wfjanet

Hi @magicplugins,

Thank you for reaching out.

At what point does the 2FA activation for admins fail? Do you get any errors when activating 2FA?

Does it fail for all administrators or just one?

Looking forward to hearing from you.

Thanks,

Janet

Hi?@dantediego,

Thank you for reaching out.

Please do the following for me. This will help me see exactly what is happening when the scan fails.

• Go to the Wordfence > Tools > Diagnostics page
• In the “Debugging Options” section check the circle “Enable debugging mode” 
• Click to “Save Changes”.
• CANCEL any current scan and start a NEW scan
• Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log once the scan finishes and paste them in this post.

Wordfence > Tools > Diagnostic > Debugging Screenshot

From the scan results, your site is compromised. You can clean the site by using the following guide: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/ 

Make sure and get all your plugins and themes updated and update WordPress core, too. As a rule, any time I think someone’s site has been compromised, I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database. Make sure to do this because attack vectors around your hosting or database environments are outside of Wordfence’s influence as an endpoint firewall.

Additionally, you might find the WordPress Malware Removal section in our Learning Center helpful: https://wordfence.com/learn/ 

If you’re unable to clean this on your own, there are paid services that will do it for you. Wordfence offers one and there are others. Per the forum rules, we’re not allowed to discuss Premium here, but please reach out to us at presales @ wordfence . com if you have any questions about it.

Regardless, if you choose to clean it yourself or let someone else do so, we recommend that you make a full backup of the site beforehand.

Thanks,

Janet

Hi @rocky0531,

Thank you for reaching out.

From the screenshot, it looks like the last scan was successful, and the “Start new scan” button isn’t greyed out.

Are you getting any errors when starting a scan?

Please send a diagnostic report to [email protected]? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks,

Janet

Hi @josmatic,

Thank you for reaching out.

I’d like to take a look at your diagnostic report first.

Please send a diagnostic report to [email protected]? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks,

Janet

Thank you @altersec.

@coldxot
You can clean the sites by using the following guide:?https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/?

Make sure and get all your plugins and themes updated and update WordPress core, too. As a rule, any time I think someone’s site has been compromised, I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database. Make sure to do this because attack vectors around your hosting or database environments are outside of Wordfence’s influence as an endpoint firewall.

Additionally, you might find the WordPress Malware Removal section in our Learning Center helpful: https://wordfence.com/learn/ 

If you’re unable to clean this on your own, there are paid services that will do it for you. Wordfence offers one and there are others. Per the forum rules, we’re not allowed to discuss Premium here, but please reach out to us at presales @ wordfence . com if you have any questions about it.

Regardless, if you choose to clean it yourself or let someone else do so, we recommend that you make a full backup of the site beforehand.

Thanks,

Janet

Hi @boghi,

I’d like to take a look at your diagnostic report, please.

Navigate to Wordfence > Tools > Diagnostic page and then click the “Export” button. Send the txt file to [email protected]. Add your forum username in the subject and respond here once done.

Thanks,

Janet

Hi @grl570810,

Sorry for the delayed response.

We do have a scan scheduling option which is a premium feature, and we aren’t allowed to discuss those here as per the forum rules.?

If you have any questions, please contact [email protected].

Thanks,
Janet.

You’re most welcome, @lingcreative.

Having two plugins with the same functionalities may cause conflicts or strain resources.

There are currently no known conflicts between Wordfence and AIOS or Jetpack. Using two plugins for the same functionality may cause conflicts.

Let me know in case you have any further questions.

Thanks,
Janet

Hi @wfrontew,

This is definitely promising.

Thank you for updating us. If you need any further assistance please create a new forum topic and we’ll be happy to help.

Thanks,

Janet.

Hi @forikatamas,

Thanks for updating us. I’m glad you were able to solve the issue.

If you ever need assistance, please create a new forum topic and we will be happy to help.

Thanks,

Janet

Hi @justdalek,

I will need your diagnostic report to troubleshoot further.

Please try the below:

Navigate to Wordfence > Tools > Diagnostic page and then click the “Export” button. Send the txt file to [email protected]. Add your forum username in the subject and respond here once done.

Thanks,

Janet

Hi @cliff_77,

Sorry for the delayed response.

Please get back to me once you confirm.

If it’s still failing after all the troubleshooting steps above, you could try a different application apart from Google Authenticator and Microsoft Authenticator.

You can find a list here:
https://www.wordfence.com/help/tools/two-factor-authentication/

Thanks,
Janet

Happy to help @robbert444.

Thanks,
Janet

Hi @mralston,

The 5-minute setting explains why you can not see the IP on the blocklist. The likelihood is that the IP was already unblocked, as the Top Block list will feature IPs Wordfence has probably had to block multiple times.

 This is dependent on your Wordfence > All Options > Rate Limiting Rules > How long is an IP address blocked when it breaks a rule which is 5 minutes in your case.

Wordfence does blocks some IPs that appear on our global blocklist of “bad” IPs, but these blocks are released after a certain amount of time due to the potential for IPs to be reassigned in future to legitimate visitors.

Thanks,

Janet.

Hi @akramipro,

Sorry for the delayed response.

The image of the error on your previous response doesn’t load. Please take a screenshot of the error using snipboard and share the link here, so I can take a look and advise.

Thanks,
Janet