IvanRF

Thanks for taking the time to reply me and, above all, for sharing your knowledge!

I’m also having issues with WPML plugin and database or object caching. So, tomorrow I will make some tests but I think that I’m going to disable at least database caching.

Are you using any other software to block it, or does your host use mod_security or another measure to block this file?

I checked PHP info and there is no mod_security. I just use Wordfence.

Looking at the same log for today, I found this

178.130.7.49 - - [16/Sep/2015:13:11:54 -0700] "GET /wp-login.php HTTP/1.1" 200 2988 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"
178.130.7.49 - - [16/Sep/2015:13:11:55 -0700] "POST /wp-login.php HTTP/1.1" 302 - "https://mysite.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"
178.130.7.49 - - [16/Sep/2015:13:11:56 -0700] "POST /wp-login.php HTTP/1.1" 302 - "https://mysite.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"

There are a lot of this entries from different IPs

I just checked the log for the site of the screenshot. For the first entry, I found this:

195.146.145.230 - - [16/Sep/2015:07:24:28 -0700] "POST /xmlrpc.php HTTP/1.1" 500 12240 "-" "-"
195.146.145.230 - - [16/Sep/2015:07:24:29 -0700] "POST /xmlrpc.php HTTP/1.1" 500 12240 "-" "-"

Another link: screen-shot

Two of my sites show 404 errors for xmlrpc.php. The other one, 7 to 8 days ago had this messages:

left /wp-login.php and tried to access non-existent page /wp-login.php

It may also be possible that you’re being attacked by a bot that is so poorly made, that it isn’t using xmlrpc.php correctly

I’m receiving a lot of mails from hack attempts for ‘admin’, so it could be.

Yes, I’m using W3 Total Cache only for this site and with database and object cache enabled.

You want me to disable database cache only to test this, right? Since, it will impact my site performance.

Mails are scheduled to next Monday, so I will try this then.

I’ve just sent you an email with my log data.

Here you have an screen-shot

At least, 47 entries in the last 24 hs.

The latest update fixed Live Traffic 404s empty to me, thanks!

I’m getting non-existent page for xmlrpc.php, is that the expected behavior?

Today I receive 3 summary mails. So, disabling config caching did not work.

At 11 a.m. I checked cron jobs, and I only had one entry for wordfence_email_activity_report.

Two of the mails arrived at 16:03 p.m. and the last one at 16:05 p.m.

It’s also weird that I had changed the schedule from two weeks to one week. Now, I received 3 mails, and before 7 (almost a half, like the amount of scheduled days).

PS: Now I only have one entry for wordfence_email_activity_report in the cronview. So, maybe the problem is not in the cron jobs, but in the action that handle the cron job.

Today, I checked the cron jobs and there was no entry for email.

I click on save again, and now it appeared (I don’t know why yesterday it was not saving).

I will check the cron jobs and in a week I’ll tell you what happened with summary mails.

I disabled config caching.

Also, I disabled email summary and those numbers where removed from cron jobs along with wordfence_email_activity_report.

I re enable it, and change it to one week. Now, there is no wordfence_email_activity_report entry in the cronview. Is that normal?

I only have 1 entry for wordfence_email_activity_report, the one that I mentioned.

configCache.php file seems fine, which variable inside that file could cause this problem?

I didn’t disable config caching to see if this was solved. Should I disable it now? the file seems fine.

I’m sorry to say, this was not resolved.

Today I received 7 summary mails. My “cronview” has this at the end:

Mon, 21 Sep 2015 19:00:00 +0000 : wordfence_email_activity_report
: 1440119604
: 1440119610
: 1440119612
: 1440119663

I don’t know what those numbers are.

Where can I check if the cached options are wrong? what is the file name or path?

Any ideas???