Hi @fleurette,
Please follow the steps outlined in our site cleaning guide.
Thank you very much! I had some alerts from September, but since then not anymore. As Wordfence regularly scans my site, if it does not report new issues, then everything is safe again?
Thank you again!
@fleurette,
If you’ve taken actions to remediate the reported vulnerabilities/issues then your site should be safe.
But I still strongly advise following the site cleaning guide.
Hello again,
Thank you for your reply. I am afraid, I am not a website developer and don’t have the technical knowledge to recognize if there are malicious file, I would be afraid of doing something wrong. I have never done anything like this before, and don’t feel comfortable deleting directories. What could I do?
I am replacing the unsafe plugins with up to date ones and deleting the old plugins.
Thank you for your kind assistance in this matter!
Hi @fleurette,
What I recommend is to make a backup of your site (files + database) before deleting any directory; that way you can always roll back if anything seems to have gone wrong.
Replacing/removing unsafe plugins and making sure the remaining ones are up-to-date is most definitely a smart move!
Hello again,
thank you, I am doing backups regularly and now removed the plugins Wordfence pointed out to me. I could not see anything unusual uploaded in wp-content, so I hope, as Wordfence blocked the attacks that everything is fine. I saw in live-traffic that these attacks keep happening from countries all over the world.
I am still unsure about a setting in Wordfence: How should we treat google crawlers – what option is best to use? I read the article about it but still am not sure whether to set it to verified Goolge crawlers have unlimited access or treat Google like any crawler. Would you be able to advise me?
Also, I had – if anyone’s request exceeds…set to 60 per minute, your article mentions 240, what is best to do?
The rule – how long is an IP blocked when it breaks a rule, what is the best setting for it? I often block IPps from Russia permanently as I noticed they keep coming back if I don’t. Is it advisable to set this to a longer time, ie 10 days?
Does the web firewall be optimized without premium?
Thank you very kindly for your assistance!
kind regards, Fleurette
Hello,
I would like to ask one more thing regarding the attacks on my website. Recently I noticed in Wordfence that almost daily I am receiving malicious file upload attacks from bots all over the world. I did not notice these before, and still feel alarmed. Is that a recent change in Wordfence, or is there anything I should do? I am concerned about these attacks. Wordfence scan showed no more alerts, but it still shows ongoing attacks like these: Vietnam Hanoi, Vietnam was blocked by firewall for Malicious File Upload (PHP)
Can you please help me?
Thank you very much,
Fleurette
Hello again,
I checked diagnostics in Wordfence and saw a red alert regarding connecting to Wordfence servers. There is a long error message in “connecting back to this site”.
How do I fix this, and what is the issue?
This is what it says at the beginning of the message:
test back to this server failed! Response was: 403 Forbidden<br />
I also would like to inquire, what means the response code 200?
Thank you very much!
Fleurette
Hi @fleurette,
Sorry about the delayed response.
In order to launch scans Wordfence needs the server to connect to itself; in your case it seems it isn’t allowed to do so. I suggest you reach out to your hosting provider so they can look into the reason why this is happening.
The response code “200” means OK: the request was successful.
Hello again,
thank you so very much. It is strange I do have a green hook next to it yet it shows the red alert again:
wp_remote_post() test back to this server failed! Response was: 403 Forbidden<br />
..and much more.
I will try to ask my hosting provider about it, thank you so much. Does that mean Wordfence is not able to scan my site at all?
Thank you so very much for your support, I truly appreciate it.
kind regards, Fleurette
Hi @fleurette,
Could you please share a screenshot of that page –make sure to hide any sensitive info (IP addresses, paths,…).
The 403 itself could be caused by blocking access to “wp-admin/” with “.htaccess“. Is it the case?
Hello again,
I am so very thankful for your reply. Yes, that may well be, I never thought that it would affect Wordfence. Nevertheless, I think the scans still happened as Wordfence made me aware or risk issues with outdated plugins.
I contacted my host provider who found that a file indeed had been uploaded, and they said they now took care of the situation. It seems my site may really have been compromised, sadly. But they said they took care of it all.
I do thank you so much again for your kind support and assistance, I am really grateful.
Thank you again for everything!
Fleurette
