lrnarasimhan
Forum Replies Created
-
Thank you. I will check periodically to see if it has been implemented.
Thank you for the lay-of-the-land and for the options.
I have Recaptcha on comments, Akismet for comment spam filtering, autoupdates enabled, and Wordfence Free edition with a bunch of blocking rules but still get a lot of spam in the filter and a lot of bots trying assorted nonsense in hopes of finding some weakness. Maybe blocking entire countries is the way to go. This is a nocommercial blog with little to interest large chunks of the world except as a substrate for mischief.
I will contact presales and ask if there is an option to purchase the block-by-country feature.
Forum: Fixing WordPress
In reply to: Not getting emails about updates etc. (Self inflicted)I think the SMTP plugin was indeed the one I deleted. I’m getting the reports again. Marking as Resolved. Thanks!
Forum: Fixing WordPress
In reply to: Not getting emails about updates etc. (Self inflicted)James,
Thank you. I installed WP Mail SMTP from the link of possibilities, configured it, got a Test Message, and a notification when I posted a test comment. This might have been the plugin I clobbered. I’ll see if it notifies me when plugins need to be updated – that might be a service provided by the Wordfence plugin. If it does, I can mark the question resolved.
I apppreciate the help.
Thank you for the clarification and update. I can appreciate that it is hard to keep up with bot tech!
Thank you for the suggestions and links. I have gone through them but would like to clarify one thing.
First, after posting, I was looking around the various Wordfence configurations pages and saw a yellow notification that said some types of blocking were not enabled until this button was clicked. I unfortunately did not make a note of the exact text. But, as soon as I did that, WF began rejecting bots matching patterns on my “Immediately block…” list. What I was doing manually now is being done automatically so the problem I wrote about has been fixed. These ‘visitors’ are blocked for a month according to the Current blocks for <my domain> page for “Accessed a banned URL.”
I’m grappling with any possible downsides to this. If I understand the pages and video you recommended, manually blocking IPs is futile and I agree with this. I don’t think I am doing that though, I am providing patterns to the WF rules engine and blocking based on that which is independent of IP address, IP ranges, or countries. This seems to me like supplementing anything WF does automatically and not interfering with the broader protection.
If that’s correct, I don’t see an obvious downside for my situation except periodically adding to the rules if I see some particular attack being commonly used when I check in. My passwords are long strings of gibberish with multiples special characters and I update all plugins soon after being notified. 2FA is overkill for my needs as my blog is just for fun and letting my family know I’m still alive without going into the social media vortex. I’m the only poster and I do no business with it.
No problem, this is clearly not the plugin’s problem. I had the host turn off nginx for my domain.
I’ll record one other observation here in case it is useful to others: “Use the X-Real-IP HTTP header” fixed the IP address problem but nginx caused yet another problem: I only had intermittent access to my WP site. Going to <domain>/admin would work sometimes on some browsers and not on others. A couple of hours later, the working browsers would switch.
After the host disabled nginx, I am able to log in consistently across browsers, computers, and devices. IP addresses in Live Traffic correspond to the originating site.
I have gone back to “Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites. (Recommended)” although it was working with the X-Real-IP HTTP header setting.Sorry: I have to leave it on X-Real-IP HTTP header to get correct IP addresses.
I am guessing (without proof) that nginx is caching the login page or doing something else behind the scenes that messes up WordPress logins. Again, not a Wordfence issue but here for documentation.
- This reply was modified 5 years ago by lrnarasimhan.
I found this thread https://ww.wp.xz.cn/support/topic/wordfence-logging-all-traffic-with-servers-ip-address/
which solved my problem.It looks like my host has installed some sort of proxy or load balancer. I switched “How does Wordfence get IPs option” to “Use the X-Real-IP HTTP header.” and I am getting correct attributions for new hits.
I will take up the surprise proxy/load balancer with the host.
- This reply was modified 5 years ago by lrnarasimhan.
I took out the additions to the Immediately Block box a few hours ago.
This morning, some IPs are showing the red block icon when they access xmlrpc.php while others are not.
I’ll read more about .htaccess and see how to prevent these sites from connecting.
Followup question:
I have added the commands to .htaccess.
I’ve also created a /misc/ folder in public_html, put an empty file in it, and set up robots.txt to disallow access to this directory.
I’ve set up a redirect for all requests to xmlrpc.php to point to the empty file in misc/
I’ve placed /misc/* in the Immediately Block box.
Expected behavior: xmlrpc.php requests get sent to /misc, WF would then block that IP address automatically. The robots.txt will prevent well-behaved crawlers from getting trapped.
Observed behavior: When I test accessing https://{mydomain.com}/xmlrpc.php from a sacrificial IP address, I get shown a blank file vs. getting placed on the blocklist.
- This reply was modified 5 years, 10 months ago by lrnarasimhan.
Thank you. I have just enabled the Disable XML-RPC authentication. Looking more closely at the logs, every request for xmlrpc.php is preceded by an access to wp-login.php.
If I understand correctly, the .htaccess modification will return some kind of error message to the requesting bot but that IP address can still request the page again. If I want to autoban that IP, I will need to do that with some other tool besides Wordfence and .htaccess?
Forum: Fixing WordPress
In reply to: PHP update failingThis is just a blog for amusement, not business or anything critical. It isn’t worth the hassle to find another host and migrate. Appreciate the quick replies.
- This reply was modified 5 years, 10 months ago by lrnarasimhan.
Forum: Fixing WordPress
In reply to: PHP update failingLooks like I’m S.O.L.
Fortunately, my hosting package is up for renewal in a couple of weeks and I can cancel it.
Thanks.
Forum: Fixing WordPress
In reply to: PHP update failingThanks. I contacted them but the agent was stalling for time and I had to disconnect. There’s nothing in their ‘Knowledge Base’ either.
According to this, MySQLND is not on the list of allowed modules:
https://www.hostgator.com/help/article/php-modulesAny idea how much longer WP will let me use PHP 5.4? I may just retire the blog when compatibility runs out.
- This reply was modified 5 years, 10 months ago by lrnarasimhan.
This is very helpful, thank you. I do see some of the same attacks on my site. I’ll use this as a guide to blocking (and I won’t blindly copy/paste per your suggestion.)