Bombdogs

Similar problem for database & object caching. If one site uses either of these you need the relevant db.php & object-cache.php files placed in wp-content. Sites that don’t have them enabled show an error…

Execute next commands in a shell:
rm /var/www/html/wordpress-dev/wp-content/db.php

Looks like settings per site is only really possible on the more fine-grain controls. Which caching mechanisms are enabled has to be largely set network wide.

Is there something I’m missing?

Best,
Paul

+1 for this request for multisite users of this v popular plugin.

Worth noting that you’ll need to a bit of dynamic querying here – WP upgrades from older versions to 3.5 will carry on using the older blogs.dir directory structure – only fresh installs will need to use the newer uploads directory structure.

I should also add I have only enabled the CDN caching so far, no other caching functionality is enabled.

OK you can ignore the foreach() activation error above – it seems to be fixed in the 3.3.5 version released this morning… 2 updates in 2 days, you guys move fast.

Super plugin, worth every penny ??

Hi,

I have adjusted our apache config to allow wordfence .htaccess to operate correctly and this has resolved a good number of the issues seen above – I think it would be worth making a note in the installation instructions of this requirement as some servers will be a little more tightly controlled than others – especially mutlisite installs.

Wordfence now appears to be working, which is good. But in addition to the 145 characters of unexpected output error, we also got this on network activation…

Wordfence generated an error on activation. Please report this on our support forum. The output we received during activation was: Warning: Invalid argument supplied for foreach() in /var/www/html/wordpress-dev/wp-content/plugins/wordfence/lib/wordfenceClass.php on line 642

We see no errors when Wordfence does it’s stuff, so it looks like we’re good to go. We think it’s a great plugin and will be purchasing multiple licenses – I hope we can help you work through this final error – I’m wondering it’s to do with the fact this is a sub-domain install. Please let us know if there is any debug we can put in that will help you track it down.

Cheers,
Paul

Hi,

thanks for the response. The WP database definitely exists – I’d probably have a bigger problem than this plugin if it didn’t ??

The table also exists and is named correctly, after plugin installation I can see 67 records in there (first ten shown here)…

mysql> SELECT * FROM WORDPRESS_DEV.wp_wfConfig LIMIT 0,10;
+————————+——+
| name | val |
+————————+——+
| alertEmailMsgCount | 0 |
| alertEmails | |
| alertOn_adminLogin | 0 |
| alertOn_block | 0 |
| alertOn_critical | 1 |
| alertOn_loginLockout | 0 |
| alertOn_lostPasswdForm | 0 |
| alertOn_nonAdminLogin | 0 |
| alertOn_throttle | 0 |
| alertOn_warnings | 1 |
+————————+——+

I think it would be useful if you can let me know how to do a complete clean-up so I can do a fresh install. So far I have been de-activating the plugin, dropping all the “wp_wf” tables and finally deleting the “wordfence_version” & “wordfenceActivated” records from the wp_options table. Is there anything else I may have missed?

I will look into the apache config to allow the necessary htaccess configuration after you come back with clean install instructions.

Thanks again,
Paul

Please ignore my question – I can see the readme has a section on this exploit.

Quick question related to your comment above – would the wordfence scan pick up a vulnerability like the recent timthumb exploit if it existed in an old theme?

Thanks.

+1 for this request.

This is madness – there must be a list of reserved GET/POST params? I only found this thread after I sussed the behaviour myself.

I’m using a Java plug-in which POSTs back to the page the vars a,i,k & m and the POST was obviously being greeted with the aforementioned 404.

You can imagine how many blind alleys I went down and how long it took before I realised that it was the param ‘m’ causing the behaviour. It wasn’t 2 seconds.

Perhaps ‘m’ stands for magic. Or mental.

PMF

Thanks for the reply – in this instance FTP-ing to the box is quite a pain – it’s all controlled by CVS & update scripts.

I decided to turn off the plugins for the blog by editing the db manually. For those who find themselves in a similar situation, it’s in the wp_options table….

UPDATE wp_X_options SET option_value='a:0:{}' WHERE option_name='active_plugins'

….where X is your blog id.

I was then able to get into the backed and re-anable the plugins one by one until I found the issue.