a URL listed in the “Immediately block IPs that access these URLs” section of the Wordfence > Firewall > Advanced Firewall Options page that is triggering the page block. Can you please verify?

Examining your second question, it’s possible the culprit is the “Rate Limiting Rules” values are too short and the blocked IPs are disappearing before you can view them. What value is set for How long is an IP address blocked when it breaks a rule? For testing purposes can you temporarily set the value to 30 minutes and confirm any blocked IPs now show in the blocking section.

Thanks,
Steve

Hello @amsakwp,

Can you go to the Wordfence > Firewall page and select the Rate Limiting section? I’m curious to know the values set for the Rate Limiting Rules. The values set on this page determine the length of time the blocked IP addresses show on the Blocking page where you can also permanently block the suspicious IPs

Let us know if adjusting those values resolves the issue.

Thanks,
Steve

Hello @forceflow,

When the WAF reverts to Learning Mode, does it provide a specific date that it turns on?

While you mention no process is touching the wflogs folder, I’m curious if there is a manually configured malware scanner on the server that sees the config.php file in the wflogs folder and deletes it. This would trigger the firewall to go back into Learning Mode.

Thanks,
Steve

Hello @gaieus,

I wanted to follow up and determine if the solution suggested by @succotash of logging out and back into your site resolved the issue and the [Review] button is now available for you to select and continue on the site.

Another option if the issue persists is to download the Wordfence Assistant allowing you to delete the Wordfence data and essentially bring the Wordfence plugin to a “fresh install” status.

Let us know if additional troubleshooting is required.

Thanks,
Steve

@rlweiner,

First off I wanted to thank you for your patience in receiving a reply.

There are a couple things that I’d like to get more information on from you to help diagnose the issue. Is it possible you have an older site with Wordfence installed that is running an older version of the plugin? Can you send a copy of the actual email to stevenr[at]wordfence[dot]com?

If there are no older sites and the email is originating from an active site, go to the <i>Wordfence > tools > diagnostics</i> page and send a copy of the diagnostics report to the same email address listed above. This will let us dig deeper into the root cause of the issue.

Thanks,
Steve