elivi
Forum Replies Created
-
Hey @aitpro ,
Please see the Security Log entry below:
[403 GET Request: October 25, 2019 6:51 pm] BPS: 3.7 WP: 5.2.4 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: GDPR Compliance On Host Name: 108-213-94-121.lightspeed.irvnca.sbcglobal.net SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: GDPR Compliance On HTTP_FORWARDED: GDPR Compliance On HTTP_X_FORWARDED_FOR: GDPR Compliance On HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /?sp_executesql QUERY_STRING: sp_executesql HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36So if I understand correctly, the blocking of login by IP shouldn’t be the issue? I used BPS custom code to do that.
Could you please tell why shouldn’t the code block internal access to the wp-config.php file? Why isn’t allowing the browser access to the file for the local host good? So I can mention that when I contact Siteground, otherwise I just have to tell that I don’t like that it is like that, so please change how the server works.
Siteground is the first hosting that I have used for this domain. Perhaps the fact that it points to Google Cloud could be related to Cloudflare? Which by the way is not working again and an error stating “www redirect check failed” is showing up, since I commented out the line of code that allows browser access to wp-config.php file.
Thanks!
Hey @wfgerald ,
I just sent the report. That line of code is commented out.
And even though it is now commented out, I am able to click on optimize Wordfence firewall and start optimizing it without that blank screen showing up.Do you have any comments on what you see on both Diagnostics reports? Does everything look fine?
Thanks!
Hey @wfgerald ,
If you are talking about this:
“In diagnostics tab for connectivity an error related to “Connecting back to this site” appears as follows: wp_remote_post() test back to this server failed! Response was: 403 Forbidden”,
I solved that error some time ago. But I still was not able to optimize Wordfence by clicking on “Click here to configure” button. Nothing happened, just a white pop up showed up. So I contacted Siteground as you suggested. And they advised to replace the following code in htaccess:
<FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)”>
Order Allow,Deny
Deny from all
# Allow from 127.0.0.1
</FilesMatch>with this:
<FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)”>
Order Allow,Deny
Deny from all
Allow from 127.0.0.1
</FilesMatch>After that was changed, I could start optimizing Wordfence firewall.
I believe that you cannot access yoursite.com/wp-admin because I have restricted the login access by IP. But it is not related with the issue with optimizing Wordfence as I was not able to optimize Wordfence before I restricted the login by IP.
Which code should I send?
Thanks!
Hey @wfgerald ,
SiteGround suggested uncommenting that line of code, so it now looks as follow:
<FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)”>
Order Allow,Deny
Deny from all
Allow from 127.0.0.1
</FilesMatch>I just sent the report. What do you think?
- This reply was modified 6 years, 7 months ago by elivi.
The IP address that you mentioned is right. Why is that a problem?
How can I know if I have NGINX reverse Proxy server? In BPS System Info section it says that it is Apache server.
What do you mean by “If you are using 3 different Proxies there is a very good chance of problems occurring.”? What would be the suggestion in case I want to use Wordfence and Cloudflare?A part of the default BPS code looks as follow:
# DENY BROWSER ACCESS TO THESE FILES
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
# To be able to view these files from a Browser, replace 127.0.0.1 with your actual
# current IP address. Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1
# Note: The BPS System Info page displays which modules are loaded on your server.<FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)”>
Order Allow,Deny
Deny from all
#Allow from 127.0.0.1
</FilesMatch>Now I have the following code and it is possible to optimize the Wordfence:
<FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)”>
Order Allow,Deny
Deny from all
Allow from 127.0.0.1
</FilesMatch>Do you recommend commenting out this line of code:
Allow from 127.0.0.1
?Hey!
As I am using Bulletproof Security plugin as well, it seems that the the issue was solved by allowing browser access for the local host to access the wp-config.php file. By default that line of code was commented in BPS .htaccess code. So when that line of code was uncommented, I was able to start optimizing Wordfence.
Hey @wfgerald,
Thank you, will do that!
Hi,
Yes, there are errors. Please see the screenshots from console here: https://imgur.com/a/2DPsVK8
It is Siteground hosting.
Do you have an idea how to solve this?Hello!
I have the same issue.
There are errors showing up on Console tab. What do you suggest to load the page?The problem I have is the same as another user recently described: https://ww.wp.xz.cn/support/topic/blank-pop-up-screen-when-i-click-on-optimize-the-wordfence-firewall/
Hello,
I installed Health Check & Troubleshooting plugin, disabled all other plugins, reactivated them, but I still have the issue with optimizing Wordfence, nothing has changed.
Could it be that there is something wrong with the plugin?Hey,
Thanks, I solved the connectivity error that was due to the fact that I had blocked access to wp-admin by IP without adding the code that allows ajax functionality.
But I still have the problem regarding optimizing Wordfence. When I click on “Click here to configure” button or “Optimize Wordfence Firewall”, nothing happens, just a white pop up without any text shows up on the screen. I have not found anybody having this issue on the forum. Can you suggest how to start optimizing the firewall in this case?