Plugin Support
wfmark
(@wfmark)
Hi @solventweb, thank you for reaching out.
Wordfence runs the wordfence_syncAttackData script to ensure malware signatures and rules are up-to-date with the latest ones we have released and to update the Live Traffic page. Usually, 403 or 503 blocks by the firewall trigger the need to sync, so seeing syncAttackData triggered with one of these HTTP error codes is expected.
If you start seeing these requests excessively, your server’s IP address may be blocked. I recommend checking your Wordfence > Tools > Diagnostics page to see if you’re getting any errors under the Connectivity section> Connecting back to this site.
Let me know what you find.
Thanks,
Mark.
Thanks for your response @wfmark. Because of the configuration of our site, the URL I mentioned will always return an error. So I’m wondering if there’s a different way to trigger an update to malware signatures and rules. Ideally, I’d like to do this with a cronjob. Let me know if that’s possible.
Plugin Support
wfmark
(@wfmark)
Hi @solventweb,
Thank you for getting back to us.
Are you seeing any rules update failed error messages?
Could you please check the timestamp for the /wp-content/wflogs/rules.php file? If the timestamp is current and the Live Traffic page is updating as expected, there is no cause for alarm.
Let me know what you find.
Thanks,
Mark
Thanks @wfmark. Here’s what I see:
Access: 2024-01-04 19:41:43.347199483 +0000
Modify: 2024-01-01 20:10:04.660077352 +0000
Change: 2024-01-04 19:43:25.219974912 +0000
Birth: 2024-01-01 20:10:04.660077352 +0000
So I assume that’s good?
Plugin Support
wfmark
(@wfmark)
Hi @solventweb, Thank you for getting back.
That’s right. As all the timestamps are current, there’s no cause for concern.
If any rule updates fail, you will see an error message on the Wordfence Dashboard.
Thanks,
Mark.
Thanks for your help @wfmark
