dffmonolith

Matt,

OK, I’ve got a screenshot of the console showing the “Time over 1000ms” warnings. CONSOLE IMAGE

I’m using Google Chrome. The only error that shows up is an annoying one from the MeasureIt extension.

Not using NoScript, but I am using Disconnect and Ghostery and HTTPS Everywhere….

Let me know if you need more detailed expansion of console info….

With max emails per hour capped at 6, I’ve now received over 1500 locked-out emails from WordFence since June 26…. They haven’t given up!

By contrast, on another site on another ISP, I recently got a 3-day barrage that yielded 1200 lockout messages (also capped at 6), but they moved on after 3 days of intensive probing.

That brings up another thought: these problems are on a site running on a small regional ISP (MCN.org). I use WordFence on other sites hosted on BlueHost with no issues. Could there be a server misconfiguration?

Thanks,
Dennis

Matt,

OK, I deleted all the WF tables, reinstalled and reactivated the plugin. I also used my code to restore my settings. Everything seemed to work fine, but it still will not let me block an individual IP address.

The lockout settings are what I had set, but I won’t know if they’re working until in the morning…. It did restore my 5-day lockout setting, for sure. Maybe that will work now…. I’ll let you know after some hours have passed.

Thanks,
Dennis

OK, I turned off all other plugins, but I get the same behavior.

Thankfully, the plugin is still blocking people — just for an hour at a time.

So, what are the options?

1. Could it be the theme? Duh — I forgot to switch to 2015 when I disabled all the plugins, so I’m not sure. I’ll try it again. The theme is custom, written 3 years ago, and not updated since…. But it’s pretty simple, too — it’s a very simple site, and there’s nothing custom in the backend.
2. Would uninstalling and reinstalling the plugin help? You have that handy way to save settings.
3. Switch to the paid version and block whole countries at a time? I’ll have to see if my client will spring for the pro version — she has, uh, tried to minimize her expenditures in this area over the years. 🙁

Thanks,
Dennis

Matt,

OK, I disabled the config cache, and then tried to manually block an IP address, 125.212.224.147. It just sits there — the IP address stays in the input, but doesn’t show up in the box below. When I looked in the JS console, here’s what I’m seeing in XHR requests:

http://www.atriumbnb.com/wp-admin/admin-ajax.php?apiKey=419059977a3653cdf3c89c9316d3a76a998ebeffbf7b5f009ac8d8ed7c9288c38efbab8e67895adb1ef8f0aa1c095b711832433c5ec4b2fcfa82385644fee5b627bb59f30ed3e63c4ea12fda52f8a2a8&firewallEnabled=1&loginSecurityEnabled=1&liveTrafficEnabled=1&scheduledScansEnabled=1&autoUpdate=1&alertEmails=public%40monolithdesign.com&securityLevel=CUSTOM&howGetIPs=&alertOn_critical=1&alertOn_warnings=1&alertOn_block=1&alertOn_loginLockout=1&alertOn_lostPasswdForm=1&alertOn_adminLogin=1&alert_maxHourly=6&email_summary_enabled=1&email_summary_interval=biweekly&email_summary_excluded_directories=wp-content%2Fcache%2Cwp-content%2Fwfcache%2Cwp-content%2Fplugins%2Fwordfence%2Ftmp&email_summary_dashboard_widget_enabled=1&liveTraf_ignorePublishers=1&liveTraf_ignoreUsers=&liveTraf_ignoreIPs=&liveTraf_ignoreUA=&scansEnabled_heartbleed=1&scansEnabled_core=1&scansEnabled_themes=1&scansEnabled_plugins=1&scansEnabled_malware=1&scansEnabled_fileContents=1&scansEnabled_database=1&scansEnabled_posts=1&scansEnabled_comments=1&scansEnabled_oldVersions=1&scansEnabled_passwds=1&scansEnabled_diskSpace=1&scansEnabled_dns=1&scan_exclude=&blockFakeBots=1&neverBlockBG=neverBlockVerified&maxGlobalRequests=120&maxGlobalRequests_action=throttle&maxRequestsCrawlers=480&maxRequestsCrawlers_action=throttle&max404Crawlers=60&max404Crawlers_action=throttle&maxRequestsHumans=120&maxRequestsHumans_action=throttle&max404Humans=60&max404Humans_action=throttle&maxScanHits=60&maxScanHits_action=throttle&blockedTime=43200&loginSec_strongPasswds=pubs&loginSec_maxFailures=3&loginSec_maxForgotPasswd=2&loginSec_countFailMins=5&loginSec_lockoutMins=2880&loginSec_lockInvalidUsers=on&loginSec_maskLoginErrors=on&loginSec_blockAdminReg=on&loginSec_disableAuthorScan=on&loginSec_userBlacklist=&whitelisted=&bannedURLs=&allowed404s=%2Ffavicon.ico%0D%0A%2Fapple-touch-icon*.png%0D%0A%2F*%402x.png&other_hideWPVersion=1&other_blockBadPOST=1&other_noAnonMemberComments=1&other_scanComments=1&other_pwStrengthOnUpdate=1&other_WFNet=1&maxMem=256&maxExecutionTime=&actUpdateInterval=2&disableConfigCaching=1&ssl_verify=1&action=wordfence_saveConfig&nonce=eb887ef0c5

Then it shows a warning: “Time over 1000ms”, and an Object. The time field in the JSON has a value of 1095.945…. And it says XHR finished loading.

That’s immediately followed by another XHR operation:

http://www.atriumbnb.com/wp-admin/admin-ajax.php?alsoGet=&otherParams=&action=wordfence_ticker&nonce=eb887ef0c5

This also gives the Too Long warning with 1722.540, but it says XHR finished loading….

I’ll see if disabling the config cache did anything, but it’ll take me an hour to tell if it works…. 🙂

OK, I switched to the 2014 theme, and there’s no difference in behavior — the location dropdown only shows 1 version of Eagles Hall, not the original version.

I can give you a login if you want to see it yourself, or I can dump the em_locations table and send that to you.

The problematic location, Eagles Hall, is in the middle of the 500+ list of locations. (The other time this happened, it started with “M”).

http://www.kozt.com/pages/submit-event/ : the location dropdown shows Eagles Hall, but it’s the new entry my client entered. They did NOT delete the old one. I looked at the em_locations table in the database, and there are 2 entries for Eagles Hall, with slugs of eagles-hall and eagles-hall-2. The differences between the 2 records seem too minor to make a difference, but you can see them here in this screen capture from phpMyAdmin:

phpMyAdmin capture

In the screenshot, the entry with location_id = 128 is the one that does not show.

Here’s the excerpt from my single-event.php:

<?php
$content = do_shortcode( '[locations_map location="' . $locid . '" height="300"]' );   // [locations_map]
echo $content;
echo '<h3 style="text-align:center;"><span class="event-hilight">Upcoming Events</span></h3>';
$locevents = do_shortcode( '[events_list location="' . $locid . '" limit="4"]' );   // [events_list]
echo $locevents;
?>

Pretty straightforward. The Javascript I posted in the original message, and it’s placed in a document.ready jQuery closure….