mountainguy2

Hey, if you’re doing this professionally, it is mandatory you have SFTP access to your WordPress installation files. You can delete Wordfence and other plugins there, and start over. Arrange with your web host. If they’re not helpful, time to run don’t walk to a better host. Or, hire a consultant to help. A reliable WordPress install with a raft of plugins is not casual. MTN

• This reply was modified 6 years, 5 months ago by mountainguy2.

Along these same lines, in my opinion it is worth utilizing unused author-user numbers as a honey pot. On the Wordfence “All options” page, in the “Immediately block URLS” list, add a few unused author numbers. When the criminals attempt to find an author (WordPress “user”) to exploit, they’ll get blocked. You can research active user numbers by simply mousing over the “users” list in WordPress.

Example below is from my “Immediatly block URLs” list in Wordfence:

/—NOTE-below-blocks-author-scans-using-unused-numbers
/?author=6
/?author=7
/?author=8
/?author=19
/?author=22
/?author=36
/?author=44
/?author=46
/?author=47
/?author=50

This is indeed an annoying flaw. You have to copy/paste the IP into a filter search at top of the page, that way you get the information. Why they can’t just make the things clickable is a mystery, I thought that’s what my mouse was for. MTN

This is common, you’ll get thousands of attempts… if you want to play around with blocking, use the “Block URLs” feature on the “All Options” page. My theory is that it’s good to spend some time with this, I keep a list that’s several hundred items long.

Be careful what you block. For example, browsers looking for apple-tough-blah-blah are just looking for the Ios badges you can provide in your root directory. Google it up.

MTN

Somehow, the illogical happened to us and a user, entering their user name from password manager, kept getting blocked. Even though they very carefully made sure the user name was correct in the password managers. I spent hours troubleshooting, never did figure out the why but did narrow it down to what exactly was happening. Super frustrating. It did trigger a Wordfence block so I attribute it to Wordfence. We tried it without Wordfence and it functioned correctly. Yeah, not logical, odd, but real. MTN

Hello, I’ve had similar problems over the last few years. It seems that sometimes a user will enter user name and Wordfence does not interpret the characters correctly, depending on something happening with the user’s input method. For example, in one of our cases the user was inputing from password management software that entered the user name. It would fail, but when he entered the user name manually it worked. We tried it over and over again, being very careful about what the password software had as a user name. It appeared perfect, but kept triggering the Wordfence block. It was frustrating. In your case, I’d suggest first determining if the user has changed their input method, perhaps a different keyboard, or a password manager. If the solution isn’t obvious, don’t waste time, create another user account with a different user name and have them try that.

There is also the possibility that Wordfence doesn’t like the IP your user is coming from, but that would usually trigger a full block before they even got to the login screen, so it’s probably not the case. But something to consider.

In my opinion this is a known problem with Wordfence, it’s been going on forever it seems. When one thinks about it, really, how could the difference between a bot and a human _always_ be determined accurately, either by human or algorithm? With that in mind, I’d doubt Wordfence will improve on this any time soon. I’ve learned to ignore, though I still find those big garish bot icons to be quite annoying when they appear to be wrong. They appear childish, perhaps intended to impress new users of the software. MTN

In a perfect world, indeed so. MTN

Same here, when I was using them… then, I did have some issues… thus worth considering some trouble shooting.

BTW, I’d doubt it’s the theme, but could be worth a quick jump over to another theme for a few minutes, along with attempt to use Wordfence again.

MTN

Updraft is a complex plugin with lots of moving parts, you could be getting a conflict. Likewise, Jetpack. I stopped using both due to various issues over a long period of time. You might try at least disabling Updraft and running Wordfence. I’d imagine disabling Jetpack is tougher, but could be worth trying without that as well. Just my two cents as a long time Wordfencer. MTN

It is against the Wordfence corporate culture to hide anything. So you have to do it yourself. Changing name and folder for a plugin is easy. If you’re using an orphaned plugin that’s essential to your site (not uncommon these days as the entire WordPress plugin ecosystem continues to rot), it can in my opinion be an excellent security move to “hide” the plugin so that bots do not identify it. Google it up: “rename WordPress plugin.” MTN

How exactly are you identifying “bad bot” or “bad ip” in your “stats” while not running security application? I’m not understanding your point, or your question. MTN

As always, I’d recommend Wordfence site cleaning service. Then of course you’ll want to harden your site. MTN

This is Wordfence forum, you might want to ask this of IThemes for a definite answer (assuming you mean “tables” not “files”). MTN

no