scotten

Thanks for quick answer anyway. I foudn out that solution in your FAQ:s after a while so I am fien for now.
I think – that when I had installed and activated KEYY – I noticed an old “unsecure” username and changed that one to a std more secure – without logging out after KEYY activation. Maybe that is why it suggested the wrong/the old probably) user. But I should be able to change that user to another – but I guess the QR code is created based in the current user aand that is why I had this mismatch
I don′t think there is a bug but maybe there should be some instruction or warning not to change user after having activated KEYY and without logging out.

Thanks again

OK – I will do that. I will just first check what is happening now – I dont have as much attempts now after the reinstallation and deleting of the database – but there are still some.

If I feel it seems to work now I am satisfied, If I still feels there is something straneg going one – I will email genbiz@

PeA

Hi Mark, thanks for your reply. As you mention that the vulnerability was discovered by you and you even call it “vulnerability” as if it was not a real vulnerability – does that mean that this software is kind of fake or if you don′t want to give that answer – will not be needed if you already use WordFence. As I have had several strange problems with WF – I finally – after googling around bought and installed WP Site Guardian.

I have had plenty of unauthorized logins attempts (according to WF) but I am not sure if these have bee real attempt′s as the behavior has been very strange and incorrect. I have now reinstalled WF following the instructions I got from Matt – and it seems that it is much more “calm” now – just a few attempts.

But IF all these (50 each day) has been real attempts – and on that particular site – there was also comment fields open(not on my other sites) – the why have not ANYBODY tried this other vulnerability?

As I dont like to be “fucked up” to buy software that I don′t need and that is kind of fake – I need some more guidance from you .- and then I will go back to the salesman of WP Guardian and claim the purchase – as they seems to have given incorrect information (they sad that non (including WordFence) did not take care of this “exploit vulnerability”
(Sorry for my “bad” english

PeA

Hi again Matt, I have not yet reinstalled WordFenc, but I will do so.

But yesterday I received an email from Ankur Shukla ([email protected]) with this link to a video telling that both Wordfence and “all” the other top security plugins – does not protect against Exploits & vulnerabilitys in WP, in themes and in plugins.
https://wpsiteguardian.com/live1c.php?aid=227809

This new software is called WP Site Guardian and the guy behind Chris Hitman.

I don′t know it this is fake – but I have reveived emails from this guy before and have some trust in him (but you can never know these days)
The vidoe shows how it should be possible to hack a site in a couple of second just by pasting some code into a comments field – and none of the best Security plugins protects against that.

As an example they mentioned that there is a vulnerability in WF:
Persistent Cross-siet Scripting(XSS)

What is your comment to this?
And if it is real – wouldn′t it be goof if WordFence also protected against this.
Let me know your thoughts

PeA

Hi Matt, I DO have sent the plugin list – I will also send you this email from another email address on another host.

I will also try to delete the plugin following your instructions and will let you know.

This is what I sent you dec 2nd (by email..)

My hosting company answers that they have reverse proxy for Apache on some of their servers, but they also say that “server.pistolfolios.com” is nbot a customer (i must admit that I don’t exactly understand this with reverse proxy and my problems)

Let me know if you did not get my replies
_________________________________________________________________

Hi Matt, I have send you the scan report

I have turned off Immediately block fake Google crawlers

Plugins:
All in One WP Security
WP Limit Login Attemps (I had but today I deactivated and also removed – as it caused some problems for myself being blocked) Yoast SEO UpDraft Plus(backup) Wincher rank tracker WP Super cache Redirection WP Edit SEO Friendly Images Google Analytics Dashboard Broken Link Checker

I know – that is maybe too many – I will delete some of them – when I am sure I don’t use them…
(It is easy to install and test but not easy to remove – as you forget…)

About reverse proxy – I don’t have a clue – I have to ask my hosting company – I am quite sure they don’t…

I still get plenty of emails like this – but now the other User host name is gone and now its seems to be 23.97.233.197 but with different IPs (It looks like a User host name is “stuck” in the system for a while and gets connected with several other IPs trying to login in , and the suddenly there is another User host name(like this one) connected to other I?s. I don’t think all these IP:s really have the same User host….

A user with IP address 142.4.4.201 has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username ‘admin’ to try to sign in.
User IP: 142.4.4.201
User hostname: 23.97.233.197
User location: Provo, United States

Thanks for trying to solve this (it is late here in Stockholm, Sweden now (23.26..)

Hi Matt, what happened to my issue- I still receive plenty of emails with differebnt IP:s but same User host namen – but after a while it changes tio a new ine – buit whne it one and the same – the IP:s is coming frpm dfifferent countries etc. and sometimes it is like this:
User IP: 75.103.66.14
User hostname: msnbot-207-46-13-54.search.msn.com
User location: Phoenix, United States
____________________
User IP: 178.211.187.178
User hostname: msnbot-207-46-13-54.search.msn.com
User location: Pervouralsk, Russia
________________________________________
User IP: 142.4.4.201
User hostname: msnbot-207-46-13-54.search.msn.com
User location: Provo, United States

and so on – buty the after a number of emails – the User host name changes to a new one

and also the strange thing that my OWN user host namne started to come for a lot of other IP:s

This can′nt be right – and I do have clkearde the cache and deacttivated WP Super cache

PeA

I sent you answers on all your question yesterday(in an enmail)

My hosting cmpany answresr that they have reverse proxy for Apache on some of their servers, but they also say that “server.pistolfolios.com” is nbot a customer (i must admit that I dont exactky undersytand thsi with reverse proxy and my problems)

Let me know if you did not get my replies

PeA

I am not sure this has to do with my other problems – but I am beeing locked out mysself – in a way I should not be. WF has forced me to change mys password, I do so. When I 1-2 days later try to sign in – I am locked out. I check the password and try to login again. When it says I have only 2 attemps left (Login failed: Sorry..Wrong information 2 attemps remaining..!” , I get an email saying that I have been locked out due to too many attempts – but hey, it said I had 2 attempts left(and I tried only 3 timwes and that is less than I had configured). I asked for resetting the password but when I try to login in with that new password – it does not work. Now I have to wait 10 minutes before I can try again – but this feels like a Moment 22.

I would like to lock out unauthorized users, I dont want to make it more difficult for myself.

IFrom the beginning I had Live Traffic disabked – but have enabled it earlier tioday. I can see my own visit(cant see the IP nbr ) when visiting rom another browser. I also see a lot og Bing bot vsisits and from majestic12, yandex, opensite explorer etc – but NONE from Google bots!!
I have Verified Google crawlers have unlimited access…

But still nothing in IPs that are locked out from Login and nothing in IPs that are blocked from accessing the site

I have enabled Firewall, Login security, and now Live Traffic logging.

I kept How does Wordfence get IPs:Let WF use the most secure….

I dont feel that the other options should be better or solve the problem

Hi Matt, thanks for quick answers on my different (but same cause ?) problems

Yes, I see a lot of differenht IP:s blocked but many(but not all) has the same User hostname: vps.agenciaspin.com

Second – when It got blocked myself (using a removed user by mistake) I also hade that User hostname: vps.agenciaspin.com

But later – I had the right User hostname.

It also reports fake Gopogle bots, but when I check the IP:s they seem to be real, from Googles servers

Anf finally – inside Wortdfence – it rreports No IP:s blocked – although I have received all these emails telling me about different IP:s that HAS been blocked

Do you mean all this could have the same reason?

However, I have some other WP sites on the same ISP and server – and I dont get all this problems for the.

The site is https://peopleandtraffic.se/ if that helps.
The IP on the PC I use is: 81.232.69.81 when I see these problems

The IP on the server that host the domain: 194.9.94.50
Apache/2.2.31 (FreeBSD) PHP/5.5.30 mod_ssl/2.2.31 OpenSSL/0.9.8zd-freebsd

Thanks for helping

PeA

Hello guys and Yoast Team – first – a greeting from Sweden – Yoast Team is doing a great job, the best SEO plugin. But I agree – that initially it felt like it was not as user friendly as before – both me and my clients had hard to find where and how to change the important META Title and Description .- but I think that when you get used to it is will work fine.

But there are some minor issues left to fix:
1. In Sweden (and other Scandinavian countries) we have Scandinavian characters with dot over a and o like ???
They don′t work anymore -Yoast says that the focus word does not exist in the URL (because the URL does not have the dots – but this worked before the update)
The same with the focus word does not exist in the ALT-tag (although it does – also because of the dots i assume – but this worked before the update

3. Part of the focus word does not work anymore –
Example: focus word is “skrivbord” and the word “skrivbordet” is both in the Title, Description and ALT-tag – but Yoast says it can′t find “skrivbord” – but if I change the focus word to “skrivbordet” – everything is OK. (Think “desk” and “desktop” )
This work before i.e. when a focus word was part of a longer word(that is how Google handle this)

4. And finally(I hope) if I have 156 characters in the META Description – Yoast says it is longer, even when i shorten to 154 is says it is too long, when I have 152 – it is OK. (My characters include blanks end every other character of course.

Hope this can be solved for us Vikings up in the North

Keep on with your good work

PeA