mountainguy2

If you can still access the dashboard, just disable the plugin. In my case, I could not access the dashboard. But I’m in there using FTP all the time, so simple matter.

Running a WordPress site without some kind of direct server access can be challenging. Everything seems to go wonderful, with WordPress living up to the (often false) praise from internet fanboys and girls, then bam, site visitors just see an error message. Can you find better hosting? Or perhaps you do have Cpanel access and just don’t realize you do?

MTN

Feature: would perhaps save a lot of support work if you guys at WF included a squib like this with the attack notification: “Please note Wordfence logs all attacks, irregardless of the presence of specific plugins.” I got confused by this as well, took some head scratching to figure it out.

Other than potential confusion, the way it works is genius, as it blocks bot attacks based on known attack patterns.

Hi, most of the criminal attack bots hit lots and lots of file names. That’s a weakness, as you can trap them by placing a list of common attack vectors in the “Immediately block URLS” list, in Wordfence (see All Options). I spent some time tuning this, but it’s been running pretty much on its own now for many months, resulting in a ton of block. Below is an _EXAMPLE_ of the sorts of stuff one might place on the list. DO NOT COPY PASTE, AS SOME OF MY ITEMS MIGHT RESULT IN FALSE POSITIVES. MTN

/—–NOTE-url-must-not-exist-on-server
/—–NOTE–dots-periods-for-suffix-not-substituted-by-wildcard
/—–NOTE-all-case-sensitive-no-thanks-wordfence
/author/*//wp-login.php
/author/*/wp-login.php
/author/*/wp-login.php*
/*/*login=go%21&H=
/*/*/*login=go%21&H=
/administrator/*
/administrator/index.php
/administrator
/administrator/
/*/administrator/*
/admin
/admin/
/admin/*
/Admin/*
/admin.php
/adminzone
/wp-login
/*/wp-login
/*/wp-login.php
/*/*/wp-login.php
/wp-login.php*
/login.html
/login
/*/node/add
/node/add
/*/*/ckeditor-for-wordpress/*
/*/ckeditor-for-wordpress/*
/dev/*
/deV/*
/Dev/*
/data/*
/data/*/*
/.git/*/
/*/*/thecartpress/*
/*/thecartpress/*
/wp-content/*/*/a-a.css
/a-a.css
/wp-content/*/*/gallery-plugin.php
/gallery-plugin.php
/whitehat
/plugins/lim4wp/editor_plugin.js
/*/plugins/lim4wp/editor_plugin.js
/*/plugins/xerte-online/logo.png
/user-photo/admin.css
/*/plugins/user-photo/admin.css
/*/mac-dock-gallery/bugslist.txt
/*/*/mac-dock-gallery/bugslist.txt
/*/*/*/destination.php

Problem is, Wordfence does little to nothing to protect against attacks on Linux. Run only one firewall at your peril. For example, if you examine what’s going on with your server, you’ll probably discover hundreds if not thousands of attacks on your FTP and Cpanel logins. Fiddling around with Wordfence, protecting the WordPress login, is an interesting exercise, but does nothing to protect from server login attacks. MTN

Hi, the email forum alert I get is titled “[www.remarpro.com Forums] Is there a problem with this forum?”

I use totally updated everything.

No time to look at my error logs right now, but they’re always showing something, usually not worth the time fixing.

I concentrate on how fast the site is. If it’s ok, I don’t worry about it.

MTN

For what it’s worth… I run Modsecurity and Configure Server Firewall, if there is any hit on server speed it’s minimal, as I keep my rules to a reasonable minimum. I like the way the server firewalls catch stuff way early in the process, with nothing but an error message. Wordfence gives way too much information to criminals. It shouts “I use WordPress and Wordfence, test your hacks on me!!” MTN

In my experience, just deleting files according to a scan can get you in a world of hurt. Best to simply pay for the WF site cleaning service. MTN

Well, yes, I’ve noticed over the years that answers here can be inconsistent. That’s never bothered me, as I use the free version of WF and the folks from that company are probably being paid to answer questions. I used to pay, and the help system was more consistent, though it was sometimes slow. MTN

Yeah, I was more posting that to help out all users… Glad to hear you are doing ok. MTN

It’s a flawed system. My solution is to just ignore the Wordfence “bot” clutter. The mystery is why they include something that clearly doesn’t work. Seems odd when you think about it, as Wordfence is otherwise pretty together. MTN

Does this slow down your website, or cause you to require more bandwidth you’d need to pay for? If not, perhaps just ignore. In other words, is it really a “problem” or just a change? MTN

Wordfence, any progress on fixing “Immediately block IPs that access these URLs” to make that feature case insensitive?

MTN

Thanks for the reply. Yeah, the number of plugins has pluses and minuses. Every one is an attack surface for criminals, and the smaller less popular ones are often orphaned, thus the user has no idea if they need security updates or not. I try to keep my plugin count to under 15, and constantly wonder if my orphaned plugins are a risk, but some are necessary. MTN

Dave, that must be the magic query (smile). The user tried to log in and get blocked so I could troubleshoot, but this time he did not trigger a block! We changed nothing. All I did was look at your magic query. Exceptional! In any case, I’m sure he’ll get blocked again eventually, and when that happens I’ll resurrect this thread and run your query. MTN

That sounds like a good query to run, thanks. I suppose I should be sure there is a failed login in the user_login table… I’ll do it ASAP.