IvanRF
Forum Replies Created
-
OH, my mistake. I forgot that this only blocks IPs from login. So, it is not as bad as I thought. 🙂
The question remains if a real user wants to LOG into a site from the same IP. However, this will be very unlikely.
Thanks for the answer!
Maybe comparing to “Tested up to: #” and accepting only a version number for # will not create a back door. But honestly, I don’t have even a 1% of the knowledge that you have about WordPress security.
I just wanted to present my thoughts. I’m sure you will do what’s best for everyone. Thanks!
I know why this happens. As I said, I’m a plugin developed too and I received mails from WordPress asking me to modify the readme file if the plugin is compatible with a new WordPress version.
So, there is nothing wrong for a developer to modify the readme file without creating a new release, if the plugin did not change.
My question is, is it possible to add to Wordfence the ability to NOT mark as a Warning a simple change in a plugin readme file? more specifically, the line that contains:
Tested up to: #@tim I don’t think this is related to WordPress settings
Mails with subject “User locked out from signing in…” contain links like:
- “The Wordfence administrative URL for this site is:”
- “To change your alert options for Wordfence, visit:”
- “To see current Wordfence alerts, visit:”
Mails with subject “Problems found on …” do not have links to the site that has the alerts. The mail content only shows the problems found with no links to the actual site.
Thanks for considering this!
That feature request will improve notifications. However, hiding wp-login will completely avoid those annoying attempts from bots.
I agree.
I use the aggressive option “Immediately lock out invalid usernames”. Thus, I receive mails for every dummy attempt of usernames like admin, administrator, test, and so on.
It would be nice to have the option to avoid notifications for some specified user names, or just only receive notifications for attempts on existing users.
OK, thanks!
OK, thanks!
Thanks for your reply, I will ask my host provider and report back tomorrow.
I forgot to answer the questions:
Are you running a regular WordPress site or multisite?
regular
How often does this happen? Multiple times per day?
Multiple times per day
Can you post a screenshot (or two) showing the 404 error and a normal visit for the same page? You can block out the site name and end of the IP address, if you want.
I did in the first post
Which other plugins do you have enabled?
Probably, WPML is the one causing the redirects. I also have W3 Total Cache, among others that are not worth mentioning.
If you know, is your host using Apache, or a different web server? (If you don’t mind linking to your site, I can check.)
Apache/2.4.12
OK, thanks! If this happens again, now I know where to look and I will post here my findings.
There must be something wrong with the AJAX function when saving.
I just disable it -> save -> Reload page with Ctrl+F5 -> enable it -> save, and now I do have that line:
Mon, 31 Aug 2015 19:00:00 +0000 : wordfence_email_activity_report
No, I didn’t have troubles with updates. I just created a new post.
Hi Tim, thanks for your answer.
However, I would like to know if this feature could be included in a future release or if it is something that will never be included in Wordfence.What if I don’t want to disable this function? Will I receive 10 mails again in 14 days?