wfasa

Hi @vincentd,
I’m sorry I don’t think that’s possible. Which line in our feature are you referring to please?

Hi @dimath99,
This looks like a modification that could have been made by your host, or some software they are using. Can you reach out to your host please and inquire about what APSCONFIGURE might be?

Hi @jeffersonpowers,
Sounds like a different version of PHP is used in the WordPress environment. This would likely be easiest for your web host to answer as to why it might be. Would you mind checking with them?

Michel-André, please do not use name calling in the forums. We should all be respectful towards each other here. Thank you.

Thanks for answering here @pidengmor. @palmer1hines, I agree with those suggestions from @pidengmor. However, I will say that before you determine that your site is hacked you should make sure these scan results are not false positives. These files for example are sometimes incorrectly identified as malware by some hosting scanners:

./public_html/wp-content/wflogs-old/config.php
./public_html/wp-content/wflogs/config-transient.php

For some of these it’s very easy to double check. For example you can download a fresh version of Wordfence and compare wordfence/views/blocking/country-block-map.php from that fresh version to the version you have installed on your site. If they are identical, the file is not infected. If you see something in your own copy that’s not in the fresh version, then it IS infected.

Hope that helps,

Hi @mjalbala,
There are some files you have to click to download before the button becomes clickable, specifically backups of your .htaccess and .user.ini (depending on server setup). Can you let me know if downloading those allows you to continue?

Hi @kokomoweb,
We’ve had a couple of reports that I think are related where they’re getting deadlock on that same query. We believe it may be happening on sites where the GeoLite2-Country.mmdb (The GeoIP country database) fails to sync as it should.

Here is a proposed temporary fix that may work:

1. Delete GeoLite2-Country.mmdb file located in wflogs
2. Delete “_transient_timeout_wfSyncGeoIPActive” and “_transient_wfSyncGeoIPActive” from the wp_options table

If that works, let me know!

Hi @insightdes,
wp_remote_post() test attempts to make a POST request to wp-admin/admin-ajax.php on your server. Your server is apparently returning a 404. This isn’t something we can fix on our end, you’ll need to investigate why your server is returning a 404 on admin-ajax.php when your site tries to fetch it from itself. If it was a deny directive that was causing it, the response should probably have been 403 not 404?

To sum up, when your site requests wp-admin/admin-ajax.php from itself, your site must serve it. It may need whitelisting your own servers IP.

Hi Jonathan,
A couple of customers have reported this and we’ve made a bit of progress on debugging it. We think it may be happening on sites where the GeoLite2-Country.mmdb (The GeoIP country database) fails to sync as it should.

I’m not sure how comfortable you are modifying the database directly via phpMyAdmin but if you are, you can try this

1. Delete GeoLite2-Country.mmdb file located in wflogs
2. Delete “_transient_timeout_wfSyncGeoIPActive” and “_transient_wfSyncGeoIPActive” from the wp_options table

If that works, let me know!

Hi @perihelionweb,
Sorry for the late reply. I’m not sure why this would be happening. It’s not something I recall we’ve seen on other sites before. Have you checked the Wordfence > Tools > Diagnostics page to make sure there isn’t anything marked in red on that page which might indicate a problem with your configuration? Another thing you could try is to disable “Brute force protection” altogether for testing purposes, and see if that fixes it. There could be some conflict with another plugin that we’re not aware of yet.

Hi @adeux!
Sorry for the late reply. If you can’t see any Live Traffic the first thing would be to check the browser console to see if there are any errors there. If you’re not familiar with that, we have a little bit of info on it here in our documentation.

Hi @katartpics,
Sorry for the late reply. There are two possibilities I can think of

1. Yes, it could be something fishy. There are some vulnerabilities that allow privilege escalation meaning that a regular user could be upgraded to admin.

2. It’s also possible that there is a bug in one of the plugins you are using which causes all users to appear as admins under some circumstances (even though they aren’t).

3. Did the use actually have “admin” in the name? If so, that can cause an admin alert under some circumstances.

@angie_s,
Your site is running out of PHP memory. 93061120 bytes is only 93 MB so you may need to increase your PHP memory there so you have enough for all plugins.

@ameliarush,
Your issue is different, please create a thread of your own. Thank you!

Hi Charley,
Thanks. I got your diagnostics. We’ve made a bit of progress on debugging this and we think it may be happening on sites where the GeoLite2-Country.mmdb (The GeoIP country database) fails to sync as it should.

I’m not sure how comfortable you are modifying the database directly via phpMyAdmin but if you are, you can try this

1. Delete GeoLite2-Country.mmdb file located in wflogs
2. Delete “_transient_timeout_wfSyncGeoIPActive” and “_transient_wfSyncGeoIPActive” from the wp_options table

If that works, let me know!

Hi @stabilimenta,
We’ve recently released an update to the Wordfence assistant to fix an issue where it wouldn’t delete some old tables.

All tables should be lower case in newer versions of Wordfence. If your site is looking for tables with mixed case at this point, it could be an issue with some server side cache.

Hi @aksl!
Sorry for the late reply. I did get it. I’ve added it to our sample data for testing. What means are you using to allow non admins/editors to upload files. A specific plugin? If so, which one?