wfalaa
Forum Replies Created
-
Hi,
Wordfence is licensed under GPL licence. Regarding the additional libraries question, I don’t have a list for that now, but you can easily figure that out by searching for “.js” files or references in the plugin’s directory.
Thanks.
Hi @elraton14
Unfortunately, according to the information you provided us now, we also don’t know who installed Wordfence on your website and we can’t know that for sure.
What I suggest to do is to check the web server access log files and the database log files as well as they should have traces of the installation of the plugin files/tables. Also, think about other sites installed on your server that might be sharing the same database with different table prefixes?
I know it will be a long investigation process, you might need to hire a professional security analyst to track this down if you feel such inspection is needed.
Thanks.
Hi,
Are you still getting these errors? as it might be a temporary server connection error. If you still getting it, then check the “Connectivity” section in the diagnostics page (Wordfence > Tools > Diagnostics), if your website can’t connect to our servers, then you will have to contact your web host regarding this issue, perhaps they need whitelist our servers’ IPs:
https://www.wordfence.com/help/advanced/#servers-and-ip-rangeThanks.
Hi @velarie2112,
The permissions for these files should be 644 and 660 respectively.
I’m not really sure why Wordfence Firewall isn’t being detected by GoDaddy/Sucuri, it might have something related to the type of firewall we have implemented in Wordfence which is “Endpoint Firewall”, that runs on the actual server it is protecting. That means there is no way to bypass it over the internet in contrast to the other type of firewall which is “Cloud-based Firewall”, to learn more about the difference between these two types, check these articles:
– Why Choose An Endpoint Firewall Like Wordfence
– Endpoint vs Cloud Security: The Cloud WAF Bypass Problem
– Endpoint vs Cloud Security: The Cloud WAF User Identity ProblemThanks.
Hi @danjde
This is most probably a theme or a plugin causing this issue, I suggest disabling all other installed plugins and reverting back to the default WordPress theme, then re-enabling the plugins/theme one by one to find out the culprit.
A very good way to do that on live website is to use “Health Check” plugin, as it has its own “Troubleshooting guide” that works only on the logged-in session, so you don’t worry about other users visiting your site.
Thanks.
Hi Teresa,
This might be a temporary server connection issue, are you still having this issue meanwhile when starting a new scan?
Thanks.
Hi @tmuikku
Most probably this is something you can enhance its performance from the server side, try asking your web host if they can optimize your database tables, especially this
wp_wfConfig
one.Thanks.
Hi @kenw232
Sorry but I’m not sure I can fully understand the situation here, could you please elaborate in details what’s going on?
Thanks.
On some servers, we have seen that certain scripts might delete “wflogs” directory thinking of it as a potential threat (false positive), as a result the folder will be regenerated again, it might be that when it’s regenerated it will be owned by a different user than the user your web server is running on?
I suggest manually deleting this folder and recheck the generated copy to make sure it’s owned by the server user that has read/write permissions.
Thanks.
Hi Rafael,
Is the server running on LiteSpeed as well? did you try adding the LiteSpeed related code in “.htaccess” file as mentioned in the referenced thread?
Also, please send me a diagnostics and scan activity logs to “alaa [at] wordfence [dot] com”.
Thanks.
Hi @jefferisp7
There seem to be some server errors that aren’t related to Wordfence that might be causing the scan to fail, check this article that might help in resolving this issue, if it didn’t, then you will have to reach out to your web host to resolve these errors first.
Thanks.
Hi @moosewood
Yes, this can be changed in php.ini file. That’s the value you need to change to be exact
max_execution_time
, however, feel free to reach out to your web host asking them to change it for you if you don’t know how to do that.Thanks.
This could be either a theme or a plugin conflict, a good way to narrow down this issue is to use “Health Check” plugin and enable “Troubleshooting mode“. The good thing about “Heath Check” plugin is that it’s developed by WordPress team and it only affects your logged in session so that other visitors won’t be affected.
Let me know how it goes,
Thanks.Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] MalwareHi @beyoyo2
Please send a copy of this file “wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php” to “alaa [at] wordfence [dot] com”, our team would like to investigate that copy on your site.
Thanks.