wfphil
Forum Replies Created
-
Hi @eytchh
We have seen this before where some hosting providers are using a server firewall with a commercial firewall rule ruleset that causes this problem of our plugin pages generating a 404 Not Found response page.
Please ask your hosting provider if they use Atomicorp’s ModSecurity firewall ruleset. If they do then ask them to disable firewall rule ID number 390149 and see if that fixes it. That would be better than disabling the ModSecurity server firewall for your hosting account altogether.
That blocking message is not from our plugin.
Hi @hargitt
May apologies for the delay.
We have determined this is a false positive. However, the code is questionable but not really malicious. You should use the ignore option for the scan results for the time being.
Hi @hgiusti
Something on your site is preventing Wordfence’s
script_loader_tagfilter from taking effect, or is rewriting/removing the attribute.On a stagin site with the same fault, please try switching to the default theme Twenty Twenty-Five and disable all other plugins, MU plugins, and Drop-In plugins. If the fault is fixed then you will need to enable your normal theme and all three types of plugins one-by-one to find the cause of the fault.
Hi @etheise
I have passed your feedback and feature request to the team for you.
All feature requests are discussed by the team and given careful consideration so you may possibly see this in a future version of Wordfence.
Hi @justina69
By default the traffic logging mode is set the Security Only so we recommned that you use that mode rather than All Traffic. You can set the the number of rows of data for the Live Traffic page to store and also for how many days to keep data for.
You cannot completely dsiable it as it is used by other parts of the plugin.
Hi @manni02
Thank you for the update.
Is the following that you said before still true please:
“Most – if not all – browsers display a warning”
Hi @floretsky
Thank you for the bug report.
Hi @toddbenton
That is Wordfence’s JavaScript translation data and is only present for logged in administrators and would not be seen by normal site visitors.
Hi @biscuit1001
Thank you for the update.
I’m not seeing a warning on your home page. I was looking for a Let’s Encrypt TLS certificate fault and I didn’t see one.
Are the links in the emails still having the same issue?
Hi @hargitt
Thank you for the update.
I will pass the file back to the team for examonation and I will send an update once I have a reply.
Hi @hansnielsen
Thank you for the reply and you are very welcome!
Please send your Wordfence diagnostics report.
Update to the latest version of Wordfence if you haven’t already done so.
Go to the top of the “Diagnostics” tab on the Wordfence “Tools” page. There will be a “SEND REPORT BY EMAIL” button to send the diagnostics report. Enter wftest [at] wordfence [dot] com as the email and kuchenundkakao as the forum username please.
Once you have emailed me the diagnostics report can you reply here to let me know that it has been sent. This is important in the unlikely event that your installation of WordPress is having an issue with sending mail
If we have a malware signature for this infection then it could be that you don’t have acesss to the malware signature yet as users of the free version of the plugin have a 30 day delay to get new malware signatures. Or, the infection may be in a database table that Wordfence doesn’t scan and will require a manual database cleaning. Wordfence used to scan the whole database but we had to stop doing that as it was too unstable on hosting providers that restrict server resource usage too much.