Thank you
]]>Congratulations to the developers.
]]>What is this file xmlrpc.php
Seems to be a common hit for dodgy person where Wordfence blocks it automatically. Then I block the IP address separately also.
Is this a file that gets injected when a site is compromised?
Thanks
Kristin
]]>I have done a scan on client site and wordfence has picked up some MEDIUM possible issues but they could possibly be false positives as I updated those plugins the day before.
Also it picked up a User who’s password was not strong enough. I had already put this username with NO ROLE on the website, can this still be hackable ?
Modified plugin file: wp-content/plugins/storefront-footer/vendor/automattic/jetpack-composer-plugin/CHANGELOG.md
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/storefront-footer/vendor/automattic/jetpack-composer-plugin/src/class-manager.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/storefront-footer/vendor/composer/installed.json
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/storefront-footer/vendor/composer/installed.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/woo-bulk-editor/classes/models/products.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/woo-bulk-editor/index.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/advanced-access-manager/application/Service/Jwt.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/advanced-access-manager/application/Service/LoginRedirect.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/advanced-access-manager/application/Service/LogoutRedirect.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/advanced-access-manager/application/Service/Metabox.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/advanced-access-manager/application/Service/Multisite.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/advanced-access-manager/application/Service/NotFoundRedirect.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/advanced-access-manager/application/Service/Route.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
- Modified plugin file: wp-content/plugins/advanced-access-manager/application/Service/SecureLogin.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/advanced-access-manager/application/Service/Toolbar.php
Type: File
Issue Found 02/07/2024 1:02 am
Modified plugin file: wp-content/plugins/advanced-access-manager/application/Service/Uri.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Modified plugin file: wp-content/plugins/advanced-access-manager/application/Service/UserLevelFilter.php
Type: File
Issue Found 02/07/2024 1:02 am
Modified plugin file: wp-content/plugins/advanced-access-manager/application/Service/Welcome.php
Type: File
Issue Found 02/07/2024 1:02 am
Medium
Please advise.
Thanks
Kristin
]]>I love your plugin, have it for another client site also and has worked well. So I’ve installed it on another client site.
Client site seems to be compromised with some dodgy files.
Only seems mainly to be in the Storefront theme area which I have removed the files etc and rescanned with Wordfence.
It is picking up a file that could possibly be edited, plugin.php and class-wp-hook.php both in the wp-includes directory of wordpress.
All plugins are updated also and Storefront theme.
I have already updated WordPress to the latest so I would have assumed those files would have been overwritten in the upgrade. I suppose unless they are DODGY files than they won’t be overwritten as they would be just added as extra file NOT being overwritten.
Is there somewhere where I can upload just these particular files and just upload those files to be overwritten and/or COMPARE original wordpress files for 6.5.5. to what I have on client site to remove files that shouldnt’ be there?
Wordfence seems to have picked up some dodgy files in Storefront on client site. Wordfence has picked up in storefront/assets/images/credits-cards/elastic-slider.php (I have sent a support ticket to Storefront also so I know what I can remove etc)>
Wordfence seems to have picked up some dodgy files in Storefront on client site. Wordfence has picked up in storefront/assets/images/credits-cards/elastic-slider.php
and storefront/asets/images/admin/welcome-screens/wpzhijdengl.php which I assume are dodgy files.
..storefront/assets/images/customizer/starter-content-products/hoodie-with-zipper.php (seems dodgy also).
What about this one: storefront/assets/images/admin/welcome-screen/automattic.php ? Should that be there or dodgy ? Is there supposed to be an actual welcome-screen directory?
Seems to be some additional php flies that shouldnt’ be there in those directories ..
Can I just delete ALL files under the credit-cards directory, do I need them? I would rather delete if I can to remove the dodgy files,.
If you could please advise HOW I can compare actual files from WordPress core to see which ones have been edited OR how to replace those particular files that have been edited?
I know WordPress free version can do a scan and let me know which files could be compromised which is very helpful.
Then I remove the dodgy plugin that keeps getting installed wpzhijdengl so a function or compromised file must be somewhere which keeps getting changed …
I found this error log which would help to figure it out I think.
Where can I get a copy of the file to replace class-wp-hook.php and plugin.php (maybe they are not supposed to be there OR have been edited) ? It has found my username in there (I have renamed it here to admin-new) which is obviously not my actual username but changed for purpose here.
[28-Mar-2024 07:02:35 UTC] PHP Fatal error: Uncaught ArgumentCountError: Too few arguments to function wc_maybe_store_user_agent(), 1 passed in domain.com.au/wp-includes/class-wp-hook.php on line 307 and exactly 2 expected in domain.com.au/wp-content/plugins/woocommerce/includes/wc-user-functions.php:861 Stack trace: #0 domain.com.au/wp-includes/class-wp-hook.php(307): wc_maybe_store_user_agent(‘matigan’) #1 domain.com.au/wp-includes/class-wp-hook.php(331):
WP_Hook->apply_filters(”, Array) #2 /domains.com.au/wp-includes/plugin.php(476): WP_Hook->do_action(Array) #3 domain.com.au/wp-content/themes/storefront/assets/images/admin/welcome-screen/wpzhijdengl.php(12): do_action(‘wp_login’, ‘matigan’) #4 {main} thrown in domain.com.au/wp-content/plugins/woocommerce/includes/wc-user-functions.php on line 861 [17-Jun-2024 02:01:17 UTC]
PHP Fatal error: Uncaught ArgumentCountError: Too few arguments to function AAL_Hook_Users::hooks_wp_login(), 1 passed in domain.com.au/wp-includes/class-wp-hook.php on line 324 and exactly 2 expected in /domain.com.au/wp-content/plugins/aryo-activity-log/hooks/class-aal-hook-users.php:29 Stack trace: #0 domain.com.au/wp-includes/class-wp-hook.php(324):
AAL_Hook_Users->hooks_wp_login(‘admin_new’) #1 domain.com.au/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters(”, Array) #2 domain.com.au/wp-includes/plugin.php(517): WP_Hook->do_action(Array) #3 domain.com.au/wp-content/themes/storefront/assets/images/admin/welcome-screen/wpzhijdengl.php(12): do_action(‘wp_login’, ‘admin-new’) #4 {main} thrown in domain.com.au/wp-content/plugins/aryo-activity-log/hooks/class-aal-hook-users.php on line 29
So my question is WHAT can I DELETE that is not required to remove these dodgy people?
Thanks
Kristin
]]>Can Wordfence block the Customer Login area for all customers?
Our standard Customer login is domainname.com.au/customer which has the WordPress standard LOGIN shortcode there.
For some reason NO-ONE can click and type the Username & Password in here to login on this page. It is NOT greyed out but you cannot click with your mouse and type inside the field at all.
Very strange, so was assuming something in your plugin security is causing this issue so no-one can login via that area?
Please advise urgently.
Thanks
]]>My hosting company said that the only issues they could see was the Wordfence Security was blocking certain content being loaded.
Any help would be greatly appreciated with this!
]]>Does your plugin BLOCK Customer login from My Account page or the general Customer Login screen?
My client is using your plugin for security purposes for the website. Woocommerce website.
I notice recently that I CANNOT click on the domainname.com.au/customer page where it has the Customer login details so they can login to their Woocommerce account.
I have to click on the TAB button to get to the Username field AND the password field. This is very strange, never seen this before.
We have just had 3 customers who say they CANNOT view their previous orders in their MyAccount. But I have just realised that possibly WHY they cannot is because they CANNOT actually click on the “ORDERS” link in the MyAccount. Nothing is clickable at all on this page. They CANNOT click on the “Dashboard ” in My Account, they cannot click on “Downloads” and “Change Address” in MyAccount either.
This is very strange
So now I am assuming that this is something to do with a security thing in your plugin maybe blocking it ?
Can you advise whether that could be something like that causing this please?
Thanks
Kristin
]]>When I log in to the backend, I get an error. I tried several times and it still happened.
After I disabled the plugin Wordfence Security, I could log in normally. How can I solve this problem?
Thanks
]]>“The Wordfence Web Application Firewall has blocked 278 attacks over the last 10 minutes. Wordfence is blocking these attacks, and we’re sending this notice to make you aware that there is a higher volume of attacks than usual.”
thank you
]]>