wfscott

@rafaelzrt

Thanks for getting back. Wordfence will still block general malicious requests to the site, however, the captcha will not be protecting WooCommerce pages. Wordfence’s WooCommerce integration is built primarily for protection of the login and registration forms where compatible. If you need additional protection for the checkout process with WooCommerce, you would be best to look for a separate captcha for that specifically.

Thanks,
Scott

Hello, @rafaelzrt

Our reCAPTCHA and 2FA are designed to be compatible with the default WordPress and WooCommerce login/registration pages currently. https://www.wordfence.com/help/login-security/#recaptcha

I would recommend disabling our reCAPTCHA if it is causing conflicts with your current login page, such as with Ultimate Member. We will be looking to add support for additional plugins in the future. The brute force protection will continue to protect your default login page despite the captcha not being enabled.

Thanks,
Scott

Thanks for sending that over.

The inability to find the Wordfence plugin could be due to the custom dashboard plugins:
CM Admin plugin for GENESIS (cmountain-admin)
CM Custom Dashboard (cmountain-dashboard)

You could try disabling those to see if you’re able to find the plugin at that point.

I see you have WooCommerce. I also recommend making sure the WooCommerce Integration option is enabled via the Login Security Settings page (with the link I sent you).

At the top of the site while logged in as an admin, do you see a button in the top left that says “My Sites”? If so, from there, hover over that and then hover over Network Admin, then click Plugins. You should see Wordfence installed on the left-hand side now.

If you do not see My Sites, try going to your site URL with the following at the end:
/wp-admin/admin.php?page=WordfenceTools&subpage=diagnostics

There, click Send Report By Email and make sure the email is wftest @ wordfence . com and put your forum username in the second field there and send those. Let me know here when they are sent.

You should be able to manage the login security settings from this page:
/wp-admin/admin.php?page=WFLS#top#settings

There you can disable the captcha completely, or lower the threshold number or 0.2 or 0.3 to reduce the frequency of the verification requirement.

Thanks

Hello,

It is recommended to use a separate license for each WordPress instance. The main problem of using the same key on multiple Free sites is that some actions are rate-limited. For example, if you have multiple sites using the same Free license and they are requesting rules updates around the same time, they could get rate limited.

You can sign up on the Wordfence site and via the Licenses page once you’re logged in, you can use the button in the top right to Get a Free License. You will then just copy and paste that to the Wordfence > All Options > Wordfence Licenses area of your site.

Alternatively, you can reinstall the Wordfence plugin completely and use the option to get a new license that way right after activating the plugin. If you go that route, you could export your current settings before reinstalling the plugin by going to Wordfence > Tools > Import/Export Options.

Here is our documentation on the license process: https://www.wordfence.com/help/api-key/#installing-your-free-license-key as well as our documentation on the Import/Export process I mentioned above: https://www.wordfence.com/help/tools/import-export/

Let us know if you have any questions.

Thanks for your patience.

There should always be a shortcut link on the left-hand side. Can you confirm if you have a Multisite set up, by chance? If so, you might not be checking from the network admin.

For the verification, that is sent when the login score is below the threshold set in Wordfence > Login Security > Settings. If you want to keep the captcha enabled, but make the verification requirement less frequent, you can decrease the “reCAPTCHA human/bot threshold score” to 0.3 or even lower. If you increase the value, to 0.6 or higher, for example, the verification will be required more frequently. Try lowering it and let me know if that helps.

Thanks,
Scott

Hello, @wagrc

If you go to your site’s URL with the following added to the end of the URL, do you see the Wordfence dashboard?

/wp-admin/admin.php?page=Wordfence

If you see “Sorry, you are not allowed to access this page.” it may be that the plugin is not activated or your permissions are incorrect.

If you go to your plugins page, are you seeing Wordfence installed and activated? Do you see any errors at the top of that page?

Thanks,
Scott

Hello, @rbennett

Can you confirm if the scan has been successful? If it has not, please send diagnostics to [email protected] via the Wordfence > Tools > Diagnostics > Send Report By Email option. Please put your forum username in the second field there and let me know here when those are sent.

Thanks,
Scott

Oliver,

Thanks for reaching out and for the feedback. We’ve added a case to address this in a future release. Normally the message is suppressed by the @ operator, but if there is a custom error handler involved it is possible that is causing it to be logged.

Thanks,
Scott

Hello, @abdullahbinhasan

The issue was due to one of our integrations that was incorrectly reporting the files as unknown. This was fixed earlier today and subsequent scans should no longer show the files as unknown. We have some documentation on these scan results in general for reference via our documentation, and restoring deleted or repaired files from a backup if the site has issues is the best option: https://www.wordfence.com/help/scan/scan-results/#unknown-file-in-wordpress-core

This issue was unrelated to updating firewall rules. Free user’s sites still check for new rules every 7 days and receive all rules that are 30 days or older at that time.

Scott

Hello, @bunnycake

We identified an issue with one of our integrations that was incorrectly reporting the files as unknown. The issue has been remediated on our side and subsequent scans should no longer show the files as unknown. You mentioned deleting files in the past has caused issues on your site. We have documentation for these scan results to help with that, and restoring deleted or repaired files from a backup if the site has issues is the best option: https://www.wordfence.com/help/scan/scan-results/#unknown-file-in-wordpress-core

This was unrelated to updating firewall rules. For reference, WAF rules for free users are fetched every 7 days to get all rules that are at least 30 days old at that time.

Thanks,
Scott

Hello, @thomas_u

Thanks for your patience and for reaching out.

This issue was ultimately unrelated to the firewall rules being updated and it was remediated as we made changes on our side. This was likely at the same time you were running the new successful scans. The issue was due to one of our integrations that was incorrectly reporting the files as unknown. This was fixed earlier today and subsequent scans should no longer show the files as unknown. We have some documentation on these scan results here in general for reference, and restoring deleted or repaired files from a backup if the site has issues is the best option: https://www.wordfence.com/help/scan/scan-results/#unknown-file-in-wordpress-core

The information regarding rules is incorrect. Rules for free users are fetched every 7 days (not 30) to get all rules that are at least 30 days old at that time.

Scott

Thanks for confirming, @jaypeg .

That is correct, those are the IPs used for the plugin. Those IPs and our Central IPs can be found here (if you’re having any trouble connecting the site to Central) https://www.wordfence.com/help/advanced/

Keep in mind, in some cases, you may need to allowlist the server IP also to allow the site to connect back to itself. That may not be the case here, however, in some cases you may see cron jobs getting blocked and an issue connecting back to the site (non-IPv6). Making sure the server IP isn’t being blocked by and other firewalls in those cases can help.

Thanks
Scott

Thanks for that, @jaypeg

I see your email came through with the diagnostics. The cURL error there is for IPv6, which may not be playing a role here.

Can you enable the Use only IPv4 to start scans option in Wordfence > Scan > Scan Options and Scheduling > Advanced Scan Options and try a scan to see if it gets anywhere?

I did not see the complete scan log come over from the Wordfence > Scan page (using the Email activity log option), just the diagnostics. If you do send those, please confirm here.

Thanks,
Scott

Thanks for that. It doesn’t look like a scan is starting or getting anywhere at the moment. Are you still seeing a cURL error in the diagnostics? If so, you will need to expand the details, if you see an option, and copy over the entire cURL error. There may be a block at the server level.

If you don’t see a cURL error, please cancel any failed scans, give it a moment, refresh the page, then run a new scan until it fails. At that point, from the Scan page, use the Email activity log option to send that to wftest @ wordfence . com so I can check on the entire log. Also, grab the error log with the most recent date from Wordfence > Tools > Diagnostics > Log Files. After that, please check with GoDaddy or via your hosting panel for the most recent raw access logs and send those over with the error log to the email above.

Thanks,
Scott