Hi @ssukp1, thanks for reaching out.
On multisite, since user roles are stored in each subsite, we use a wp-cron job named wordfence_ls_role_sync_cron to periodically sync roles once per hour by default, or when a user role is changed.
If DISABLE_WP_CRON is being used on the individual site(s), that might cause the issue you’re seeing if the alternative way of running cron jobs isn’t firing.
If that’s not the case, from one of the sites experiencing the problem you can visit the Wordfence > Tools > Diagnostics page and send the output to us at wftest @ wordfence . com. Click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email
It might also help to send us one from the main site too. We can take a look at your configuration and see if we can get an idea of what else might be happening.
Many thanks,
Peter.
Thread Starter
ssukp1
(@ssukp1)
Hi Peter,
Thanks for getting back quickly. Can confirm that disable_wp_cron isn’t enabled.
I can’t see the wordfence plugin from any of the subsites, can only see it for the mainsite. I’ve sent the diagnostics for our mainsite.
One thing I can see though is I can go to the 2FA setup screen for all users even if their account shows as 2FA is not allowed.
Kind regards,
Thread Starter
ssukp1
(@ssukp1)
I tried sending them to the page directly, but it says they are not allowed to access this page
Hi @ssukp1,
My apologies, I misspoke, you’re correct that Wordfence will only appear on the main site and is not required to be installed individually on the subsites. Thank-you for confirming that you haven’t disabled wp-crons on those.
I can’t find a diagnostic from “sskup1” in our inbox, and I’m not aware of your domain to check for that instead. If you didn’t include your forum username please try again, but if you did there could be a problem with sending mails from your site. It’d be great if you could provide a .txt copy instead and attach it to an email for wftest @ wordfence . com. The file can be exported from the Wordfence > Tools > Diagnostics page.
Please include your forum username in the email’s subject line and let me know again once you’ve sent it.
Thanks again,
Peter.
Thread Starter
ssukp1
(@ssukp1)
Hi Peter,
Thanks for getting back, I’ve now sent across the txt file via email. Let me know if you don’t receive it.
Hi @ssukp1, that arrived perfectly fine. Thank-you for sending it over again.
For your “Connecting back to this site” (loopback) test, I’m seeing wp_remote_post() test back to this server failed! Response was: cURL error 28: Connection timed out after 10000 milliseconds . This test must pass for some Wordfence functions to work, in addition to some in WordPress and other plugins more generally.
cURL Error 28 means your site is being blocked from connecting to itself, possibly due to the site’s IP needing to be allowlisted in a server firewall or CDN. Your host or server admin should be able to assist with this too.
In your diagnostic, all cron jobs associated with WordPress are listed as overdue, not just Wordfence’s. This is likely the reason user roles can’t update across the multisite, and looks to be affecting automatic plugin/theme updates along with jobs other plugins want to run.
Refreshing the Wordfence > Tools > Diagnostics page a number of times while looking at “Connecting back to this site“ could suggest a lack of resources available to your site if that error comes and goes.
Thanks again,
Peter.
Thread Starter
ssukp1
(@ssukp1)
Hi @wfpeter,
Just made some adjustments, I believe it was being blocked by our CDN provider. It’s now connecting back to the site successfully.
In regards to the cron jobs being overdue, I’ll look into why this is the case, it wouldn’t be to do with wordfence as it’s been happening before our install.
Thanks for your help, after resolving the above, the cronjobs have also worked. And can now see the users with 2FA disabled now just inactive.
Kind regards
-
This reply was modified 8 months ago by
ssukp1.
