donikatz

+1

I love Wordfence, but the 2FA functionality is completely useless without being able to mandate it for non-admins too. Makes no sense this isn’t an option. So we’re still forced to use a different 2FA plugin instead.

I rolled back with WP Rollback from 5.7/5.7.1 to 5.6.2 and the problem is gone. (WP 4.8.3)

Same problem here! The data looks good in MySQL, but Caldera isn’t displaying it properly.

Update: After switching to use X-Forwarded-For to get IPs, “Increased Attack Rate” emails now show the correct IPs.

I switched to the option to use X-Forwarded-For to get IPs, and everything still seems to be working. So I’ll see what happens in the next “Increased Attack Rate” email.

Ok, thanks for the update!

Actually, I thought it was showing IPs from our load balancers, but they’re the IPs from the redirect hosts behind the load balancers (which are in front of WP).

Diagnostic: REMOTE_ADDR 192.168.70.20
Which is the internal IP of one of our redirect hosts.

Increased Attack Rate email:

June 16, 2017 3:10pm 192.168.66.173 (Unknown) Blocked for a Malicious File Upload in file: files=DeleteHandler.php
June 16, 2017 3:08pm 192.168.66.173 (Unknown) Blocked for Directory Traversal – wp-config.php in POST body: rootpath=../../../wp-config.php
June 16, 2017 3:07pm 192.168.70.20 (Unknown) Blocked for a Malicious File Upload in file: files=aoVtlXNs.php
June 16, 2017 3:07pm 192.168.66.173 (Unknown) Blocked for Directory Traversal in query string: filename=../../../../../../../../../etc/passwd
June 16, 2017 3:07pm 192.168.70.20 (Unknown) Blocked for Directory Traversal in query string: fileName=../../../../../../../../../../etc/passwd
June 16, 2017 3:07pm 192.168.70.20 (Unknown) Blocked for LFI: Local File Inclusion in query string: filepath=/etc/passwd
June 16, 2017 3:07pm 192.168.70.20 (Unknown) Blocked for LFI: Local File Inclusion in query string: url=/etc/passwd
June 16, 2017 3:07pm 192.168.70.20 (Unknown) Blocked for LFI: Local File Inclusion in query string: file_link=/etc/passwd
June 16, 2017 3:07pm 192.168.70.20 (Unknown) Blocked for Directory Traversal – wp-config.php in query string: files=../../../../wp-config.php
June 16, 2017 3:07pm 192.168.70.20 (Unknown) Blocked for Slider Revolution: Local File Inclusion

So it’s checking REMOTE_ADDR and not X-FORWARDED-FOR, even though everything else seems to be checking X-FORWARDED-FOR.

For example, a recent “User locked out from signing in email”:
User IP: 120.25.225.89

Thanks!

• This reply was modified 7 years, 9 months ago by donikatz.

Hi, Any thoughts on multisite support?

Also, is Vendi Cache still an active plugin, or is it being abandoned? I ask because there have been no updates in 5 mo and no testing above 4.7.0.

Regards, Doni

Yep, same problem.

PHP 5.3.29 thanks

Doh, should have tried that first! Thanks, good now. :$

Follow-up Q: In Chrome with 1.2.3 the icon is too big, like in Michael’s earlier image link. In Safari it looks good. Is it supposed to have been fixed for Chrome? Thanks and thanks Michael for this plugin!

Thanks Matt.

Sorry, I should have been clearer. It’s not just that I noticed login attempts, it’s that I was still able to view /?author=N pages with the Prevent option enabled. On three different installations. I was forced to create my own .htaccess rule to redirect, because Wordfence didn’t.

Regards,

D

Aaaand it’s fixed. ??

Of course that means can’t auto-update, since WP sees the plugin as v.1.0.1. So I upgraded by FTP and it works (thanks!), but still sees it as v.1.0.1. Maybe because the comment header in flaming_password_reset.php still says “Version: 1.0.1”?

Anyhow, thanks so much for v.1.0.2, it looks great. ??