WFSupport

Thanks for sharing your thoughts about Wordfence.

We do not force anyone to get a paid license. Wordfence Free is still free and contains roughly 90% of the features included in the Premium license. The scanner is fully functional. If it finds malware you can repair the file or delete it just like you can in the Premium version. The firewall is fully functional too. It blocks and does rate limiting just like the Premium license does. 2FA is 100% free too.

Since you haven’t opened a support request I can’t tell what happened and since we’re unable to do support in the review section per forums rules I can’t troubleshoot the problem here. If you want to post in the forums we’d be able to help. Please include any error messages you see or at the very least what you aren’t able to do. Additionally we do have a walkthrough video available to show users how to install a free license, start to finish.
https://youtu.be/uU43V3gnL9U


If, however, you have chosen to use another security product we wish you all the best in your experience there.

Mia

Thanks for sharing your thoughts about Wordfence.

As we told you in the tickets you opened, Premium support is clearly outlined in our Terms of Service, which everyone agrees to when they install the plugin. As Phil told you, Premium support is available during business hours only. The hours, listed in the ToS and various places on the website, are 9am-8pm ET, 6am-5pm PT and 2pm-1am UTC/GMT excluding weekends and holidays. If you need 24/7/365 support a Response license is likely more what you need.

As to your issue you were having, the error you reported to us was that you were seeing remote post tests back to the site were failing. Basically, meaning the site could not connect back to itself. This can affect cron jobs and scheduled tasks like scans. The error that the server sent back to itself was this:

HTTP/1.1 403 Forbidden
date: Mon, 01 May 2023 11:26:59 GMT
server: Apache
content-length: 199
content-type: text/html; charset=iso-8859-1
x-service-level: standard
x-backend-server: web14.hosting.stackcp.net
x-via: LHR1
connection: close

403 Forbidden Forbidden

You don’t have permission to access this resource.

As Scott and Phil said to you, this is not a Wordfence generated block page. It is the kind of block page your server displays for its blocks and can be due to code in .htaccess or a mod_security rule or even a file permissions issue. Wordfence has nothing to do with those. You responded at one point, confirming that the hosting provider had said “It looks like this is hitting one of our mod_sec rules due to a missing referrer.” The hosting provider (and you) are the only people that can fix that sort of thing. No one else can.

I haven’t seen any requests regarding your sitemap I can’t provide any details since you didn’t provide any.

As the last reported scan we see was done on July 19th I am assuming that you have chosen to use another security provider. We wish you well in whichever one you chose.

Mia

Thanks for sharing your thoughts about Wordfence.

I checked and can’t find any support requests for you in the forum or premium tickets. Knowing the error you saw would make it easier to tell you what happened and why you were blocked. Unfortunately, we are unable to offer support in the reviews section per forum rules. If you decide to post a support request in the forums we’d be happy to help.

Mia

Спасибо, что поделились своими мыслями о Wordfence.

К сожалению, я не вижу на форуме запросов в службу поддержки, чтобы понять, что произошло. Бесплатный плагин работает, и если вы хотите уточнить детали, мы будем рады помочь. Мы также создали это видео, чтобы помочь объяснить процесс:
https://youtu.be/uU43V3gnL9U

Mia

Gracias por contactarnos.

Debo recordarle que está en contra de las reglas del foro de www.remarpro.com discutir funciones pagas o la compra del complemento. Si tiene preguntas sobre una licencia paga, diríjalas a preventas [arroba] wordfence [punto] com. Alguien allí ayudará. Asegúrese de incluir allí cualquier información sobre sus necesidades específicas. Puede hacer referencia a esta publicación y al nombre de usuario de su foro en el correo electrónico para obtener contexto.

En cuanto a su otra pregunta, ?puede hacer lo siguiente para que pueda obtener la información que necesito para ayudar a encontrar la razón por la cual los escaneos no se completan?
* Elimine el escaneo existente si aún se está ejecutando (el botón “Iniciar nuevo escaneo” se convierte en un botón “Detener” mientras se está ejecutando el escaneo)
* Vaya a la página Escanear > Opciones de escaneo y programación y localice las “Opciones de rendimiento”
* Establezca “Tiempo máximo de ejecución para cada etapa de análisis” en 20 en la página de opciones
* Haga clic en “Guardar cambios”
* Vaya a la página Herramientas > Diagnóstico
* En la sección “Opciones de depuración”, marque el círculo “Habilitar modo de depuración”
* Si está marcada la opción “Iniciar escaneo de forma remota”, desmarque esta opción.
* Haga clic en “Guardar cambios”.
* Iniciar un nuevo escaneo
* Copie las últimas 20 líneas del registro (haga clic en el enlace “Mostrar registro”) más o menos del registro de actividad y péguelas aquí

Para obtener más información sobre la solución de problemas de escaneos, puede ver este video:
https://youtu.be/pe7LQ21IcAE

Además, tenemos un video útil que explica la configuración de escaneos y las diversas opciones que se encuentran aquí:
https://youtu.be/WI_NDNssyR0

Mia

Thanks for reaching out.

If you mean can you skip scanning the Wavebid files, you can do that on the Wordfence > Scan > Scan Options and Scheduling page on your site in the Advanced Options section. Add the file path for Wavebid to the box next to Exclude files from scan that match these wildcard patterns. For instance if the path to Wavebid’s plugin files is /wp-content/plugins/wavebid then you can add /wp-content/plugins/wavebid/* However, that would mean that those files are not going to be scanned so it’s not something I would advise.

If you could explain a little better about what is happening I might be able to assist more. Are scans getting stuck there? Is an error displayed?

Mia

Thanks for reaching out.

The email is only used to email you the license key. As long as you are able to receive emails at that address now, it is fine to use. The license email comes from list [at] wordfence [dot] com so you may want to add that to your safe senders list and try again if you don’t receive the license email.

Wordfence alerts are sent to whichever email you want by adding it in the plugin options. You’ll obviously want to keep that updated so you are aware of any issues detected.

You can learn more about alert options by watching this helpful video:
https://youtu.be/d50knnGXNO4

Mia

Thanks for reaching out.

Wf Login Security’s implementation of Google reCAPTCHA may not be compatible with PaidMembershipPro. I don’t see it listed on our plugin and themes conflict page but I did find some references to problems with 2FA and it. I found similar references internally for Elementor Pro.

I would recommend not using our reCAPTCHA or 2FA functionality with either of those 2 plugins. I have passed your post information to the Dev and QA teams so that they can see your interest in adding support for integration with PaidMembershipPro and Elementor Pro.

Mia

Thanks for reaching out.

Can you confirm that you have Learndash version 4.6.0 or later installed? I think the latest version is 4.7.0.2.

Mia

If you have 2 separate plugins doing the same thing conflicts, including increased resource usage, are inevitable. Try disabling the other plugin and seeing if that has any effect.

Mia

Try setting the max execution for each scan stage to 20 and enabling low resource scanning. These are in the performance options.

Mia

Can you post a screenshot of the general scan options you have enabled?

Mia

Thanks for reaching out.  

If you think that a hardware token may be easier you may be able to use one.  We haven’t tested this but we did have a customer report that the black YubiKey 5 NFC does work using their Authenticator software to set it up.   He mentioned that it was easy to set up as it it ‘scans’ the QR-25 code just by the QR code being displayed in your browser and then sets the yubikey up almost automatically.  He then said when he went to his WordPress site, he just plugged in the key and a code pops up in Authenticator like it does in Smartphone authentication apps and you’re logged in.  You can read more about setting up a Yubikey in their support documentation:
https://support.yubico.com/hc/en-us/articles/360013789259-Using-Your-YubiKey-with-Authenticator-Codes

Again, we can’t offer support for it since it has not been officially tested but it does appear to be working at least for that user and for the few others that asked and were provided the information. 

If you want to disable Wordfence settings I believe you can disable it for all the roles for the site. This is done on the Wordfence > Login Security > Settings page on your website. The only role you cannot disable 2FA for is the administrator role. You can only make it optional.

Mia

Thanks for reaching out.

As far as I know, By default WordPress lets users log in with either their username and password or their email and password via the default login page. If something isn’t letting you login using the email address Wordfence wouldn’t be causing it.

Mia

No problem. I just assume a lot of people are already frustrated when they have to reach out so sometimes they’ll skip reading something I link to because they think they already did it. I do it too sometimes. ??

That code from the .htaccess file from the other site isn’t something we add. I’ve seen it added before but wouldn’t know what plugin set it. It’s basically setting Security Headers for the site to protect you against some types of drive-by downloads and Clickjacking. They are fine to leave in the .htaccess file.

Mia