wfyann

Hi @lordsnake,

Thanks for the update. I’ve discussed this topic with my colleagues and we’re still unsure of what’s happening.

Could you please check in “wp-admin/” if there’s a directory named “C”? If so, is it a symlink?

Also, now that you’ve marked the aforementioned issues as fixed, are they still reported when you run a new scan?

Hi @scruffy1,

On IP Location most services report that IP as being from Ireland; only one mentions Singapore.

It could be that the address is in the process of being reassigned –or that one provider could be incorrect.

Hi @ajan121,

Have you checked the “Wordfence –> Tools –> Diagnostics” page to make sure that all checks in the “Filesystem” and “Wordfence Config” sections read OK?

Now as you’re using the Premium version I advise you to contact our Premium Support team.

Hi @mikygo123,

As per the WordPress forum guidelines, please make sure to start your own topic so we can further assist you.

Hi @shirtsngiggles,

Can you see any errors in the browser console when you get that blank page?

Could you temporarily switch to a default theme –if you’re not already using one– and disable all other plugins then reactivate them one by one to see if the issue is related to a conflict?

To do so I recommend the “Health Check” plugin which allows you to disable all plugins and switch to a default theme, but only for your user.

Hi @amber887,

Can you see any errors in the browser console when you’re trying to access the “Firewall ” or the “Blocking” pages?

Could you try temporarily switching to a default theme –if you’re not already using one– and disabling all other plugins then reactivating them one by one to see if the issue is related to a conflict?

To do so I recommend the “Health Check” plugin which allows you to disable all plugins and switch to a default theme, but only for your user.

• This reply was modified 6 years, 11 months ago by wfyann. Reason: Added link to troubleshooting doc

Hi @lordsnake,

Could it be that you’re actually accessing a “cached” version of your old site? Or maybe that the DNS entry still points to that Windows host?

If you open the the Wordfence System Info page:

• Go to the Wordfence Tools page
• Click the Diagnostics tab
• In the Other Tests section (near the bottom of the page), click the link that reads “Click to view your system’s configuration in a new window“

and check the first line on that page (System); what does it say?

Hi @graami,

Can you please confirm with your hosting provider if you have a front-end proxy?

If you select the “Let Wordfence use the most secure method to get visitor IP addresses” option are IP addresses accurately detected?

Hi @ostinatofreak,

It could be that the attacker is now trying to exploit a “file upload vulnerability” they previously implemented (the malicious files you detected) or it could be random attempts.

You can find more information on Malicious File Uploaders in our Learning Center and I also recommend our site cleaning guide.

• This reply was modified 6 years, 11 months ago by wfyann. Reason: Added link to Learning Center article

Hi @digbymaass,

The “/?wordfence_syncAttackData=” that you see in the URLs in your “Live Traffic” feed is used to update the Wordfence “Live Traffic” page with information. However, such entries shouldn’t appear there.

Could you please load the whole URL (including the “?wordfence_syncAttackData” parameter) in your browser and let me know what you get (blank page, homepage, 404 error page, etc…)?

Also could you please:

• Go to the Wordfence –> Tools page
• Click the Diagnostics tab
• Hit the Send Report by Email button
• Send the report to yann[at]wordfence[dot]com

Hi @korshiun,

This confirms that Wordfence is either able to access/read the content of the “.user.ini” file or that it is getting the “auto_prepend_file” directive from somewhere else; it could be set in “php.ini“.

Would you mind sharing the “.htaccess” rule you believe is blocking Wordfence from accessing the “.user.ini” file?

Hi @bannec,

There are several reason why your site might not be able to connect to Wordfence servers.
I suggest you follow our scan troubleshooting guide and check with your hosting provider if anything is preventing your host from reaching our servers.

Should the issue persist please start a new topic so we can further assist you.

Thank you.

Hi @evelynmsdesigngraphicscom,

Could you please share the two IP addresses you’re not able to add to the blocking list?

Also please check again the browser console; both the console and network tabs to see if there any errors.

Regarding the PHP logs please see the “Log Files” section on the “Wordfence –> Tools –> Diagnostics” page or reach out to your hosting provider so they can help you locate the log PHP “error_log” file.

Alternatively you could enable WP_DEBUG and check if any log files is generated.

Hi @skygazer,

Thank you for your input.

At the moment it is indeed not possible to edit an existing custom blocking pattern. However you can use the filter to only display a specific block type (in this case, “Advanced Block”); then you can choose to select and delete/unblock that custom pattern.

I created a feature request in order to keep track of your remark and to allow us to discuss it internally.

Hi @11whyohwhy15,

Thanks for letting us know!

I see that the plugin author has indeed released an update (3.0.10.4) which fixes the issue.