Cannot access site after switch from Wordfence to Solid Security

  • Hi there,

    I’ve been using WordFence on this site for several years. But when I recently discovered your plugin and found it clean and handy, I just really liked it! So I wanted to switch. I disabled WordFence and simply uninstalled it (now I know that was too easy), then installed Solid Security and set it up according to the YouTube tutorial by Matt (WPress Doctor) – https://youtu.be/VL5j_YJgnLM?si=do_EBHzmkMeuXKVI

    When I tried to login for the first time after setting it up, I wanted to set up 2FA, but after scanning the QR code and entering the code, I couldn’t get to the site. I disabled the plugin via FTP, but was still unable to load the site. I then tried using a hotspot on my phone and it worked. So it seems that the IP address of my WIFI router is restricted by a security plugin. I checked the settings – and by the way, I use Solid Security on other sites without any problems – but I couldn’t see what was wrong.

    I thought it might be a conflict between Solid Security and old WordFence files. I read an article on how to properly uninstall WordFence, where I learned to install the Wordfence Assistant plugin to get rid of abandoned WordFence files and database entries, which I did, and it seemed to work (it said all data was deleted).

    However, the problem reappeared when I tried to log in the same way as before and tried to set up 2FA. So I checked the log file and still found lots of Wordfence entries.

    I then thought that maybe resetting Solid Security would help, and found that the site scan wasn’t working properly: When I run the scan, plugins, themes, WordPress core and Google SafeBrowsing all show a red X (no checks).

    Okay, and here I am. I don’t know how to solve this problem. Please take a look – I really appreciate your advice.

    Thanks a lot in advance!

    Kind regards, Nic

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support kmarusek

    (@kmarusek)

    Hey Nic,

    You’ve come to the right place; let’s get this sorted.

    So based on what I’m reading these issues are coming from two different things. So I’m going to address them as such.

    1. Your device is being blocked or potentially locked out.
    I’m still not 100% certain I follow what is happening here. You attempt to set up 2FA, at which point you’re unable to navigate to the site “I couldn’t get to the site”? When you type the url of the website are you seeing anything at all or does the site come up as a 500 server not found error? If you do see something and it says something about a “lockout” or “restriction” it’s possible you triggered an IP lockout/ban for the device having difficulty accessing the website.

    If you’re seeing a restricted access or lockout message; using the secondary device – navigate to Security > FIrewall > IP Managment > Active Lockouts here, look for your the IP of the device experiencing issues, clear the IP from the list and add it to the Authorized IPs list.

    2. Manual Site Scans fail on plugins, themes, WordPress core and Google SafeBrowsing.
    This is triggered when your Logging setting is set to Database only, you can find this setting via Security > Settings > General Settings, and then scrolling down to the Logging section. Make sure you change it File Only or Both if you’d like to fix this issue.

    Keep me posted on if this helps resolve the issues you’re experiencing!

    Very Best,

    Kevin M
    SolidWP Support

    Thread Starter Visual Vision

    (@visualvision)

    Hello Kevin,

    thank your for your reply.

    First I want to answer to your second point: I set the logging setting to “Both” (it was set to “File only”). Now the site scan works perfectly. Thanks for that!

    The other issue concerning setting up two factor is still pending – here’s step by step what I did:

    1. I switched on 2 Factor in Solid Security (enabling all login possibilities) without the possibility to skip it.
    2. Logout
    3. Login: enter URL for the login-window (the hidden site login url)
    4. type in my credentials
    5. pick the set up option for “mobile” authentication
    6. I scan the code with the Google Authentication App (which works perfectly for my other sites) and then hit enter.
    7. Then it takes a loooong time loading … and finally my site is not accessible anymore (“Safari cannot open the page “https://….” because the server on which the page is located is not responding.” or in Chrome “The website is not available”).
    8. I don’t get notifications of being logged out by Solid Security via email.
    9. I then login in with another device and then look up the “active logouts” but nothing is listed.

    I also tried sending an email for reminding my user to set up two factor and then used the link I got via email. When getting to the login window and further to the 2 factor setup window, I see all possibilities marked as “deaktiviert” (deactivated/disabled) and only next to email the link saying “aktivieren” (activate). When I try this I don’t get a verification code via email.

    One time I saw a message of WP Armour Honeypot (I use to prevent spam in comments) on the login screen and deactivated that plugin via FTP because I thought that this could cause problems. But still the login-issue with solid security persists.

    I always can reach the website via mobile even when I’m connected to my computer via hotspot from my mobile and cannot reach the site on that device, on my mobile it’s always available. hmmmm….

    I hope that I provided enough information for you to get an idea what may cause these problems on my page. Please have another look.

    Thank you in advance & very kind regards,

    Nic

    Thread Starter Visual Vision

    (@visualvision)

    Now I logged in again and found a message in security > logs > tab notes: in brut force module it says “invalid login” and lists my IP. Of course I list my IP in “Authorized IPs” …

    Thread Starter Visual Vision

    (@visualvision)

    Now I have this issue with another of my websites: https://teofitness.at

    Please help!

    Thread Starter Visual Vision

    (@visualvision)

    After e certain time I can access the website again. I didn’t check the time exactly but I guess it’s the range I entered in settings being blocked. I checked the logs and found one entry (highlighted in red) concerning file modification, marked as serious error. It’s my user. How can I set my user authorizations so that I am not registered as a hostile user and therefore blocked?

    And again: I didn’t get any emails reporting that serious error or file changes or anything, just could’t load the website. And there was no report of being blocked via email…

    Thread Starter Visual Vision

    (@visualvision)

    Any ideas how I can set up 2 FA without blocking myself?

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.