StanLight

@wfasa provided one reason for not modifying the block page as:

“Mentioning Wordfence on the block pages makes it easier to debug false positive blocks.”

It’s looking more and more like the Wordfence details are on this page for PR / marketing purposes rather than because they add to security!

She also said:
“People manage to lock themselves out sometimes. That’s a far bigger concern to us than that an attacker would see the word “Wordfence” on a block page”

Surely that easily solved by providing a field asking them for their admin email address to send instructions for unblocking!

Sorry, but your stand is looking less and less defensible by the day.

• This reply was modified 7 years ago by StanLight.

You are correct. I have subsequently got it to work, so I shall revise my initial rating.

However, I’ve struggled a lot with this plugin and find it very confusing. (Maybe it’s just me as everybody else seems to be raving about it!)

But because of my struggles I am revising this to just a 3 star. Thanks for the reminder.

@azrobbo, well put!

Add my support as well.

While I get wfasa’s point about newbies needing some clear explanations/instructions on the error pages, that seems like a bit of a weak argument. Anybody going into advanced settings to customise these messages isn’t a n00b who needs to be told what a 503 means.

It seems the copy of the error page is designed more as PR for Wordfence. That is fair enough – it is a free program after all – but let’s be honest about the reason for the current copy.

Apart from giving the hacker (or bot in most cases, but NOT ALL cases) too much information, this copy is also too long. On my site it’s being loaded hundreds of times a day – or thousands of times. More importantly, though, the copy is telling even the humans who hit that page to try again in a few minutes. What do you think they’ll do? They’ll try again. Why? You’ve given me, the webmaster, the option of blocking them for the whole day, whole week or whole month. Why ask him to try again in a few minutes? It just doesn’t make sense.

Can we please have control over the error messages without having to fiddle around with changing files manually after each update? That would be most appreciated. Thanks.

Many thanks, I shall reply in there.

Good suggestion, thanks.

I added this to my block list:
/xyz123.php

When I try to access that URL through a proxy I correctly get a message saying I’ve been blocked.

When I try to access wp-login.php (on a new proxy) I don’t get that message. I just get the 404 page.

<added>
To answer your earlier question, I use a plugin called Rename wp-admin.php which gives me a custom URL for logging in that only I know about. (That would be a good feature for Wordfence to add!) On further digging I find that there is indeed a wp-login.php file in root… though I do hit the 404 page if I try to access it in a browser.

• This reply was modified 8 years, 3 months ago by StanLight.

My WP and WF are all up to date.

No, I haven’t got “failed login” notification on. I see these attempts in the “live traffic” view. Some IPs have multiple attempts over several hours and they don’t get blocked.

When I did turn notification on for WF to send me email, I’d get email like this:

“Wordfence has blocked IP address 193.248.153.69.
The reason is: “Exceeded the maximum number of page not found errors per minute for a crawler.”

But not any notifications to say someone was blocked for trying to access banned / blocked page.

I just copied this from my Live Traffic page:
Hanoi, Vietnam tried to access non-existent page https://mysite.com/wp-login.php
29/11/2016 08:05:53 (37 minutes ago) IP: 113.190.162.186 [block] Hostname: dynamic.vdc.vn

Wordfence is giving me the option of blocking it manually here. Instead I expected that IP to have been blocked alreadyfor 24 hours (my setting) because it tried to access the login page earlier.

• This reply was modified 8 years, 3 months ago by StanLight.
• This reply was modified 8 years, 3 months ago by StanLight.

Thanks for your reply.

Good point about the whitelist but, no, I have no IPs on the whitelist. And it’s not one or two people trying this login page. I get 30-50 different IPs trying it everyday.

garomans, thanks for the link. But I’m unable to fathom from there what’s actually happening in terms of what my visitors are seeing. Do they get an error message or is the visitor seeing the page as normal and this is just being recorded in the Wordfence Live Traffic view as a syncattack?

wfalaa, it’s happened again today and I tried loading that URL in the browser and … I get nothing. Just a blank page. There is nothing in the source code either.

Is this what my visitors are seeing then? (And if so, how do I rectify?)

Actually, “wordfence_syncAttackData” is used to update the “Live Traffic” with information about any recent attacks on your website

A visitor arrived today following a link from a website that sends me regular traffic. He visited one page and then a few seconds later visited another page and nothing looks odd there. Then 10 minutes later he tries a third page and this is the entry I get:

United Kingdom Gillingham, United Kingdom left https://**mysite.com**/?tcb_lightbox=lightbox-about and visited https://**mysite.com**/?wordfence_syncAttackData=1476972601.9

He didn’t visit any other pages. So are these visitors hitting a blank page and then just leaving my site in frustration?

Many thanks.

• This reply was modified 8 years, 5 months ago by StanLight.
• This reply was modified 8 years, 5 months ago by StanLight.

Ignore the above. After clearing page cache and disabling other plugins and using the update at the dashboard level (rather than on the plugins page), it seems to have worked.

mysite.com in the below code replaces my real domain name.

<code></code>WP-Piwik 1.0.9
Mode: http

Test 1/3: global.getPiwikVersion

array(2) {
  ["result"]=>
  string(5) "error"
  ["message"]=>
  string(86) "You can't access this resource as it requires an view access for at least one website."
}

array(2) {
  [0]=>
  string(280) "HTTP/1.1 200 OK
Date: Mon, 08 Aug 2016 20:38:44 GMT
Server: Apache
X-Powered-By: PHP/5.6.24
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=31536000
Expires: Tue, 08 Aug 2017 20:38:44 GMT
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8

"
  [1]=>
  string(162) "https://www.mysite.com/piwik-analytics/?module=API&method=API.getBulkRequest&format=json&urls[0]=method%3DAPI.getPiwikVersion%26idSite%3Dn%2Fa&token_auth=..."
}

Test 2/3: SitesManager.getSitesWithAtLeastViewAccess

array(0) {
}

array(2) {
  [0]=>
  string(255) "HTTP/1.1 200 OK
Date: Mon, 08 Aug 2016 20:38:45 GMT
Server: Apache
X-Powered-By: PHP/5.6.24
Cache-Control: max-age=31536000
Expires: Tue, 08 Aug 2017 20:38:45 GMT
Vary: User-Agent
Content-Length: 4
Content-Type: application/json; charset=utf-8

"
  [1]=>
  string(185) "https://www.mysite.com/piwik-analytics/?module=API&method=API.getBulkRequest&format=json&urls[0]=method%3DSitesManager.getSitesWithAtLeastViewAccess%26idSite%3Dn%2Fa&token_auth=..."
}

Test 3/3: SitesManager.getSitesIdFromSiteUrl

array(0) {
}

array(2) {
  [0]=>
  string(255) "HTTP/1.1 200 OK
Date: Mon, 08 Aug 2016 20:38:47 GMT
Server: Apache
X-Powered-By: PHP/5.6.24
Cache-Control: max-age=31536000
Expires: Tue, 08 Aug 2017 20:38:47 GMT
Vary: User-Agent
Content-Length: 4
Content-Type: application/json; charset=utf-8

"
  [1]=>
  string(219) "https://www.mysite.com/piwik-analytics/?module=API&method=API.getBulkRequest&format=json&urls[0]=method%3DSitesManager.getSitesIdFromSiteUrl%26idSite%3Dn%2Fa%26url%3Dhttp%3A%2F%2Fwww.mysite.comm&token_auth=..."
}

array(2) {
  ["global_settings"]=>
  array(58) {
    ["revision"]=>
    string(10) "2016052901"
    ["last_settings_update"]=>
    string(10) "1470687867"
    ["piwik_mode"]=>
    string(4) "http"
    ["piwik_url"]=>
    string(44) "https://www.mysite.com/piwik-analytics/"
    ["piwik_path"]=>
    string(44) "https://www.mysite.com/piwik-analytics/"
    ["piwik_user"]=>
    string(0) ""
    ["piwik_token"]=>
    string(3) "set"
    ["auto_site_config"]=>
    string(1) "1"
    ["default_date"]=>
    string(12) "current_week"
    ["stats_seo"]=>
    string(1) "0"
    ["dashboard_widget"]=>
    string(5) "today"
    ["dashboard_chart"]=>
    string(1) "1"
    ["dashboard_seo"]=>
    string(1) "0"
    ["toolbar"]=>
    string(1) "0"
    ["capability_read_stats"]=>
    array(5) {
      ["administrator"]=>
      string(1) "1"
      ["editor"]=>
      string(1) "0"
      ["author"]=>
      string(1) "0"
      ["contributor"]=>
      string(1) "0"
      ["subscriber"]=>
      string(1) "0"
    }
    ["perpost_stats"]=>
    string(1) "1"
    ["plugin_display_name"]=>
    string(8) "WP-Piwik"
    ["piwik_shortcut"]=>
    string(1) "1"
    ["shortcodes"]=>
    string(1) "0"
    ["track_mode"]=>
    string(8) "manually"
    ["track_codeposition"]=>
    string(6) "header"
    ["track_noscript"]=>
    string(1) "0"
    ["track_nojavascript"]=>
    string(1) "1"
    ["proxy_url"]=>
    string(0) ""
    ["track_content"]=>
    string(3) "all"
    ["track_search"]=>
    string(1) "1"
    ["track_404"]=>
    string(1) "1"
    ["add_post_annotations"]=>
    string(1) "0"
    ["add_customvars_box"]=>
    string(1) "0"
    ["add_download_extensions"]=>
    string(0) ""
    ["set_download_extensions"]=>
    string(0) ""
    ["disable_cookies"]=>
    string(1) "0"
    ["limit_cookies"]=>
    string(1) "0"
    ["limit_cookies_visitor"]=>
    string(8) "34186669"
    ["limit_cookies_session"]=>
    string(4) "1800"
    ["limit_cookies_referral"]=>
    string(8) "15778463"
    ["track_admin"]=>
    string(1) "0"
    ["capability_stealth"]=>
    array(0) {
    }
    ["track_across"]=>
    string(1) "0"
    ["track_across_alias"]=>
    string(1) "0"
    ["track_feed"]=>
    string(1) "0"
    ["track_feed_addcampaign"]=>
    string(1) "0"
    ["track_feed_campaign"]=>
    string(4) "feed"
    ["track_heartbeat"]=>
    string(1) "0"
    ["track_user_id"]=>
    string(8) "disabled"
    ["cache"]=>
    string(1) "1"
    ["http_connection"]=>
    string(4) "curl"
    ["http_method"]=>
    string(4) "post"
    ["disable_timelimit"]=>
    string(1) "0"
    ["connection_timeout"]=>
    string(1) "5"
    ["disable_ssl_verify"]=>
    string(1) "0"
    ["piwik_useragent"]=>
    string(3) "php"
    ["piwik_useragent_string"]=>
    string(8) "WP-Piwik"
    ["track_datacfasync"]=>
    string(1) "0"
    ["track_cdnurl"]=>
    string(0) ""
    ["track_cdnurlssl"]=>
    string(0) ""
    ["force_protocol"]=>
    string(8) "disabled"
    ["update_notice"]=>
    string(7) "enabled"
  }
  ["settings"]=>
  array(6) {
    ["name"]=>
    string(0) ""
    ["site_id"]=>
    string(3) "n/a"
    ["noscript_code"]=>
    string(0) ""
    ["tracking_code"]=>
    string(728) "<!-- Piwik -->
<script type="text/javascript">
  var _paq = _paq || [];
  _paq.push(["setDomains", ["*.mysite.com"]]);
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="//www.mysite.com/piwik-analytics/";
    _paq.push(['setTrackerUrl', u+'piwik.php']);
    _paq.push(['setSiteId', '1']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<noscript><p><img src="//www.mysite.com/piwik-analytics/piwik.php?idsite=1" style="border:0;" alt="" /></p></noscript>
<!-- End Piwik Code -->
"
    ["last_tracking_code_update"]=>
    string(1) "0"
    ["dashboard_revision"]=>
    string(1) "0"
  }
}
<code></code>

Thanks, Greg, I’ve just sent it.

Yes, am helping a friend with his WordPress site and see that Yoast now has no end of “notifications”.

LOOK AT ME!!!

LOOK AT ME!!!

LOOK AT ME!!!

The constant screaming for attention (because they want to sell you stuff) has gone beyond annoying. I’m trying to convince this friend to get rid of Yoast and use something else. Anything else! There are a lot of good SEO plugins out there.

Thanks, but there are no comments enabled on individual posts. They were well and truly and completely blocked (and not a single old post even got a single comment before I turned commenting off).

Upgraded to 3.0.4 and the problem is still there.

C’mon guys, your formatting is screwed up. I’m not the only one seeing this – there are apparently many others. When are you going to fix it?