Bad 502 Gateway Error NGINX

Hello @copiaurbietorbi and thanks for reaching out to us!

“Error 502 – Bad Gateway” typically comes either from your server itself or a proxy that might be sitting in front of the server. Wordfence should not produce any 502 errors. What exactly does the 502 error say that might provide some additional information?

Was your firewall in Learning Mode by mistake or was it intentionally in Learning Mode to get it to work with certain actions? The firewall should still block any malicious content from your website.

https://www.wordfence.com/help/firewall/learning-mode/ is a great reference for information on Learning Mode.

Let me know if any of this helps!

Thanks!

Hello WFAdam,

Thank you for getting back to us. We are still having the issue. It doesn’t add any more information other than the message Bad 502 Gateway NGINX. When you mention the issue could be a proxy that might be sitting in front of the server, do you mean from our ISP side or the web hosting side?

We don’t know if the plugin switched to learning mode when we began the changes on the site. We had the option “Disable Code Execution for Uploads directory” activated before and we disabled it. We thought it could be responsible of the issue, but it seems that it isn’t.

The firewall is enable and protected.

Thank you for your help.

Hello @copiaurbietorbi

Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

I would like to check some things to ensure this isn’t an IP issue.

Thanks!

Hello WFAdam,

Thank you for getting back to us. We sent the report with the username used here for this issue as requested.

In advance,thank you for your help and interest.

Hello @copiaurbietorbi

Nothing jumps out at me as an issue on the diagnostics. All the IPs seem to be normal and talking to the hosting server correctly.

Our next step would be trying to grab the RAW access logs whenever you see this issue occur. Next time you see the 502, note the time and send the RAW access to wftest @ wordfence . com. Make sure to use your forum username in the subject line.

Let me know what you find and if you send the logs here.

Thanks!

Hello WFAdam,

Thank you for getting back to us. Where can we find these RAW access logs? Because just now we tried to access the diagnostics tab on tools in the plugin and it went to 502 directly. We tried to access other sections and inclusively clear cache, but we couldn’t.

When got a 404 when we tried to test our WordPress host’s available memory.

Thank you for your help.

Hello @copiaurbietorbi

At this point, I recommend resetting Wordfence. If you are only getting the errors when trying to access Wordfence settings, I recommend following this help document to reset:
https://www.wordfence.com/help/advanced/remove-or-reset/

This will walk you through removing Wordfence and reinstalling.

Let me know if this helps at all!

Thanks!

Hello WFAdam,

We followed the guide and we tried to do a fresh reinstall of Wordfence while enabling the option “Delete Wordfence tables and data on deactivation”.

We then proceeded to deactivate the plugin, because we wanted to activate Wordfence again to get a fresh installation, more than deleting the plugin.

After clicking on deactivation we noticed that all the site was gone. Blank. We waited for a few minutes thinking that it was part of the fresh start process but it remained like that. It seems the site just crashed.

Now we cannot access the website via wordpress anymore. Any suggestions as to how to get our access back? We have no clue as to what happened here.

Thank you for your help and prompt response.

Hello @copiaurbietorbi

With some hosting sites, you have to Disable the Firewall Optimization before resetting the plugin.

To remove the Optimization manually, depending on your server’s setup, you may have changes in the files .htaccess, .user.ini, and php.ini, all in the site’s main directory. Wordfence surrounds its code with comments “Wordfence WAF” and “END Wordfence WAF” in the files it modifies. You can remove the code between these comments in these files:

• .htaccess code varies by server configuration but is surrounded by the comments mentioned above
• .user.ini is only used on some server configurations, but if it exists, Wordfence code is surrounded by the comments mentioned above
• php.ini is only used on some server configurations and would have a single line beginning with “auto_prepend_file”
• You can then remove the file wordfence-waf.php in the site’s root folder after the files above are updated.

Important: If your host uses .user.ini or a PHP cache, the changes can take 5 minutes or so to go into effect. You may see white screens or error messages during this period.

You might also have to rename the Wordfence folder in the plugins folder to something like “wordfence_temp”. This will temporarily disable wordfence.

Let me know if this helps!

Thanks!

Hello WFAdam,

Thank you for getting back to us. After not getting any response from the plugin we tried to go back and access the site on wordpress but we simply couldn’t. We waited more than 5 minutes.

We then procedeed to rename the plugin on cpanel. We tried to get access, but also with no success. All we got was the white screen with no possibility to see the normal user name and password access given by wordpress via wp-admin.

We deleted the plugin file from wp-content/plugins when we noticed the remedy of changing the name didn’t work (unfortunately we are still learning how to manage cpanel).

We are going to check the files you mention and see if there is something there from the plugin. We have to tell you though,

1. We didn’t find any wflogs folder located in wp-content.
2. We didn’t find any wordfence-waf.php located in the root of you WordPress installation.
3. We didn’t find any wordfence related database tables from the database.

Perhaps (or most likely) we didn’t check in the right places.

We like your plugin and we will like to give it a try once more and see if a new installation would fix the issue that we are having, but your guidance to find the files for removal and also regaining the access to our website will be tremendously appreciated.

Thank you for your help and interest.

Hello WFAdam,

UPDATE:

We managed to regain access to the website after deleting the code on the ini.user file.

We found the code you mentioned that we could find in php.ini under the ini.user file as a single line beginning with “auto_prepend_file”. We didn’t find any php.ini file.

As mentioned before, we didn’t see or find any more traces of your plugin in cpanel. What else can we do to make sure this is the case?

We felt that the site was running faster while working with it on the wordpress dashboard though. So far we haven’t experienced any 502 NGINX errors.

We ran several speed tests, but we didn’t find evidence that not using the plugin was making the site any faster. Great news!

While debugging the .htaccess files, we found traces of the code used by you when you had the falcon cache option. We can send this code to you using the email you provided before to see if it is save to delete it before we re-install the plugin again.

Thank you for your help and interest.

@copiaurbietorbi

This is great news! Glad you were able to find it. I would suggest removing the code in the htaccess file to ensure a good clean install. Then you should just be able to install the plugin and set it up how you need it.

Thanks for the update!

Hello WFAdam,

What email can we use to send the information that we have on our .htaccess file? We understand it has sensitive information of the site and we want to make sure that we are not deleting something that we shouldn’t.

Thank you for your help and interest.

Hello WFAdam,

UPDATE again.

We managed to remove the code needed in the .htaccess file. Now the question is what do we do to make sure there are no traces of the plugin in the site via cpanel?

Thank you for your help.

Hello @copiaurbietorbi

Wordfence surrounds its code with comments “Wordfence WAF” and “END Wordfence WAF” in the files it modifies. You can remove the code between these comments in these files:

.htaccess code varies by server configuration but is surrounded by the comments mentioned above

.user.ini is only used on some server configurations, but if it exists, Wordfence code is surrounded by the comments mentioned above

php.ini is only used on some server configurations and would have a single line beginning with “auto_prepend_file”

You can then remove the file wordfence-waf.php in the site’s root folder after the files above are updated.

As long as you follow this, you will be fine.

https://www.wordfence.com/help/advanced/remove-or-reset/#remove-or-reset is a good reference for this

Thanks again!