Title: Better Automations's Replies | WordPress.org --- # Better Automations [ ](https://wordpress.org/support/users/cdevidal/) * [Profile](https://wordpress.org/support/users/cdevidal/) * [Topics Started](https://wordpress.org/support/users/cdevidal/topics/) * [Replies Created](https://wordpress.org/support/users/cdevidal/replies/) * [Reviews Written](https://wordpress.org/support/users/cdevidal/reviews/) * [Topics Replied To](https://wordpress.org/support/users/cdevidal/replied-to/) * [Engagements](https://wordpress.org/support/users/cdevidal/engagements/) * [Favorites](https://wordpress.org/support/users/cdevidal/favorites/) Search replies: ## Forum Replies Created Viewing 15 replies - 1 through 15 (of 32 total) 1 [2](https://wordpress.org/support/users/cdevidal/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/cdevidal/replies/page/3/?output_format=md) [→](https://wordpress.org/support/users/cdevidal/replies/page/2/?output_format=md) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Sucuri Security - Auditing, Malware Scanner and Security Hardening] [SOLVED] How do I acknowledge WordPress core files were modified?](https://wordpress.org/support/topic/how-do-i-acknowledge-wordpress-core-files-were-modified/) * Thread Starter [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [1 year, 4 months ago](https://wordpress.org/support/topic/how-do-i-acknowledge-wordpress-core-files-were-modified/#post-18264017) * Found it. It’s on the dashboard, but I wasn’t waiting long enough for the pane to load. * Forum: [Reviews](https://wordpress.org/support/forum/reviews/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Good support](https://wordpress.org/support/topic/abandoned-by-support/) * Thread Starter [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [4 years, 11 months ago](https://wordpress.org/support/topic/abandoned-by-support/#post-14545276) * No resolution yet but I’ve edited my review 🙂 If my reply gets missed I’ll contact your team by the other email addresses listed on your site if it gets overlooked again. * FYI I get email from WordPress on all forum replies so I wouldn’t have to check the front page every time, not sure if you’re sending those emails to the bit bucket… * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] The last rules update for the Wordfence Web Application Firewall was unsuccessfu](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu/) * [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [4 years, 11 months ago](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu/page/4/#post-14545243) * [@markxkr](https://wordpress.org/support/users/markxkr/) Unfortunately your comment will not be seen by the WordFence team, you have to open a new thread for them to get visibility. WordPress forum rules seem to be one issue by one person per thread, no “me too”s allowed. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] The last rules update for the Wordfence Web Application Firewall was unsuccessfu](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/) * Thread Starter [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [4 years, 11 months ago](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/page/2/#post-14545233) * `Usually, this would be a permissions issue, where the WAF files are stuck and can’t be overwritten, though you said you have already checked permissions. There could be something like selinux preventing writing files, despite the permissions, I’d check if you’re using that or any other security software on the server outside of WP that might block writing files.` * It perhaps is some security software but I can’t think what that might be. It’s not Ubuntu’s selinux equivalent, (AppArmor) there is an AppArmor rule but it is not enabled. * ``` root@web01.prod.securecoop.com:/SecureCoop# grep /var/www/html /etc/apparmor.d/abstractions/web-data /var/www/html/ r, /var/www/html/** r, root@web01.prod.securecoop.com:/SecureCoop# apparmor_status apparmor module is loaded. 40 profiles are loaded. 40 profiles are in enforce mode. /snap/core/11167/usr/lib/snapd/snap-confine /snap/core/11167/usr/lib/snapd/snap-confine//mount-namespace-capture-helper /snap/snapd/11841/usr/lib/snapd/snap-confine /snap/snapd/11841/usr/lib/snapd/snap-confine//mount-namespace-capture-helper /snap/snapd/12057/usr/lib/snapd/snap-confine /snap/snapd/12057/usr/lib/snapd/snap-confine//mount-namespace-capture-helper /usr/bin/lxc-start /usr/bin/man /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/NetworkManager/nm-dhcp-helper /usr/lib/connman/scripts/dhclient-script /usr/lib/snapd/snap-confine /usr/lib/snapd/snap-confine//mount-namespace-capture-helper /usr/sbin/mysqld /usr/sbin/tcpdump /{,usr/}sbin/dhclient lsb_release lxc-container-default lxc-container-default-cgns lxc-container-default-with-mounting lxc-container-default-with-nesting man_filter man_groff nvidia_modprobe nvidia_modprobe//kmod snap-update-ns.core snap-update-ns.lxd snap.core.hook.configure snap.lxd.activate snap.lxd.benchmark snap.lxd.buginfo snap.lxd.check-kernel snap.lxd.daemon snap.lxd.hook.configure snap.lxd.hook.install snap.lxd.hook.remove snap.lxd.lxc snap.lxd.lxc-to-lxd snap.lxd.lxd snap.lxd.migrate 0 profiles are in complain mode. 1 processes have profiles defined. 1 processes are in enforce mode. /usr/sbin/mysqld (916) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. root@web01.prod.securecoop.com:/SecureCoop# ``` * `You checked the main error log, but I see diagnostics shows an error log at wp-content/debug.log with a nonzero size. Can you check that one for any errors. The drawback about using WP_DEBUG is that errors that occur during the WAF code before WP loads won’t be there if the WAF is optimized. You might need to set the error log path in php.ini to be sure those earlier errors are logged.` * That log file might have existed at one time, but it has since been removed. I believe it belonged to a debug plugin which I have removed. * ``` root@web01.prod.securecoop.com:/SecureCoop# ls -l /var/www/html/wp-content/debug.log ls: cannot access '/var/www/html/wp-content/debug.log': No such file or directory root@web01.prod.securecoop.com:/SecureCoop# ``` * ``` It’s possible that an issue that’s preventing writing to the wflogs files may also be preventing the webserver from writing to the default log as well, which could leave it at 0 bytes permanently. If you can send the output of ls -l /var/www/html/wp-content/wflogs it would be good to see if any of the files have newer dates. ``` * Interestingly, attack-data.php and ips.php are being updated, which clues to me that it’s probably not some other security software. If that were the case I would not expect _anything_ in this directory to update. * ``` root@web01.prod.securecoop.com:/SecureCoop# ls -l /var/www/html/wp-content/wflogs total 5584 -rw-r----- 1 www-data www-data 3890328 Mar 24 18:02 GeoLite2-Country.mmdb -rw-rw---- 1 www-data www-data 181249 Jun 5 16:14 attack-data.php -rw-rw---- 1 www-data www-data 601 Mar 29 02:17 config-livewaf.php -rw-rw---- 1 www-data www-data 13868 Mar 29 02:17 config-synced.php -rw-rw---- 1 www-data www-data 1201202 Mar 29 02:17 config-transient.php -rw-rw---- 1 www-data www-data 560 Mar 29 02:17 config.php -rw-rw---- 1 www-data www-data 51 Jun 11 10:21 ips.php -rw-rw-r-- 1 www-data www-data 403981 Mar 29 02:17 rules.php root@web01.prod.securecoop.com:/SecureCoop# ``` * `It may be worth trying renaming the whole wflogs directory temporarily, this loses some WAF settings, but we can see if the files get re-created, and if they contain anything.` * ``` root@web01.prod.securecoop.com:/SecureCoop# mv /var/www/html/wp-content/wflogs /var/www/html/wp-content/wflogs.disabled # Refreshed Wordfence options in the WordPress GUI root@web01.prod.securecoop.com:/SecureCoop# ls -l /var/www/html/wp-content/wflogs total 3860 -rw-r--r-- 1 www-data www-data 3890328 Jun 11 10:24 GeoLite2-Country.mmdb -rw-rw---- 1 www-data www-data 40083 Jun 11 10:24 attack-data.php -rw-rw---- 1 www-data www-data 325 Jun 11 10:24 config-livewaf.php -rw-rw---- 1 www-data www-data 325 Jun 11 10:24 config-synced.php -rw-rw---- 1 www-data www-data 325 Jun 11 10:24 config-transient.php -rw-rw---- 1 www-data www-data 534 Jun 11 10:24 config.php -rw-rw---- 1 www-data www-data 51 Jun 11 10:25 ips.php -rw-rw-r-- 1 www-data www-data 0 Jun 11 10:24 rules.php root@web01.prod.securecoop.com:/SecureCoop# ``` * So, yes they were all rebuilt, except rules.php. I put the old directory back. * What I noticed about this is that rules.php had indeed updated on last time I messed with it on March 29th. It probably came from plugin installation though. * `phpinfo() must be disabled since it’s missing in Diagnostics, but I’m not sure if it will help in this case. You could temporarily enable it in php.ini, run Diagnostics once again, and then disable it again. I’d be looking for what’s in disable_functions, open_basedir, or possibly any missing or unexpected PHP extensions.` * I have enabled phpinfo() and re-uploaded Diagnostics, please check. * Is it possible to just download rules.php manually and scp it into place? I can do that periodically, or by script. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] The last rules update for the Wordfence Web Application Firewall was unsuccessfu](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/) * Thread Starter [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [5 years, 1 month ago](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/page/2/#post-14369635) * Did you receive it? * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] The last rules update for the Wordfence Web Application Firewall was unsuccessfu](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/) * Thread Starter [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [5 years, 1 month ago](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/page/2/#post-14359343) * There is absolutely no output in the PHP log so I won’t send that. It might be because of the error, “No rules were updated.” Was able to send the diagnostic report though. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] The last rules update for the Wordfence Web Application Firewall was unsuccessfu](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/) * Thread Starter [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [5 years, 1 month ago](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/page/2/#post-14356665) * I setup debugging and tried an update: “No rules were updated. Your website has reached the maximum number of rule update requests. Please try again later.” * Didn’t see anything in my logs. How soon before I can try again? * Forum: [Reviews](https://wordpress.org/support/forum/reviews/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Good support](https://wordpress.org/support/topic/abandoned-by-support/) * Thread Starter [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [5 years, 1 month ago](https://wordpress.org/support/topic/abandoned-by-support/#post-14356176) * Thanks, if we can bring it to resolution I will edit my review. I tried first to just bump my own support request in that thread, but was told no bumping was allowed. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] The last rules update for the Wordfence Web Application Firewall was unsuccessfu](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/) * Thread Starter [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [5 years, 2 months ago](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/page/2/#post-14246568) * [@wfadam](https://wordpress.org/support/users/wfadam/) I’d love to send logs, which ones do you have in mind? Still zero KB. * ``` root@web01.prod.securecoop.com:/SecureCoop# ls -l /var/www/html/wp-content/wflogs/rules.php -rw-rw-r-- 1 www-data www-data 0 Feb 11 16:10 /var/www/html/wp-content/wflogs/rules.php root@web01.prod.securecoop.com:/SecureCoop# ``` * _[ [Please do not bump.](https://wordpress.org/support/guidelines/#do-not-bump-posts)]_ - This reply was modified 5 years, 2 months ago by [Better Automations](https://wordpress.org/support/users/cdevidal/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] The last rules update for the Wordfence Web Application Firewall was unsuccessfu](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu/) * [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [5 years, 3 months ago](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu/page/4/#post-14037191) * [@hostbliss](https://wordpress.org/support/users/hostbliss/) not yet, but you can follow my progress and try all that I have tried: [https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] The last rules update for the Wordfence Web Application Firewall was unsuccessfu](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/) * Thread Starter [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [5 years, 3 months ago](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/#post-14037182) * Still having the issue. * ``` root@web01.prod.securecoop.com:/SecureCoop# ls -l /var/www/html/wp-content/wflogs/rules.php -rw-rw-r-- 1 www-data www-data 0 Dec 30 17:59 /var/www/html/wp-content/wflogs/rules.php root@web01.prod.securecoop.com:/SecureCoop# rm -rf /var/www/html/wp-content/wflogs/ root@web01.prod.securecoop.com:/SecureCoop# Browsed the site... root@web01.prod.securecoop.com:/SecureCoop# ls -l /var/www/html/wp-content/wflogs/rules.php -rw-rw-r-- 1 www-data www-data 0 Feb 11 16:10 /var/www/html/wp-content/wflogs/rules.php root@web01.prod.securecoop.com:/SecureCoop# ``` - This reply was modified 5 years, 3 months ago by [Better Automations](https://wordpress.org/support/users/cdevidal/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] The last rules update for the Wordfence Web Application Firewall was unsuccessfu](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/) * Thread Starter [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [5 years, 4 months ago](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/#post-13965262) * Sent diagnostics again. [Screenshot](https://i.imgur.com/KtVDGJ4.png) saying it was sent successfully, and showing the address it was sent to. * I would say that yes I am still seeing the same issue; I am no longer getting the error since uninstalling/reinstalling, but the rules.php file is still empty. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] The last rules update for the Wordfence Web Application Firewall was unsuccessfu](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/) * Thread Starter [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [5 years, 4 months ago](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/#post-13897275) * Sent. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] The last rules update for the Wordfence Web Application Firewall was unsuccessfu](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/) * Thread Starter [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [5 years, 4 months ago](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu-7/#post-13881330) * These are not pingable, either from my server or my laptop at home. Do I need to instead use cURL to test access? * Server: * ``` root@web01.prod.securecoop.com:~# ping -c1 noc1.wordfence.com PING noc1.wordfence.com (69.46.36.28) 56(84) bytes of data. ^C --- noc1.wordfence.com ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms root@web01.prod.securecoop.com:~# ping -c1 noc4.wordfence.com PING noc4.wordfence.com (69.46.36.20) 56(84) bytes of data. ^C --- noc4.wordfence.com ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms root@web01.prod.securecoop.com:~# ``` * Home computer: * ``` C:\Users\cbdev>ping noc1.wordfence.com Pinging noc1.wordfence.com [69.46.36.28] with 32 bytes of data: Request timed out. Ping statistics for 69.46.36.28: Packets: Sent = 1, Received = 0, Lost = 1 (100% loss), Control-C ^C C:\Users\cbdev>ping noc4.wordfence.com Pinging noc4.wordfence.com [69.46.36.20] with 32 bytes of data: Request timed out. Ping statistics for 69.46.36.20: Packets: Sent = 1, Received = 0, Lost = 1 (100% loss), Control-C ^C C:\Users\cbdev> ``` * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] The last rules update for the Wordfence Web Application Firewall was unsuccessfu](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu/) * [Better Automations](https://wordpress.org/support/users/cdevidal/) * (@cdevidal) * [5 years, 4 months ago](https://wordpress.org/support/topic/the-last-rules-update-for-the-wordfence-web-application-firewall-was-unsuccessfu/page/4/#post-13849146) * For everyone wondering why WFence is not responding to this thread, it’s because this thread is marked Resolved. You must start a new thread. I did and WFence is helping me out. Viewing 15 replies - 1 through 15 (of 32 total) 1 [2](https://wordpress.org/support/users/cdevidal/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/cdevidal/replies/page/3/?output_format=md) [→](https://wordpress.org/support/users/cdevidal/replies/page/2/?output_format=md)