Wordfence blocking Joomla updates

  • Resolved Evolvingdoor

    (@evolvingdoor)


    6 years, 9 months ago

    I am doing testing on various plugins and extensions for both WordPress and Joomla that are installed in the same web space as another WordPress site (let’s call it WPlivesite). They are each installed in their own subdirectory (public_html/subdir1, public_html/subdir2, etc). I just did a fresh installation of WordPress (we’ll call it WordDEV) and Joomla (we’ll call it JoomDEV), and I installed Wordfence on the WordDEV site. However, now I can’t make changes to the JoomDEV site, and what comes back is the message:

    403 Forbidden
    A potentially unsafe operation has been detected in your request to this site.
    Generated by Wordfence at Sun, 4 Feb 2018 1:01:02 GMT.
    Your computer’s time: Sun, 04 Feb 2018 01:01:03 GMT.

    I’ve seen this before when I was trying to set up DEV sites in this hosting space. It looks like Wordfence is detecting changes in the public_html directory or maybe in other subdirectories, and it assumes it’s something bad so it shuts it down?? I thought putting the other sites (including WPlivesite) in their own subdirectories would solve it, but it hasn’t.

    I reinstalled the Joomla site today because I couldn’t get the previous days-old installation to update an extention, citing something about an AJAX file-not-found error, so I thought I would just start from scratch. That hasn’t worked.

    To test this further, I tried installing a new plugin in WPlivesite and had no errors or problems at all. So for some reason Wordfence just doesn’t like Joomla. At that time I had not “introduced” the two Wordfence installations to each other but I have now. Still no change for the Joomla site. I also made sure Wordfence is in learning mode on WordDEV. The weird thing is that even though it’s Wordfence giving the error message, it doesn’t show any live traffic at all, never mind anything that’s been blocked.

    Can someone please help? Many thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter Evolvingdoor

    (@evolvingdoor)

    I really need to figure out what the problem is with this. Can someone please help me?

    Again, to summarize: I have a Joomla site (public_html/JoomDEV) installed in the same web hosting account as 2 WordPress sites (public_html/WordDEV). Each website installation is in its own separate directory off of public_html. As far as I can tell, none of them have any need to go outside of their own directory.

    The problem is: I can’t update the Joomla software because I get a 403 error *from Wordfence*. I just don’t understand why Wordfence would be guarding activity happening outside of its installed website directory? And why/how would it even be aware of it? And more to the point: what can I do to fix this?

    Thank you in advance for help with this.

    • This reply was modified 6 years, 9 months ago by Evolvingdoor.

    Hi,
    When you optimize the firewall in Wordfence, a similar line to this one:
    auto_prepend_file '/var/www/wp/wordfence-waf.php'
    will be added to .htaccess/.user.ini file depending on your server configuration, this will load the firewall before anything else on your website, so that attacks can be blocked before reaching to your website. Although switching the firewall to “Learning Mode” should whitelist these requests and for some reason this didn’t work for you, I suggest creating either .htaccess or .user.ini (depending on your server configuration) in the Joomla directory, with the same line from your WordPress directory but with “none” instead of “wordfence-waf.php” like this:
    auto_prepend_file none

    That should disable the firewall in this directory, let me know how it goes.
    Thanks.

    Thread Starter Evolvingdoor

    (@evolvingdoor)

    Hi wfalaa,

    Thanks very much for your reply! I just tried this, adding “auto_prepend_file none” to the end of the .htaccess (Apache) in the Joomla site’s top directory. But I got a 500 Internal Server error when trying to access the front or back ends. The message adds: “Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.”

    So, I commented out the line and had another idea to try. Maybe the problem isn’t coming from the Dev site’s Wordfence, but from the Live site’s Wordfence (which would be out of Learning Mode by now). So, I tried switching the Live site back to Learning Mode and I was able to make some changes to the Joomla site’s setup (e.g. switch to No Index, No Follow, which worked this time).

    However, when I tried updating the Joomla version, I got an error that I saw before” “ERROR: AJAX Loading Error: Not Found.” I saw that in the previous installation of the Joomla Dev site and tried reinstalling Joomla from scratch, which became worse. So the worse problem seems to have been fixed but now there is this problem. I’m thinking that this might have something to do with Wordfence too? Have you ever heard of this?

    Many thanks for your help.

    Thread Starter Evolvingdoor

    (@evolvingdoor)

    Just to cap off this thread, in case anyone else has this problem: the AJAX error seems to be a Joomla error and not related to Wordfence or the other WordPress installations.

    The problem with the Wordfence error was solved by putting BOTH WordPress sites’ Wordfence plugins into Learning Mode. I had only put the Dev site into learning mode, thinking it was the source of the error, but it turned out to be coming from the Live WordPress site. Once I put both WP installations into learning mode, that particular problem was resolved.

    Additionally: The other Joomla updating problem that came up afterwards was finally resolved by updating through Softaculous in cPanel.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Wordfence blocking Joomla updates’ is closed to new replies.