WordFence blocking me and all users

  • Resolved tark94

    (@tark94)


    4 years, 2 months ago

    WordFence has finally gone crazy and decided no one gets to just log in anymore. I’ve been using this plugin for 2 years with good results. Then, last week it fanatically throws up 503s whenever someone accesses /wp-login, no matter what steps I take.

    At first I thought the problem was rate limiting, so I deactivated it. Nope, that’s not the cause.

    Then I read on here that one should de-install the plugin with the setting, Delete Wordfence tables and data on deactivation. Fresh install, right? Did this several times. Sure, it works for the first few hours, then bam, back to same same.

    Now, there are so many config settings in this thing that I wouldn’t even know where to start with identifying the right ones (I’ve done several reinstallations and the only setting changed was how many times someone can log in before getting locked out).

    The page I need help with: [log in to see the link]

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @tark94 and thanks for reaching out to us!

    The first thing we want to do is check your Wordfence > Tools > Live Traffic to see the reason why everyone is getting 503’s. Usually, a 503 is produced when someone triggers a block that you might have set up. Find one of these blocks and click on it, which should expand it to see extra details. Post the details here so I can review it.

    Thanks!

    Thread Starter tark94

    (@tark94)

    I can assure you @wfadam that I reactivated the WF plugin with default settings a few hours ago and have not touched any settings having to do with blocking.

    Just now I logged in to the site in an incognito browser. Everything seemed fine, then I logged out and in doing so got a 503 error from WordFence (“Your access to this site has been temporarily limited by the site owner”).

    I went into another browser, logged back in, and checked the WF / Tools / Live Traffic as you described. The 503 error or event is not there.

    • This reply was modified 4 years, 2 months ago by tark94.
    Plugin Support WFAdam

    (@wfadam)

    Thanks for checking that @tark94

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    Thanks!

    Thread Starter tark94

    (@tark94)

    Hi @wfadam, the report was sent! Thanks

    Plugin Support WFAdam

    (@wfadam)

    Thanks for sending that report @tark94

    I reviewed your IP detection settings thinking that might of been the issue, but it looks like it’s working properly.

    I think the best thing to start with here would be to purge any cache plugins you might be using and also browser cache for all admins. Then let’s see if this happens again.

    Let me know what you find!

    Thanks!

    Thread Starter tark94

    (@tark94)

    Thanks @wfadam, yesterday I purged both the CloudFlare and Ezoic caches.

    I have as well a plugin ‘Cache Enabler’ and I cleared that as well. As far as caching plugins are concerned, that’s the only such plugin I use.

    Are there any other areas I need to look at?

    Plugin Support WFAdam

    (@wfadam)

    Let’s test this before we move on to any other troubleshooting.

    Let me know if this issue comes back!

    Thanks again!

    Thread Starter tark94

    (@tark94)

    @wfadam I can definitely confirm that WordFence still throws up that 503 error whenever I try to log out of my WP account.

    Thread Starter tark94

    (@tark94)

    @wfadam it seems one of the scripts is causing problems with WordFence. Could you confirm this?

    https://prnt.sc/xfahyw

    __ez.queue.addFile('/tardisrocinante/css_onload.js', '/tardisrocinante/css_onload.js?gcb=9&cb=1', false, [], true, false, true, false);

    Plugin Support WFAdam

    (@wfadam)

    I think I have found the solution to this issue. Looks like the IP being detected is a Ezoic IP address, which would explain the 503’s. If a brute force attacker gets locked out then everyone else including them will get that page until the lock out expires or the Ezoic IP address changes.

    To remedy this, we will need to change a setting and add some IPs to the trusted proxies.

    First, navigate to Wordfence > All Options > General Wordfence Options and change the How does Wordfence get IPs setting to Use the X-Forwarded-For HTTP header.

    Then just below that you should see + Edit trusted proxies. Click that and add all the Ezoic IP’s from their site. If you scroll to the bottom of the page you will see a txt file with the IPs in it:
    https://support.ezoic.com/kb/article/how-to-fix-origin-errors

    Once that is set properly, this random blocking should go away. Let me know if you have any questions!

    Thanks!

    Thread Starter tark94

    (@tark94)

    Thanks @wfadam!

    Thread Starter tark94

    (@tark94)

    Hi @wfadam, today WF has decided to block a user, despite me having whitelisted their IP address. I also updated the list on WF of Ezoic’s IP numbers in case Ezoic had updated one of their IPs, somehow throwing WF out of whack.

    When I look on WF Live Traffic, I can see WF returning a 503 for the user. Sadly, the only button options are “block IP,” “run whois,” and “see recent traffic.”

    It’s a pity there’s no button “allow access” to just override WF’s firewall and grant someone access.

    • This reply was modified 4 years, 1 month ago by tark94.
    • This reply was modified 4 years, 1 month ago by tark94.
    Thread Starter tark94

    (@tark94)

    @wfadam please disregard the last request – I found a way on WF to unblock the user.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘WordFence blocking me and all users’ is closed to new replies.

Tags