53 Scan Warnings -Bulk Delete Needed / Live Traffic shows human access as a bot?

  • Resolved mwarbinek

    (@mwarbinek)


    6 years, 6 months ago

    2 things,

    Bulk Delete
    This is not the first time I posted about this issue and something needs to be done about it now instead of ignoring it.

    As I suggested this several times before, the scan results need a bulk removal feature. This means if I want to mark all 53 entries as all fixed, I should be able to do all this as one action instead of having to address each of the 53 entries individually.

    Having said that again, and again… this is because today I checked the site that had WordFence updated to the new version and as a result I get 53 warning scan entries that all apply to WordFence. So now I have that many entries to deal with and I certainly have no desire to spend my time having to do each one to remove them.

    This kind of thing happened a few times before with other reliable plugins. Way too many scan warnings to deal with, under the current design of the plugin.

    So, question:
    What is the way to address these 53 scan results?

    Human access marked as a Bot
    I did not pay much attention to this before, until now. Every entry in the Live Traffic shows the IP access as a “bot” with the bug icon.

    Why can there be a generic person icon to indicate a human access to the site? – why does it always label the Live IP entry as a bot??

    Thanks

Viewing 10 replies - 1 through 10 (of 10 total)

  • Hi @mwarbinek!

    I presume the warnings you are referring to are the result of local files being out of sync with the repository after a plugin update? This should only happen if you are running a scan at the same time as your plugin is being updated.

    My recommendation for how to deal with them currently would be to just rerun the scan. They should not show up in subsequent scans.

    We are aware of the problem where you will sometimes get warnings about files after a plugin has been updated. It’s on our roadmap and it will be fixed at some point though I can not promise when.

    It sounds like this is happening unusually often on your site though which makes me wonder if WordPress cron is not running very frequently on the site. Does this site have an unusually low amount of traffic? Or can you think of another reason there might be why scans are always kicked off at the same time as plugin updates are?

    The human bot detection in Wordfence is done with a JavaScript that loads on pages on the first visit. This JavaScript detects if any events are fired in the browser which would indicate that the visitor is a human. Examples of such events would be scrolling, moving your mouse etc.

    If you watch Wordfence Live Traffic in a browser where you are logged in and then try to visit your site from another browser where you are not logged in, are your own visits showing up as bots then?

    Thanks!

    Thread Starter mwarbinek

    (@mwarbinek)

    Scans & Updates at the same time
    I have updates set to be automatic and the scans are automatic. I have no idea if the scans and updates occur at the same time because the end result issue does not occur until after the event. The only way for me to address that part of it is set WordFence to manual updates, then when I update I can check to see if the scan is active.

    Question:
    I am supposing that this is a glitch of sorts and can result in the same type of thing if any plugin is being updated at the same time a scan is active? -(this would be good to know).

    Usually on my site
    Everything is usual in my life, nothing is odd or out of this world. That’s my life. :/

    I would have to check if that site has low traffic. Some of my sites I don’t bother with traffic levels because the client did not care about visitor conversions.

    Bot Icon For Human Interaction
    I will have to check that out.

    I could install a pop-up that only activates when a browser window is open vs a Bot, then ask to have it close, that would trigger the mouse event. ??

    All scheduled actions on a WordPress site are triggered via something called WordPress cron (wp-cron.php). WP cron only runs when someone visits the site. Therefore, if you have extremely low traffic on a site, once the site is visited it can cause all scheduled tasks that have stacked up over time to run all at once.

    Similarly if you have restricted access to wp-cron.php to only specific IP addresses this could cause scheduled tasks to only be executed when those IP addresses visit the site.

    Do you usually find out about the false positive scan warnings from plugin updates via scan emails, or do you find them because you enter the site and look at the scan log?

    Thread Starter mwarbinek

    (@mwarbinek)

    Restricted IP Access / Cron jobs
    can you give an example that is most common for a public site?

    I ask because I can only think of this referring to a private access site and users having to log into the site to use it.

    False Positives
    When I log in and review the scan results.

    Thanks

    It’s not very common to restrict access to wp-cron.php but sometimes people will copy paste things in to .htaccess intending to protect the site from something and end up with unexpected results.

    Is a scan typically running or just completing every time you visit the WordPress admin?

    Thread Starter mwarbinek

    (@mwarbinek)

    The htaccess files do not have anything special in it other than what WordFence inserts into it. The only time I insert code into the htaccess file is for my own sites, not for client sites.

    The scan is sometimes still running when I access the WordFence page to view it and sometimes it has already finished.

    Hi again,

    Thanks for the additional information. And when a Wordfence update is released, on how many of your sites do you get file modified warnings right after the update?

    Thread Starter mwarbinek

    (@mwarbinek)

    I do not know, this issue is infrequent so it is hard to pin any pattern to it, but I will keep that in mind for next time.

    That sounds great thank you. We are aware that this issue happens occasionally but if it’s happening on many of your sites at the same time, there must be some issue that is exacerbating it. If you can make note of those details next time it happens, that would be super helpful. Namely
    – Did it happen on more than one site at the same time?
    – Which plugin/files are you getting warnings about?
    – If you run another scan right after, do you still get the warnings?

    Thanks in advance!

    Hi @mwarbinek,

    We haven’t heard from you in a while. I’ve gone ahead and marked this thread as resolved.
    Feel free to open another thread if you are still having issues with Wordfence.

    Thanks!

    Dave

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘53 Scan Warnings -Bulk Delete Needed / Live Traffic shows human access as a bot?’ is closed to new replies.