Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WordFence + WordPress
New on LowEndTalk? Please Register and read our Community Rules.

WordFence + WordPress

ChalipaChalipa Member

Hi,

I have been using WordPress with WordFence for security for quite some time now, and recently the host moved the server to another location and now I'm having issues configuring it.

Here is the screenshot: https://imgur.com/a/bVgRqFm

The host is saying they are having the exact server config, I have contacted wordfence and they have told me the following:

https://wordpress.org/support/topic/wp_remote_post-test-back-to-this-server-failed-response-was-403-forbidden-2/#post-15839321

I have whitelisted all the IP's in Cloudflare as well, as I had before, and updated the new IP there, but still i see the same error.

I'm just confused about what could be causing this, maybe someone else had the same issue and has been able to resolve this?

@Ympker maybe?

Comments

  • Hmm..I am not a user of Wordfence (I use WP Ninja Firewall, usually), so I can't help you there. Maybe contact Wordfence support?

    Thanked by 1Chalipa
  • Already have contacted them, and followed the link they told me:

    https://wordpress.org/support/topic/wp_remote_post-test-back-to-this-server-failed-response-was-403-forbidden-2/#post-15839321

    Unfortunately didn't solve the issue.

    Which security plugin do you think is good for brute force, and overall security?

  • exception0x876exception0x876 Member, Host Rep

    @Chalipa what's under View additional detail link on your screenshot?

    Thanked by 1Chalipa
  • @exception0x876 said:
    what's under View additional detail link on your screenshot?

    This: https://justpaste.it/6bupl

  • BigDongLongBigDongLong Member
    edited October 31

    You probably have some other page rule/access rule that's causing the Javascript challenge to occur. I had a Flutter webview app and the user initially had to go through the Cloudflare loading page. They could access everything fine afterwards, but if they tried sending any POST requests from the app, they'd be hit by the challenge page because I had a rule that made IPs from VPNs go through the managed challenge.

    Thanked by 1Chalipa
  • @Chalipa said: I have whitelisted all the IP's in Cloudflare as well, as I had before, and updated the new IP there, but still i see the same error.

    What do you have under "all options", then "How does Wordfence get IPs" ?
    do you see your real IP ( home/local) next to "Detected IP(s):" or you're seeing cloudflare ip there?

    Thanked by 1Chalipa
  • @BigDongLong said:
    You probably have some other page rule/access rule that's causing the Javascript challenge to occur. I had a Flutter webview app and the user initially had to go through the Cloudflare loading page. They could access everything fine afterwards, but if they tried sending any POST requests from the app, they'd be hit by the challenge page because I had a rule that made IPs from VPNs go through the managed challenge.

    I have removed all the rules I had there to test it.

    https://imgur.com/a/6CKtRC0

    Still, the same error exists.

    @DanSummer said:

    What do you have under "all options", then "How does Wordfence get IPs" ?
    do you see your real IP ( home/local) next to "Detected IP(s):" or you're seeing cloudflare ip there?

    Getting local IP.

    https://imgur.com/a/WDvVVv5

  • exception0x876exception0x876 Member, Host Rep

    @Chalipa said:
    I have whitelisted all the IP's in Cloudflare as well, as I had before, and updated the new IP there, but still i see the same error.

    Make sure you got the IP addresses right. It should include your server IP so it can connect to itself via Cloudflare without triggering JS challenge. Same with Wordfence IP addresses.

    One additional thing to check is that in rare cases the outgoing IP addresses might be different from your domain IP address so double check that too.

  • Use ninja firewall, lightweight and the firewall rules update more frequently than free WordFence.

  • In this case, if what the WordFence's tech. support suggested didn't help, I'd suggest the boring, standard: disable all the other plugins and see what happens.

    P.S.
    Noticed the site's backend shows WP Optimize and LiteSpeed (I'd pick one or the other). Similar thoughts on the Security Ninja and WordFence (and Loginizer security).

    With WP plugins: the fewer, the better.

    Also, check your PHP error logs, and try renaming the .htaccess, then open the permalink setting menu and click save (needn't change anything, a new htaccess should be created). Then go to the WordFence menu, it should ask you to save your .htaccess before it makes any changes. It usually automatically recognizes what kind of server it's on, and configures stuff properly.

    Thanked by 2Chalipa Ympker
  • ChalipaChalipa Member
    edited November 1

    @Ulement said:
    Use ninja firewall, lightweight and the firewall rules update more frequently than free WordFence.

    @bikegremlin

    Are you guys referring to this?

    https://wpsecurityninja.com/

    It does not have a free version? no? (the firewall)

  • @Chalipa said:

    @Ulement said:
    Use ninja firewall, lightweight and the firewall rules update more frequently than free WordFence.

    @bikegremlin

    Are you guys referring to this?

    https://wpsecurityninja.com/

    It does not have a free version? no? (the firewall)

    https://wordpress.org/plugins/ninjafirewall/

    Thanked by 2Chalipa Ulement
  • YmpkerYmpker Member
    edited November 1

    @Ympker said:
    Hmm..I am not a user of Wordfence (I use WP Ninja Firewall, usually), so I can't help you there. Maybe contact Wordfence support?

    I meant I am using https://wpsecurityninja.com/ . WP Ninja Firewall is something else, so scratch that. Ninja Firewall is also a good tool, but not the one I'm using. Fwiw, WP Security Ninja announced on their website that lifetime deal will be back for Black Friday and smth about 40% off (maybe also applies to lifetime). Could be worth a consideration. Then again, the free version is also great and so is Ninja FW (free WAF) so..

  • @Chalipa said:

    @Ulement said:
    Use ninja firewall, lightweight and the firewall rules update more frequently than free WordFence.

    @bikegremlin

    Are you guys referring to this?

    https://wpsecurityninja.com/

    It does not have a free version? no? (the firewall)

    I was referring to the list of plugins shown in your screenshot (WP backend -> Sidebar).

Sign In or Register to comment.