wflandon
Forum Replies Created
-
Hi stingraynut,
I believe you are the first to report this issue. You might try putting the firewall into “Learning Mode”. I have no idea if that will help but that is a good place to start. If it works it will work right a way. So maybe just change the status and test real quick.
Let me know.
Reference: https://docs.wordfence.com/en/Web_Application_Firewall_-_How_to_use_Learning_Mode
Hey Lucas,
Thanks for the detailed information! We will take a look and get back to you.
Hi agl01,
I agree with bluebearmedia. Putting the firewall into “Learning Mode” is a great place to start. Did this get your issue worked out?
Hey Simon,
We are unable to provide support to premium customers on the public forum. Please go to https://support.wordfence.com/support/home and create a support ticket.
Hi julesjules,
Take a look at this documentation.
If you have access to the WordPress Dashboard and the Wordfence plugin try going to the Wordfence ‘options’ page, scroll all the way to the bottom where you’ll find a checkbox labeled “Delete Wordfence tables and data on deactivation”, check that and disable Wordfence. Then try the reinstall.
If all else fails, you can delete the Wordfence plugin folder, typically located in wp-content/plugins, and manually remove the firewall following these steps. Then you should be able to reinstall Wordfence without problem.
Hope that helps.
Hi kayphoonstar,
It is interesting that COMODO flagged this as suspicious. I assume it was a false positive. Have you seen any more of these alerts? Were they all the same domain name being flagged?
- This reply was modified 8 years, 5 months ago by wflandon.
Hi cwdv,
Did you find anything out about what happened? Has it happened again? Can you tell if anything changed on your site? Did they add any additional users?
Even if you have all your themes, plugins, and core updated, it is still possible for a hacker to find a weakness somewhere. One of the most common attacks is an XSS (cross site scripting). So if this was a hacker, it does not mean they guessed/brute forced your password. There are other ways to gain administrator privileges or access to your account. Changing your salts was a good idea and may have been what needed to happen to mitigate the threat if it was a cookie/session based. Plugins are typically the culprits. So make sure you have them updated and delete any unused/unneeded.
Reference: https://www.wordfence.com/learn/how-to-prevent-cross-site-scripting-attacks/
- This reply was modified 8 years, 5 months ago by wflandon.
Hey Nick,
Thanks for the info.
2604:a880:0:1010::e19:8001 = 2604:a880:0:1010:0:0:e19:8001This seems to be a logic issue on our side and will be resolved in the future. We will also address the letter casing. The bug is in the system with an internal case number of FB928.
Hi cspub,
It seems like you tried the right thing whitelisting your ip address. Just to confirm, you whitelisted your SERVER’s ip address? If you did, that should fix the issue if it is Wordfence related. Does your server’s ip still show as whitelisted? If you disable Wordfence does that fix your problem?
- This reply was modified 8 years, 5 months ago by wflandon.
This is not your thread. You should start your own post on this topic.
With that said, I don’t believe that file should even be there, so there is a good chance you have been hacked. Please start your own thread so we can help further.
Hey nick2bad4u,
Try using lowercase and see if that fixes the error for you.
2a06:[98c0-98c7]:[0000-ffff]:[0000-ffff]:[0000-ffff]:[0000-ffff]:[0000-ffff]:[0000-ffff]We will get that worked out in a future release.
Hi nick2bad4u,
We are looking into this. It might be a bug. Hopefully we will get this worked out in the near future or let you know a work around.
Thanks for the feedback and detailed information. That helps us a lot with troubleshooting.
Hey wynot and triglobal1,
What version of Wordfence are you seeing this warning?
Hi linux4me2,
I would recommend not caching any checkout pages or anything that is retrieving information from the user. You should be able to accomplish this by entering the sensitive pages’ urls into the exclude section toward the bottom of the Wordfence -> Performance page.
Hi shindevijaykr,
Is this still an issue? Are you seeing any javascript errors?
Reference: https://docs.wordfence.com/en/Open_the_JavaScript_console_for_troubleshooting_plugins