Hi, after today’s update to 3.1.0, our site admin was not accessible anymore. This was reported in debug.log:

[16-Oct-2024 11:23:34 UTC] PHP Fatal error: Uncaught Error: Undefined constant “Automattic\Jetpack\Waf\JETPACK_WAF_ENTRYPOINT” in /home/xxxxx/public_html/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-standalone-bootstrap.php:157
Stack trace: 0 /home/xxxxx/public_html/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-initializer.php(187): Automattic\Jetpack\Waf\Waf_Standalone_Bootstrap->generate() 1 /home/xxxxx/public_html/wp-includes/class-wp-hook.php(324): Automattic\Jetpack\Waf\Waf_Initializer::check_for_updates() 2 /home/xxxxx/public_html/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters() 3 /home/xxxxx/public_html/wp-includes/plugin.php(517): WP_Hook->do_action() 4 /home/xxxxx/public_html/wp-admin/admin.php(175): do_action() 5 /home/xxxxx/public_html/wp-admin/index.php(10): require_once(‘/home/xxxxx/…’) 6 {main}
thrown in /home/xxxxx/public_html/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-standalone-bootstrap.php on line 157

[16-Oct-2024 11:23:36 UTC] PHP Fatal error: Uncaught Error: Undefined constant “Automattic\Jetpack\Waf\JETPACK_WAF_ENTRYPOINT” in /home/xxxxx/public_html/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-standalone-bootstrap.php:157
Stack trace: 0 /home/xxxxx/public_html/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-initializer.php(187): Automattic\Jetpack\Waf\Waf_Standalone_Bootstrap->generate() 1 /home/xxxxx/public_html/wp-includes/class-wp-hook.php(324): Automattic\Jetpack\Waf\Waf_Initializer::check_for_updates() 2 /home/xxxxx/public_html/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters() 3 /home/xxxxx/public_html/wp-includes/plugin.php(517): WP_Hook->do_action() 4 /home/xxxxx/public_html/wp-admin/admin-ajax.php(45): do_action() 5 {main}
thrown in /home/xxxxx/public_html/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-standalone-bootstrap.php on line 157

Clearing the auto_prepend_file was our only option to get access again.

It seems like I am stuck on Jetpack Protect version 3.0.0 and it has broken all plugin updates on my site.

I think I manually upgraded Jetpack Protect to version 3.0.0 on September 3rd. So this was before 3.0.1 and 3.0.2 were released. The plugin seemed fine after upgrading to 3.0.0.

I don’t have automatic upgrades enabled.

Now, when I’m trying to update the plugins on my site, I’m getting tons of errors – not just Jetpack Protect, but for seemingly every plugin. I try to update a plugin, I get an error, and then the plugin just disappears from my plugin list.

Fortunately I have backups with Updraft, and that is letting me revert to before these errors.

But I can’t seem to remove Jetpack Protect to fix this issue. If I rename the plugin folder, then delete the plugin, I still get errors when updating other plugins.

This seems to be the error I get when updating the plugin to 3.0.2:
[10-Oct-2024 11:34:46 UTC] Caught error while attempting to refresh plugin update status: Failed opening required ‘/var/www/html/example-com/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-sync/src/class-functions.php’ (include_path=’.:/usr/share/pear:/usr/share/php’)

I was able to update to 3.0.2 after another revert, but the plugin seems to instantly deactivate itself. I then get these upgrade errors on unrelated plugins:
Update failed: The package could not be installed. PCLZIP_ERR_MISSING_FILE (-4) : Missing archive file ‘/tmp/all-in-one-wp-security-and-firewall.5.3.3.zip’

This is the error after trying to update an unrelated plugin:
[10-Oct-2024 11:56:33 UTC] PHP Fatal error: Uncaught TypeError: array_keys(): Argument #1 ($array) must be of type array, bool given in /var/www/html/example-com/wp-admin/includes/class-wp-upgrader.php:560
Stack trace: 0 /var/www/html/example-com/wp-admin/includes/class-wp-upgrader.php(560): array_keys(false) 1 /var/www/html/example-com/wp-admin/includes/class-wp-upgrader.php(887): WP_Upgrader->install_package(Array) 2 /var/www/html/example-com/wp-admin/includes/class-plugin-upgrader.php(237): WP_Upgrader->run(Array) 3 /var/www/html/example-com/wp-admin/update.php(74): Plugin_Upgrader->upgrade(‘all-in-one-wp-s…’) 4 {main}

thrown in /var/www/html/example-com/wp-admin/includes/class-wp-upgrader.php on line 560

I’ve never seen something like this. How can I fix this?

• This topic was modified 1 month, 1 week ago by da5f656f.

This is the error I get:

We are having problems scanning your site.
Failed to fetch Protect Status data from server (failed_fetching_status). Try again in a few minutes.

I also have this error in the console.log:

Store “jetpack-connection” is already registered.

And also, if I access https://mydomain.com/wp/wp-admin/admin.php?page=my-jetpack (as you can see, my wrodpress is installed in a different folder (wp)), in the console log I see these errors:

https://mydomain.com/wp-json/my-jetpack/v1/site/purchases?_locale=user – [HTTP/1.1 400 Bad Request 1458ms]

code”site_data_fetch_failed”
message”Site data fetch failed”

Need to fix this and test it before upgrading to a paid plan.

Hello, I want to buy jetpack product but I am not getting where should I talk to them? Before purchasing there is no direct option to talk then after purchasing the plan how can I contact them? For paid users, do I still need to contact here? or any live chat or any support desk to contact? I have logged in using wordpress account in jetpack but still didn’t find how to contact jetpack support team?

I have installed jetpack protect and in evening time my server load goes high and account connect shows disconnected and it says to reconnect. I tried many times but it doesn’t connect. After evening time it connects fine.

Hi, looking to protect a multisite with the Jetpack WAF, I’m wondering if this is possible with Jetpack Protect and how.

Are all sites in the network are protected when a global auto_prepend_file is set and Jetpack Protect is only activated on the main site? Or does the plugin need to be activated on each subsite individually? If so, can de plugin be activated Network wide?

Thanks for any info ??

Hello,

I’m trying to connect Jetpack Protect to the cloud on my DEV site that is not connected to the internet. Is it possible to whitelist certain traffic/URLs to my DEV site to allow the connection to Jetpack Protect cloud?

My php error log is being flooded with heaps of these messages since at least [06-Sep-2024 15:17:50 UTC].

07-Sep-2024 03:16:18 UTC] PHP Warning: Invalid Jetpack option name: edit_links_calypso_redirect in /home/wcipporg/public_html/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-options.php on line 231

[07-Sep-2024 03:16:19 UTC] PHP Deprecated: Function is_onboarding is deprecated since version 4.0.0 with no alternative available. in /home/wcipporg/public_html/wp-includes/functions.php on line 6085

Latest update crashed my website. This is what I get:

Warning: Invalid Jetpack option name: edit_links_calypso_redirect in /home/site.com/www/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-options.php on line 231

Warning: Invalid Jetpack option name: onboarding in /home/site.com/www/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-options.php on line 231

Warning: Cannot modify header information – headers already sent by (output started at /home/site.com/www/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-options.php:231) in /home/site.com/www/wp-admin/includes/misc.php on line 1438

Warning: Cannot modify header information – headers already sent by (output started at /home/site.com/www/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-options.php:231) in /home/site.com/www/wp-includes/functions.php on line 7108

Warning: Cannot modify header information – headers already sent by (output started at /home/site.com/www/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-options.php:231) in /home/site.com/www/wp-includes/pluggable.php on line 1435

Warning: Cannot modify header information – headers already sent by (output started at /home/site.com/www/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-connection/legacy/class-jetpack-options.php:231) in /home/site.com/www/wp-includes/pluggable.php on line 1438

• This topic was modified 2 months, 2 weeks ago by tramaway.

On Search Console we get a list with thousands (185,000) of URLs “Excluded by ‘noindex’ tag”.

Someone is misusing the WordPress search function to add spam results, which for some reason are getting saved by WordPress/Google.

Example spam URL:

https://traveldudes.com/search/as?????(1-88.live)??????????????????+????????+688???(1-88.live)%2Cas?????(1-88.live)??????????????????+????????+688???(1-88.live)%2Cas?????sp/

https://traveldudes.com/?search?keyword&s=???????????(84lv.com) LV68 ????????????? 1 ?????? ??????????? (84lv.com),???????????(84lv.com) LV68 ????????????? 1 ?????? ??????????? (84lv.com),???????????hd

How can we delete these URLs on the system and how can we block that new ones are getting created?

Hello,

Under site health, it is saying Jetpack found one security threat, but when I go to the Jetpack protect scan page, it says The last Protect scan ran 20 hours ago and everything looked great. I am not sure how to correct the error under site health.

Thank you.

Hello

I installed Jetpack Protect on multiple websites. On most websites it works.

But I have 2 websites with issue:

I click ”Start for Free button” and then the icon keeps spinning forever. Nothing happens.

How to proceed?

doesn’t work, only loading button infinitly
https://i.imgur.com/MWxASjq.png

I’ve had a Jetpack Protect threat for Serious Slider 1.2.4, yet I have 1.2.5 installed. Not sure if there really is an issue with the current version.

Hello,
I’m writing about two issues with JetPack Protect’s vulnerability reporting:

1. Delayed Detection: JetPack Protect flagged this issue today: “GP Premium < 2.4.1 – Reflected Cross-Site Scripting” This vulnerability was patched over a month ago with version 2.4.1. Why did JetPack Protect, which supposedly performs daily scans, only flag this now?
2. Inaccurate Reporting: I updated to version 2.4.1 shortly after its release. However, JetPack Protect is still reporting a vulnerability, despite noting that the issue only affects versions before 2.4.1.

I’m concerned about JetPack Protect’s ability to accurately and promptly report security vulnerabilities. Could you please explain these issues?
Thanks
Will

Hi ,

My site’s health status says it needs improvement because of a critical issue flagged by “Jetpack protect”. All plugins, themes WordPress version are updated to the latest versions. Protect plugin shows a big green tick with a message underneath “ Don’t worry about a thing “ yet not all threats on the left side column are ticked, there is an exclamation mark next to Elementor with a message “ This item was added to your site after the most recent scan. We will check for threats during the next scheduled one”. Pls note Elementor is updated to version 3.21.8

can anyone explain what’s the resolution to this ?

Many thanks

Hi team!

I just wanted to know whether you use Honeypot technology for blocking IP Addresses from logging into WP admin.

Since my website has merely a business card fiunction, I need the WP-Scan just once per day. Thus, JETPACK PROTECT (FREE) works just fine for me.

However, Jetpack protect shows one warning: “Dein API-Token ist nicht mehr gültig” – i.e. “Your API token is no longer valid“

What does this mean? How can I fix this issue?

Does this affect the function of Jetpack protect (so far Jetpack shows messages as “The last full scan was run on: 26. M?rz 2024 01:08” (which is today), and all scan results look fine (each check point shows a green check mark)

Thanks for your support.

• This topic was modified 8 months ago by JKDuck.

Hi, running several sites on a litespeed server, on login I regularly get a blocking notice saying “Votre adresse IP?XXX.XXX.XXX.XXX?a été signalée pour de potentielles violations de sécurité. ?Vous pouvez débloquer votre formulaire de connexion…”

The IP in question is a trusted proxy IP.

I can add the IP to the allow list, obviously, but that does not really address the point that apparently the proxy IP is detected instead of my real user IP.

Is there a way to get the WAF to detect user/attacker IPs correctly?

Need help – Protect is showing 500 errors and says contact support as they can’t auto fix. Can I get some help with this please.

I recently installed the Jetpack Protect plugin to our WordPress site hosted in Pantheon. I enabled the plugin and I see “Scanning your site…”. I don’t see any progress bar. Last week when I scanned this it went for over 20 hours, and I disabled the plugin. I tried the same again today and its over 2 hours and I don’t see any progress. Could someone please help me to find out what is wrong?

Hi,

Is the Jetpack’s Web Application Firewall in DNS-level or in application level?

Thanks in advance!

Is there a way to stop/disable the math captcha please?

(while maintaining use of Protect)

Jetpack Protect correctly says versions <= 2.3.28 of GigPress are affected by a vulnerability, but gives me an alert despite version 2.3.29 being installed.

GigPress (2.3.29)

GigPress <= 2.3.28 – Subscriber+ SQLi
What is the problem?
The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks

GigPress 2.3.29 was released on github by the original plugin authors to address this vulnerability.

• This topic was modified 11 months, 1 week ago by rlwp.

Hi guys!

I have a website that was created by another developer. About a week ago, I installed Wordfence and WP Hide Login to improve the security of my page. 3 days ago, I tried to login to my new login page: https://onlinepetguides.com/brunologin/ and filled Name and Password correctly. I solved the math problem but it always shows: “You failed to correctly answer the math problem”

I refreshed the page but the math problem remains the same for some hours.

I am trying to login for 4 days now with no success.

Can you help me?

I have jetpack on 2 of my WordPress domains. One domain is working while the other one is not connecting. The other domain disconnects from time to time. This is a major problem since there is no real person to speak with.

This message came up. Jetpack can’t communicate with your site because the REST API is not responding correctly.

I haven’t changed anything on my site for this to change my website status.

Under my Site Health status from Jetpack, it alerts me to a security threat that does not exist. How do I get it to go away?

The security threat they identify is real and did exist at one point. However, I have followed the protocol outlined to rectify the situation and my site is no longer being effected by the issue so why won’t it go away?

I have about 5 sites on one server, spanning three different virtualhosts. They all get slammed with fraudulent login attempts, and the attempts themselves eat up my server’s resources.

I installed Jetpack on every site. I also installed a plugin called Simple History where I can see when people try to log in.

After activating brute force protection, I can look on any site and see the same person trying to log in, 7, 14, 21 times, from the same IP address, and they never get blocked. So it seems to me like brute force protection isn’t working at all. Is there a way I an troubleshoot this?

Hello! I need to restore my website after a failure, but unfortunately, I can’t access my login page and was hoping you could provide the logins for me via Jetpack or other way so that my hosting provider could do the rest of the work. ???? Thank you!

I recently started using jetpack-protect and installed it on numerous websites. One by one I started having issues with the websites and have narrowed all down to the jetpack protect plugin. I went to the first website and clicked on deactivate and instantly got the “There has been a critical error on this website.” error. Going in through FTP and disabling the plugin does not resolve the issue. No matter what I change I cannot get the websites back up. It causes this error and all websites stopped working. I could not simply deactivate the plugin? Please help me resolve this as I have multiple websites down because of this.