`wordfence_security_event` hook gets the wrong IP address

  • Resolved Andis

    (@andydegroo)


    2 years, 4 months ago

    I’m using the wordfence_security_event hook in a custom must-use plugin to log Wordfence events and block the offending IP address via fail2ban.
    Unfortunately, on ‘increasedAttackRate’ events the IP address passed to the hook is that of the server and not attacking IP because it’s triggered within a cron job and code in wordfence/lib/wordfenceClass.php around line 8537 is using wfUtils::getIP() to get the IP address.

    I’m a bit disappointed to see the poor code quality of Wordfence plugin. For one, using @ to silence possible errors is a bad practice and is strongly discouraged, yet Wordfence code is littered with those even in places where that doesn’t make any sense. And that’s only one example of code smell.

Viewing 1 replies (of 1 total)
  • Plugin Author WFMattR

    (@wfmattr)

    Hi Andis,

    The wordfence_security_event hook is not a documented API. Internally, we don’t treat that IP address as an attacking IP. You can still use this hook of course, but may have to select which events your mu-plugin processes. Keep in mind that this hook is intended to be used internally within the plugin, and parameters or types of events may change in future versions of the plugin.

    The @ operator is still not deprecated in modern PHP versions, though we do generally avoid it in newer code, and we do refactor older code when working on changes or new features, or when compatibility issues occur in new PHP beta versions. WordPress itself still uses it in several files like wp-includes/functions.php, wp-includes/formatting.php, wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php, and others.

    Note that Wordfence still supports rather old versions of PHP still because multiple vendors still “backport” security fixes to old PHP versions, and quite a few sites are still using them. Refactoring old code that still works as intended isn’t necessarily helpful to users, and requires significant additional testing on many old PHP and WordPress versions that are still supported, but over time the bulk of it will be refactored, especially as we drop support for some older PHP versions.

    -Matt R

Viewing 1 replies (of 1 total)
  • The topic ‘`wordfence_security_event` hook gets the wrong IP address’ is closed to new replies.