How 2 disconnect cloned site from Wordfence Central

  • Resolved Jos Klever

    (@josklever)


    4 years, 4 months ago

    Site A is connected to Wordfence Central when it’s cloned to site B. After that notifications from both sites are reported under as if it was from site A.

    How can I disconnect site B without disconnecting site A?

    If site B is disconnected, site A is removed from Central. Site B isn’t shown in Central so can’t be removed from that side.

    In my opinion site B should be disconnected automatically because the domain is not the same as how it’s connected to Central. Or a notification should be shown to remind the site admin to make a new connection to Central.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @josklever, thanks for your query.

    I think that Site B as a ‘clone’ is reporting back as Site A because the Site A’s domain will still be set as admin_url in /wp-json/wordfence/v1/authenticate.

    If you alter Site B’s domain here, it should then stop reporting back as Site A to Central and Site B can either be left disconnected or added to Central as its own site as you see fit.

    Thanks,

    Peter.

    Thread Starter Jos Klever

    (@josklever)

    Hi Peter,

    Thanks for your reply. That might indeed be the case, but what if site B is not under my control? The clone is created by a third party developer on it’s own server.

    It’s also not quite clear how I could the setting even if I did have access to the site. Can you please give me the steps to take?

    In the end I think some check needs to be added in the code of Wordfence.

    Thanks
    Jos

    Plugin Support wfpeter

    (@wfpeter)

    Hi @josklever,

    I’ve had a word with my colleagues working on Wordfence Central. The best way to remedy this setting is to contact the third-party developers and instruct them to log in to Site B as an administrator and select Wordfence > Dashboard, then click “Disconnect This Site” under “Wordfence Central Status”.

    Thanks again,

    Peter.

    Thread Starter Jos Klever

    (@josklever)

    That’s not gonna work, like I described in my original post, because it removes site A from Central and that’s not what we want.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @josklever,

    I have spoken to the Central team again, and they think that disconnecting one (or both) of the sites using the method we described above, then connecting Site A freshly again should keep Site B disconnected rather than recreate the same problem.

    The reason we’re currently not treating the different domains as separate sites in this case is that some sites have multiple domains pointing to a single WordPress installation, and that’s how this is seeing the clone with no further action taken.

    The disconnection and re-connection process should help Wordfence Central see these as the separate sites that they are.

    Thanks again,

    Peter.

    Thread Starter Jos Klever

    (@josklever)

    Hi Peter,

    I know that workaround, but I hope Wordfence can create a more reliable solution, so we don’t have to search for copies of the site, ask the developer to disconnect the copy, so I can disconnect and reconnect the correct site again. It’s too much work and in fact a security issue.

    Not only I receive notifications from site B that I try to solve on site A, because I don’t know they are coming from site B. If the developer disconnects site B without telling me, site A is removed from Central without any notification to me. So I keep thinking that all my sites are in Central, while some may have disappeared and I can’t monitor the security anymore.

    So I’m not looking for a workaround I already know. I’m looking for a solution.

    Thanks,
    Jos

    Plugin Support wfpeter

    (@wfpeter)

    Hi again @josklever, I have sought some more information for you around this.

    In short, there isn’t currently a way that will “just work” without intervention of some kind. However, there is a way that your developer can disconnect Site B without telling Wordfence Central, therefore not disconnecting Site A in the process.

    After cloning a site, your developer could run the following query as part of their checklist:

    DELETE FROM wp_wfConfig WHERE name LIKE 'wordfenceCentral%'

    The reason Wordfence Central can’t use the domain alone to determine if the site is different is because some of our customers’ sites are configured to serve multiple domains from a single WordPress installation. We may be able to develop a solution/option at our end in future so that a cloned site can be forced to specify that it does not serve multiple domains. However, with all development requests, we can ensure they are discussed and scheduled, but cannot commit to a confirmed release date at this stage.

    Thanks,

    Peter.

    Thread Starter Jos Klever

    (@josklever)

    This might a solution in some cases, but only if I know that the site has been cloned and by who. I’m managing many sites for clients, so I don’t always have the ability to contact these developers directly and their technical skills might also differ.

    And if such a developer deactivates the Wordfence Central connection, I don’t get notified.

    I understand that there is no solution at this moment, but I hope these issues will be addressed in the near future. If the team wants to discuss this any further, please let me know.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘How 2 disconnect cloned site from Wordfence Central’ is closed to new replies.