New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
WordFence + WordPress
Hi,
I have been using WordPress with WordFence for security for quite some time now, and recently the host moved the server to another location and now I'm having issues configuring it.
Here is the screenshot: https://imgur.com/a/bVgRqFm
The host is saying they are having the exact server config, I have contacted wordfence and they have told me the following:
I have whitelisted all the IP's in Cloudflare as well, as I had before, and updated the new IP there, but still i see the same error.
I'm just confused about what could be causing this, maybe someone else had the same issue and has been able to resolve this?
@Ympker maybe?
Comments
Hmm..I am not a user of Wordfence (I use WP Ninja Firewall, usually), so I can't help you there. Maybe contact Wordfence support?
Already have contacted them, and followed the link they told me:
https://wordpress.org/support/topic/wp_remote_post-test-back-to-this-server-failed-response-was-403-forbidden-2/#post-15839321
Unfortunately didn't solve the issue.
Which security plugin do you think is good for brute force, and overall security?
@Chalipa what's under View additional detail link on your screenshot?
This: https://justpaste.it/6bupl
You probably have some other page rule/access rule that's causing the Javascript challenge to occur. I had a Flutter webview app and the user initially had to go through the Cloudflare loading page. They could access everything fine afterwards, but if they tried sending any POST requests from the app, they'd be hit by the challenge page because I had a rule that made IPs from VPNs go through the managed challenge.
What do you have under "all options", then "How does Wordfence get IPs" ?
do you see your real IP ( home/local) next to "Detected IP(s):" or you're seeing cloudflare ip there?
I have removed all the rules I had there to test it.
https://imgur.com/a/6CKtRC0
Still, the same error exists.
Getting local IP.
https://imgur.com/a/WDvVVv5
Make sure you got the IP addresses right. It should include your server IP so it can connect to itself via Cloudflare without triggering JS challenge. Same with Wordfence IP addresses.
One additional thing to check is that in rare cases the outgoing IP addresses might be different from your domain IP address so double check that too.
Use ninja firewall, lightweight and the firewall rules update more frequently than free WordFence.
In this case, if what the WordFence's tech. support suggested didn't help, I'd suggest the boring, standard: disable all the other plugins and see what happens.
P.S.
Noticed the site's backend shows WP Optimize and LiteSpeed (I'd pick one or the other). Similar thoughts on the Security Ninja and WordFence (and Loginizer security).
With WP plugins: the fewer, the better.
Also, check your PHP error logs, and try renaming the .htaccess, then open the permalink setting menu and click save (needn't change anything, a new htaccess should be created). Then go to the WordFence menu, it should ask you to save your .htaccess before it makes any changes. It usually automatically recognizes what kind of server it's on, and configures stuff properly.
@bikegremlin
Are you guys referring to this?
https://wpsecurityninja.com/
It does not have a free version? no? (the firewall)
https://wordpress.org/plugins/ninjafirewall/
I meant I am using https://wpsecurityninja.com/ . WP Ninja Firewall is something else, so scratch that. Ninja Firewall is also a good tool, but not the one I'm using. Fwiw, WP Security Ninja announced on their website that lifetime deal will be back for Black Friday and smth about 40% off (maybe also applies to lifetime). Could be worth a consideration. Then again, the free version is also great and so is Ninja FW (free WAF) so..
I was referring to the list of plugins shown in your screenshot (WP backend -> Sidebar).