Wordfence scan on our page does not finish because there are country blocking rules written in root .htaccess on a shared hosting server. If I comment out those rules or if I rename the .htaccess file for the time of Wordfence custom scan it finishes successfully.
#
# BLOCK HTTP ACCESS (ATTACKS)
# Throw a 403/Forbidden for HTTP requests from specified country zones.
#
<IfModule mod_maxminddb.c>
MaxMindDBEnable On
SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE KR BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE VN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE PK BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE UA BlockCountry
# Deny access to country zones specified above
Deny from env=BlockCountry
</IfModule>I would like to make an exception for Wordfence so I don’t need to always rename .htaccess file when i want to run a scan.
I tried to whitelist some of Wordfence ip’s but it did not work > https://www.wordfence.com/help/advanced/#servers-and-ip-addresses
<IfModule mod_authz_core.c>
# Whitelist specific IP addresses
<RequireAny>
Require ip 44.235.211.232
Require ip 54.68.32.247
Require ip 54.71.203.174
Require ip 35.83.41.128
Require ip 52.25.185.95
Require ip 54.148.171.133
Require env !BlockCountry
</RequireAny>
</IfModule>How can I set an exception for Wordfence to finish the scan and keep Country Block protection intact?
Thanks
]]>[Aug 06 10:10:38:1722910238.912387:4:info]?Scan process ended after forking.
[Aug 06 10:10:38:1722910238.653851:4:info]?Starting cron with normal ajax at URL https://sibs.iconcept-staging.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=standard&cronKey=1bdd212389156a3f2bf1da4a35190e87&signature=79b8c0e165cd1e5ddc55702d5f31e0583efb96c6a18a249e5dd229d80ab3c8d6
[Aug 06 10:10:38:1722910238.315286:4:info]?getMaxExecutionTime() returning config value: 20
[Aug 06 10:10:38:1722910238.315025:4:info]?Got value from wf config maxExecutionTime: 20
[Aug 06 10:10:38:1722910238.311033:4:info]?Entering start scan routine
[Aug 06 10:10:38:1722910238.308590:4:info]?Ajax request received to start scan.
[Aug 06 09:22:17:1722907337.749394:4:info]?Calling Wordfence API v2.26:https://noc1.wordfence.com/stats.json
[Aug 05 17:22:49:1722849769.538873:10:info]?SUM_KILLED:A request was received to stop the previous scan.
[Aug 05 17:22:49:1722849769.537945:1:info]?Scan stop request received.
[Aug 05 17:16:59:1722849419.040543:4:info]?Scan process ended after forking.
[Aug 05 17:16:58:1722849418.802134:4:info]?Starting cron with normal ajax at URL https://sibs.iconcept-staging.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=standard&cronKey=9d7d234002cc08cfb50cc50877769150&signature=9e4de027a0e68304e4f7698fbf23505d68aad77ecdced2bbd94ce215c81cf288
[Aug 05 17:16:58:1722849418.554190:4:info]?getMaxExecutionTime() returning config value: 20
[Aug 05 17:16:58:1722849418.554032:4:info]?Got value from wf config maxExecutionTime: 20
[Aug 05 17:16:58:1722849418.551146:4:info]?Entering start scan routine
[Aug 05 17:16:58:1722849418.549386:4:info]?Ajax request received to start scan.
The wordfence cannot start the scan, can anyone help for this?
]]>so please help me for firewall and security for hakers. ]]>
Medium Severity Problems:
* Modified theme file: wp-content/themes/generatepress/assets/fonts/fontawesome-webfont.svg
* Modified theme file: wp-content/themes/generatepress/assets/fonts/generatepress.svg
* Modified theme file: wp-content/themes/generatepress/screenshot.png
Why the same issues are coming again and again and for the same 3 files? And how to fix it?
]]>Wordfence high severity scan shows “unknown file in wp-admin/.rnd”. By clicking “see file” within wordfence scan, it is full of weird and chinese characters
we have on this website updraft plugin. Is this file good or is it malicious?
Let me know, thanks
Best regards,
Yesterday, after discovering that my friend’s website was infected, I installed Wordfence and configured it, then scanned the website.
After the scan I removed / repaired recommended files. Updated / removed outdated plugins.
Now there is one alert displayed after the scan – “/wp-admin/index.php” was modified.
I replaced the file with a fresh one from wp repository, but Wordfence still reports it as modified anyway.
A comparison using Totalcommander shows that both files are identical – the one on the server and the file in the fresh install package.
What could this be about?
Fixing by Wordfence removes dozens of lines of code in the file and causes WP Admin Panel to show a blank white tab.
Thanks in advance,
Kuba
“Scan Failed The scan has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself.”
I ran identical scans on other WP multisites we manage without any issues
Checked with our server people and no issues on their end. Can I get some assistance?
]]>From the logs it looks like the problem started with this RED message:
[Nov 25 05:55:28:1637819728.284143:1:error] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
The following is the latest log entry :-
[Dec 08 11:41:44:1638963704.963221:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=ea642b17b8ae31e7aa666f4dac9908087e1c0f887f2f5f7be955945eb96d83720245fd677a015542d247403d7b93dfa89ad867bbd17569ab1b3af0996d3e04cf0600b336c2f448f4504a4a3e3e6efa8b8a17be4799e6be0e0938f9084c5cbda3&s=eyJ3cCI6IjUuNy40Iiwid2YiOiI3LjUuNyIsIm1zIjpmYWxzZSwiaCI6Imh0dHA6XC9cL3d3dy53b3JjZXN0ZXJtYWxldm9pY2VjaG9pci5vcmcudWsiLCJzc2x2IjoyNjg0NDM4MzksInB2IjoiNy4zLjMzIiwicHQiOiJjZ2ktZmNnaSIsImN2IjoiNy43My4wIiwiY3MiOiJPcGVuU1NMXC8xLjAuMmstZmlwcyIsInN2IjoiQXBhY2hlIiwiZHYiOiI1LjcuMzMtbG9nIiwibGFuZyI6ImVuX0dCIn0&betaFeed=0&action=resolve_ips
[Dec 08 11:41:44:1638963704.214670:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/stats.json
[Dec 08 11:39:19:1638963559.941778:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=ea642b17b8ae31e7aa666f4dac9908087e1c0f887f2f5f7be955945eb96d83720245fd677a015542d247403d7b93dfa89ad867bbd17569ab1b3af0996d3e04cf0600b336c2f448f4504a4a3e3e6efa8b8a17be4799e6be0e0938f9084c5cbda3&s=eyJ3cCI6IjUuNy40Iiwid2YiOiI3LjUuNyIsIm1zIjpmYWxzZSwiaCI6Imh0dHA6XC9cL3d3dy53b3JjZXN0ZXJtYWxldm9pY2VjaG9pci5vcmcudWsiLCJzc2x2IjoyNjg0NDM4MzksInB2IjoiNy4zLjMzIiwicHQiOiJjZ2ktZmNnaSIsImN2IjoiNy43My4wIiwiY3MiOiJPcGVuU1NMXC8xLjAuMmstZmlwcyIsInN2IjoiQXBhY2hlIiwiZHYiOiI1LjcuMzMtbG9nIiwibGFuZyI6ImVuX0dCIn0&betaFeed=0&action=resolve_ips
[Dec 08 11:31:30:1638963090.537119:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=ea642b17b8ae31e7aa666f4dac9908087e1c0f887f2f5f7be955945eb96d83720245fd677a015542d247403d7b93dfa89ad867bbd17569ab1b3af0996d3e04cf0600b336c2f448f4504a4a3e3e6efa8b8a17be4799e6be0e0938f9084c5cbda3&s=eyJ3cCI6IjUuNy40Iiwid2YiOiI3LjUuNyIsIm1zIjpmYWxzZSwiaCI6Imh0dHA6XC9cL3d3dy53b3JjZXN0ZXJtYWxldm9pY2VjaG9pci5vcmcudWsiLCJzc2x2IjoyNjg0NDM4MzksInB2IjoiNy4zLjMzIiwicHQiOiJjZ2ktZmNnaSIsImN2IjoiNy43My4wIiwiY3MiOiJPcGVuU1NMXC8xLjAuMmstZmlwcyIsInN2IjoiQXBhY2hlIiwiZHYiOiI1LjcuMzMtbG9nIiwibGFuZyI6ImVuX0dCIn0&betaFeed=0&action=verify_googlebot&ip=18.206.189.73
[Dec 08 11:31:30:1638963090.242772:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=ea642b17b8ae31e7aa666f4dac9908087e1c0f887f2f5f7be955945eb96d83720245fd677a015542d247403d7b93dfa89ad867bbd17569ab1b3af0996d3e04cf0600b336c2f448f4504a4a3e3e6efa8b8a17be4799e6be0e0938f9084c5cbda3&s=eyJ3cCI6IjUuNy40Iiwid2YiOiI3LjUuNyIsIm1zIjpmYWxzZSwiaCI6Imh0dHA6XC9cL3d3dy53b3JjZXN0ZXJtYWxldm9pY2VjaG9pci5vcmcudWsiLCJzc2x2IjoyNjg0NDM4MzksInB2IjoiNy4zLjMzIiwicHQiOiJjZ2ktZmNnaSIsImN2IjoiNy43My4wIiwiY3MiOiJPcGVuU1NMXC8xLjAuMmstZmlwcyIsInN2IjoiQXBhY2hlIiwiZHYiOiI1LjcuMzMtbG9nIiwibGFuZyI6ImVuX0dCIn0&betaFeed=0&action=verify_googlebot&ip=18.206.189.73.
This entry for 3/12 looks a bit worrying too:
[Dec 03 13:25:53:1638537953.036686:4:info] Scan process ended after forking.
[Dec 03 13:25:51:1638537951.970249:4:info] Starting cron via proxy at URL https://noc1.wordfence.com/scanp/www.worcestermalevoicechoir.org.uk/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=standard&cronKey=e07f0927e79bfc78e61a9005eb921092&k=ea642b17b8ae31e7aa666f4dac9908087e1c0f887f2f5f7be955945eb96d83720245fd677a015542d247403d7b93dfa89ad867bbd17569ab1b3af0996d3e04cf0600b336c2f448f4504a4a3e3e6efa8b8a17be4799e6be0e0938f9084c5cbda3&ssl=1&signature=cb865a1cf4d19808989ad7c81863d2be0ede01e5ddf55cbec491bf698de44afa
[Dec 03 13:25:51:1638537951.967615:4:info] getMaxExecutionTime() returning half ini value: 45
[Dec 03 13:25:51:1638537951.966472:4:info] ini value of 120 is higher than value for WORDFENCE_SCAN_MAX_INI_EXECUTION_TIME (90), reducing
[Dec 03 13:25:51:1638537951.965268:4:info] Got max_execution_time value from ini: 120
[Dec 03 13:25:51:1638537951.963959:4:info] Got value from wf config maxExecutionTime: 0
[Dec 03 13:25:51:1638537951.961501:4:info] Entering start scan routine
[Dec 03 13:25:51:1638537951.957779:4:info] Ajax request received to start scan.
[Dec 03 13:25:46:1638537946.306184:10:info] SUM_KILLED:A request was received to stop the previous scan.
[Dec 03 13:25:46:1638537946.304933:1:info] Scan stop request received.And I have a red message :
]]>ie: Modified plugin file: wp-content/plugins/post-and-page-builder/vendor/composer/autoload_static.php
Type: File
Any suggestions as a clean scan is always nice to achieve. ]]>