Alwin

Hello Peter,

I think it has nothing to do with my hosting platform. I already asked them about this issue and they explained to me it was nothing on their end.

It also has nothing to do with MainWP, because as I already said the problem occurred for the very first time in years, after I enabled the option in the Wordfence plugin settings to automatically install Wordfence plugin updates.

So it was Wordfence itself, automatically installing the latest update, that seems to caused this issue.

Unfortunately my webhost does not allow to enable the crawler…

I just added this line to my wp-config file:
define( ‘WP_AUTO_UPDATE_CORE’, false );

Maybe that will help get rid of the message?

Hello Michael Tina,

Disbaling wp-rocket does not help. Also, on all my other websites I also have botg wp-rocket and yoast seo installed without this issue.

I have the exact same issue. Clicking the Eye will make the message disapear but the next time I login it’s back.

It’s always the same message, telling me to enable auto-updates (which I do not want to enable)

Very very anoying indeed!

I use wp-rockt cache plugin and maybe Yoast should check if this causes the issue.

The classic editor plugin was updated twice in very quick succession. This is probably why Wordfence is throwing up these four errors.

My sites don’t have the classic editor plugin.

Thank you Suwash,

I checked all my 11 websites and found this issue on 4 of them (!).

On these 4 websites I run the Yoast Test Helper plugin as you said and it seems to solve the issue.

At least for now, when the problems come back I will let you know.

Thanks for all the support with this topic ??

Thanks again!

As far as I can see Wordfence does not have settings for these security:

– protect wp-config file
– block directory browsing
– protect .htaccess file

So why not just add rules to my .htaccess file to have these extra security?

Hello Peter, did you manage to find anything in the diagnostic reports?

In the meantime I have done a lot of tests:
– with the wp-rocket settings
– with different php versions
– with disbaling other plugins

But the only thing that is solving the slow loading is still disbaling the extended firewall protection!

So now I have decided to leave the firewall at the Basic protection level for now. But I do have some questions about that.

Since the firewall is now loading at the same time as WordPress and not before (like in the extended modus) maybe it is a good idea to add some additional security related code to my .htaccess file?

That way I stillcan get some extra protection before WordPress is loaded!

At this moment I already have this code in my .htacces file:

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

# Disable Directory Browsing
Options All -Indexes

# protect .htaccess
<Files ~ “^.*\.([Hh][Tt][Aa])”>
Order allow,deny
Deny from all
Satisfy all
</Files>

# Disable xmlrpc.php
<Files xmlrpc.php>
Order Allow,Deny
Deny from all
</Files>

And I could add some more like:

– Block readmefiles
– Block Bad Bots
– Block Access To wp-includes Folder And Files
– Block cross-site scripting (XSS)

Would that be a good idea, to use the .htaccess file to compensate for the disabling of the extended firewal modus?

Thanks very much for all your help ??

Alwin

The issue is gone, without me doing anything about it…

However, when it’s coming back (itt will be Ithink, because it happened before) I will let you know.

Thanks so far ??

Hello Adam, because of antoher topic I already sent some diagnostic reports last week. Do you have access to them or do I have to send a new one?

Hello Adam,

I have already done all of that ??

The problem is there when I clear and preload the cache…

Howver, since today the problem is gone without me doing anything about it. When I empty and preload the cache the correct Hostname is displayed now ??

But, this is the second time I have this issue. First time Wordfence showed the wrong Hostname for preloading the cache it showed another website as Hostname, that was also hosted on the same web server.

But this time the wrong Hostname was not hosted on the same webserver and not even hosted at the same web host.

So how can this happen? Is it a know bug?

Hello Peter, I have sent both the php 7.2 and php 7.3 reports.
Thanks again for the help ??

When I try running on PHP 7.3 an PHP 7.2 to send you the Wordfence diagnostics, should I do that with or without the Extended Firewall protection enabled?