Wordfence is blocking /wp-admin/admin-ajax.php

  • Resolved Lapping

    (@ingakri)


    4 years, 11 months ago

    Hello,

    I’ve been having a problem with ajax for a while now – some ajax based plugins are not working or working extremely slow. Additionally, for a few days now wordfence can’t complete the scan because there is a fatal error, which I don’t see in wp_debug logs.

    In server logs I can see that every page visit triggers two server actions:

    1/ POST /?wordfence_syncAttackData=1624177488.119 HTTP/1.1″ 200 3654 “xxx/?wordfence_syncAttackData=1624177488.119” “WordPress/5.7.2; https://xxx”

    2/ /wp-admin/admin-ajax.php?action=rocket_saas_warmup&nonce=d70c5889ee HTTP/1.1″ 403 10402 xxx/wp-admin/admin-ajax.php?action=rocket_saas_warmup&nonce=d70c5889ee” “WordPress/5.7.2; https://xxx”

    This is causing a lot of server resource usage and problems on the site. From the tickets in support I found out that in this situation you recommend to enable learning mode in the firewall. Unfortunately I am not sure what “admin-ajax.php?action=rocket_saas_warmup&nonce=d70c5889eeę is. I have no idea what this is responsible for – or maybe it’s malware and that’s why wordfence is blocking it(?), which will mess up my server when learning mode is activated?
    I’ve also been seeing something like this on the server lately:

    “[Sun Jun 20 10:57:02.627095 2021] [ssl:error] [pid 14285:tid 140081440360192] [client 92.118.160.1:48165] AH02032: Hostname xxx provided via SNI and hostname xxx provided via HTTP have no compatible SSL setup”

    and I read somewhere that it could be an attempted attack via an ssl vulnerability?

    That is why in the allowlist I have added manually some exceptions and now the list contains:

    /wp-admin/admin.php request.body[snippet_code]
    /wp-admin/admin-ajax.php request.body[extra_data]
    /wp-admin/admin-ajax.php request.body[originals]
    /wp-admin/admin-ajax.php request.body[skip_machine_translation]
    /wp-admin/admin-ajax.php request.body[actions]

    Unfortunately, admin-ajax.php is still blocked.
    I would be very grateful if you could suggest what I should do now.
    I have just sent diagnostic report from my wordfence diagnostic.

    Kind Regards,
    Inga

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Support wfpeter

    (@wfpeter)

    4 years, 11 months ago

    Hi @ingakri, thanks for your message and diagnostics report.

    Wordfence doesn’t block wp-admin, so I spotted that you have “WPS Hide Login” installed and active as a plugin. Could you try disabling this and letting me know if the problems persist?

    To give you some background, with certain “security through obscurity” methods, such as changing/hiding the login page URL, we feel this only serves to slightly slow down somebody with malicious intent rather than stop them: https://www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/

    Let me know how you get on!

    Peter.

    Thread Starter Lapping

    (@ingakri)

    4 years, 11 months ago

    Hello,

    Thank You very much for your answer and help! I’ve disabled wps hide login, but it did not help. I’ve tried wordfence learning mode to automatically add some exceptions to firewall, but it didn’t help as well.

    I am still not able to make a scan, because fatal error occurs, and I only can see it in Wordfence log and not in wp debug log.

    What should I do next?

    Kind Regards,
    Inga

    Plugin Support wfpeter

    (@wfpeter)

    4 years, 11 months ago

    Hi @ingakri,

    We may need to look at log files that correspond with the timestamps where scans are failing to get some more understanding of the error, but firstly could you get the following to help further expand on the debug information:

    • Kill the existing scan if it is still running (The “Start New Scan” button turns in to a “Stop” button while the scan is running)
    • Go to your Scan > Scan Options and Scheduling page and locate the “Performance Options”
      Set “Maximum execution time for each scan stage” to 20 on the options page
    • Click to “Save Changes”
    • Go to the Tools > Diagnostics page
    • In the “Debugging Options” section check the circle “Enable debugging mode”
    • Click to “Save Changes”.
    • Start a new scan
    • Copy the last 20 lines or so from the Log (click the “Show Log” link) once the scan finishes and paste them in the post.

    If scans start running again at any time, you can leave all the settings above except for “Enable Debugging Mode”.

    If this doesn’t show the specific fatals you’ve been seeing, could you also include those with your response. Knowing the lines/files/messages that include the “Fatal error” text could also assist us in finding a resolution.

    Thanks,

    Peter.

    Thread Starter Lapping

    (@ingakri)

    4 years, 11 months ago

    Hello,

    Thank You very much for your answer!
    I’ve followed your instructions and the result is – unfortunately, it’s in polish language:

    [Jun 23 14:13:18:1624457598.579431:1:error] <p>W witrynie wystąpił błąd krytyczny.</p><p>Dowiedz się więcej o rozwiązywaniu problemów z WordPressem.</p>
    [Jun 23 14:13:18:1624457598.576018:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-013-dysza-do-hydromasazu-stal-nierdzewna-szczotkowana-1-539×303.jpg
    [Jun 23 14:13:18:1624457598.575791:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-013-dysza-do-hydromasazu-stal-nierdzewna-szczotkowana-1-500×800.jpg
    [Jun 23 14:13:18:1624457598.575560:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-013-dysza-do-hydromasazu-stal-nierdzewna-szczotkowana-1-500×500.jpg
    [Jun 23 14:13:18:1624457598.575326:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-013-dysza-do-hydromasazu-stal-nierdzewna-szczotkowana-1-500×380.jpg
    [Jun 23 14:13:18:1624457598.575090:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-013-dysza-do-hydromasazu-stal-nierdzewna-szczotkowana-1-400×260.jpg
    [Jun 23 14:13:18:1624457598.574847:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-013-dysza-do-hydromasazu-stal-nierdzewna-szczotkowana-1-345×198.jpg
    [Jun 23 14:13:18:1624457598.574607:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-013-dysza-do-hydromasazu-stal-nierdzewna-szczotkowana-1-300×300.jpg
    [Jun 23 14:13:18:1624457598.574365:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-013-dysza-do-hydromasazu-stal-nierdzewna-szczotkowana-1-150×150.jpg
    [Jun 23 14:13:18:1624457598.574125:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-013-dysza-do-hydromasazu-stal-nierdzewna-szczotkowana-1-100×100.jpg
    [Jun 23 14:13:18:1624457598.573890:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-010-dysza-do-hydromasazu-stal-nierdzewna-polerowana.jpg
    [Jun 23 14:13:18:1624457598.573661:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-010-dysza-do-hydromasazu-stal-nierdzewna-polerowana-rysunek-techniczny-miniatura.jpg
    [Jun 23 14:13:18:1624457598.573425:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-010-dysza-do-hydromasazu-stal-nierdzewna-polerowana-rysunek-techniczny-miniatura-64×29.jpg
    [Jun 23 14:13:18:1624457598.573188:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-010-dysza-do-hydromasazu-stal-nierdzewna-polerowana-rysunek-techniczny-miniatura-2.jpg
    [Jun 23 14:13:18:1624457598.572943:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-010-dysza-do-hydromasazu-stal-nierdzewna-polerowana-rysunek-techniczny-miniatura-2-64×29.jpg
    [Jun 23 14:13:18:1624457598.572702:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-010-dysza-do-hydromasazu-stal-nierdzewna-polerowana-rysunek-techniczny-miniatura-2-100×66.jpg
    [Jun 23 14:13:18:1624457598.572459:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-010-dysza-do-hydromasazu-stal-nierdzewna-polerowana-rysunek-techniczny-miniatura-100×66.jpg
    [Jun 23 14:13:18:1624457598.572217:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-010-dysza-do-hydromasazu-stal-nierdzewna-polerowana-rysunek-techniczny-miniatura-1.jpg
    [Jun 23 14:13:18:1624457598.571978:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-010-dysza-do-hydromasazu-stal-nierdzewna-polerowana-rysunek-techniczny-miniatura-1-64×29.jpg
    [Jun 23 14:13:18:1624457598.571740:4:info] Pomijanie niepotrzebnych haseł: /home/bath/domains/warsaw-design.pl/public_html/wp-content/uploads/2019/10/Linki-DOC-010-dysza-do-hydromasazu-stal-nierdzewna-polerowana-rysunek-techniczny-miniatura-1-100×66.jpg`

    Again, there are no notices or errors in wp_debug.log. There are no errors in apache error log as well:(

    Kind Regards,
    Inga

    Thread Starter Lapping

    (@ingakri)

    4 years, 11 months ago

    Hello again,

    I have another problem with Wordfence – upon new plugin installation I’ve encountered database errors called by Wordfence:

    Query :INSERT INTO wp_wfConfig (name, val, autoload) values (‘lastNotificationID’, ‘1’, ‘no’)
    Caller: wfConfig::atomicInc()

    Component: Plugin: wordfence

    Error Message:
    Duplicate entry ‘lastNotificationID’ for key ‘PRIMARY’

    I still cannot perform wordfence scan.

    Kind REgards,
    Inga

    Thread Starter Lapping

    (@ingakri)

    4 years, 11 months ago

    I’ve imported Wordfence options and checked “Delete Wordfence tables and data on deactivation” and then I’ve deactivated Wordfence, but it didn’t help.
    There are still errors whenI try to install new plugins:(

    What should I do next?

    Plugin Support wfpeter

    (@wfpeter)

    4 years, 11 months ago

    Hi @ingakri,

    It would be a good idea to try Wordfence Assistant to remove all tables & data rather than the manual removal as that has worked for customers with similar issues in the past, especially around duplicate entries.

    Also, before re-importing any settings, see if the installation is working as expected. If the scan issue returns, let me know, but having the plugin installed successfully would now be our focus.

    Thanks,

    Peter.

    Thread Starter Lapping

    (@ingakri)

    4 years, 11 months ago

    Hello Peter,

    Thank you very much for your help! I will try to use Wordfence Assistant to remove all tables and data and will let you know about results.

    I hope this will solve my problem!

    Kind Regards,
    Inga

    Plugin Support wfpeter

    (@wfpeter)

    4 years, 11 months ago

    Hi @ingakri,

    Are you still experiencing issues after trying Wordfence Assistant? Normally if a forum topic is dormant for around 7 days it will be closed, so my response now will reset that time if you still need to perform some tests.

    Let me know how you get on!

    Peter.

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Wordfence is blocking /wp-admin/admin-ajax.php’ is closed to new replies.