Wordfence Firewall /wp-content/wflogs/config.php file quarantined

Home Forums BulletProof Security Pro Wordfence Firewall /wp-content/wflogs/config.php file quarantined

This topic contains 0 replies, has 1 voice, and was last updated by  AITpro Admin 2 years ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #29090

    AITpro Admin
    Keymaster

    Wordfence recently created a new Firewall feature in the newest version of Wordfence, which is very similar to the BPS Pro Plugin Firewall|Plugin Firewall AutoPilot Mode, which was created in BPS Pro 3.5 years ago.  If you have both Wordfence and BPS Pro installed then the Wordfence Firewall may cause problems or break the BPS Pro Plugin Firewall.  We do not have enough information yet to determine what problems the Wordfence Firewall may create for BPS Pro.  BPS Pro AutoRestore|Quarantine quarantines this new Wordfence Firewall file:  /wp-content/wflogs/config.php, which contains this code below:

    <?php exit('Access denied'); __halt_compiler(); ?>
    a:13:{s:9:"wafStatus";s:13:"learning-mode";s:30:"learningModeGracePeriodEnabled";i:1;s:23:"learningModeGracePeriod";i:1461153775;s:7:"authKey";s:64:"h(,,2bHZH_T9vbD$c=VxSZ0:)=a4N?|]kptrlEhy}SL*=df:YEi@qo@pgrt@7`hm";s:4:"cron";a:1:{i:0;O:24:"wfWAFCronFetchRulesEvent":1:{s:11:"*fireTime";i:1461153790;}}s:7:"version";s:5:"1.0.0";s:6:"apiKey";s:160:"75d77129e01d574df4d516ccfebae56f10a570f357f25cc77ba17a3145abd346aaa2236973d80f658983a5593d5c73dde0aca25a0a7086da607265304246eada95388650996520acccd9b3726173fa5b";s:6:"isPaid";b:0;s:7:"siteURL";s:31:"http://example.com";s:7:"homeURL";s:31:"http://example.com";s:14:"whitelistedIPs";s:14:"xxx.xxx.xxx.xxx";s:9:"howGetIPs";s:0:"";s:11:"wafDisabled";b:0;}

    This Wordfence file and code are not malicious. The Wordfence /wp-content/wflogs/config.php file is dynamically updated so an AutoRestore wp-content folder exclude rule needs to be created so that the Wordfence wflogs folder is not checked by AutoRestore|Quarantine. Do the steps below to create an AutoRestore wp-content folder exclude rule for the Wordfence wflogs folder.

    1. Go to the AutoRestore page and turn Off AutoRestore.
    2. Go to the Quarantine page and restore the wflogs files that were quarantined.
    3. Go back to AutoRestore > click on the Exclude wp-content Folders tab page > type or copy and paste the name of the wflogs wp-content folder: wflogs
    Note:  If you are using Wordfence caching then also create a wp-content folder exclude rule for the: wfcache folder.
    4. Click all 3 buttons in order 1, 2, 3: 1. click the Save To DB button, click the 2. Create Filter button and click the 3. Exclude Folders Now button.
    5. Turn AutoRestore back on.

    Additional Wordfence Firewall Problem:
    The Wordfence Firewall may add the code shown below or similar code to your Root htaccess file, which will trigger the Wordfence HUD check Error message below.  See solution below.

    HUD Check: Wordfence PHP/php.ini handler htaccess code detected
    Wordfence PHP/php.ini handler htaccess code was found in your root .htaccess file, but was NOT found in BPS Custom Code.
    Click Here for the steps to fix this Wordfence problem.
    CAUTION: Using the Wordfence WAF Firewall may cause serious/critical problems for your website and BPS Pro.
    To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the S-Monitor page.

    Wordfence WAF Firewall Error

    # Wordfence WAF 
    <IfModule mod_suphp.c> 
    suPHP_ConfigPath '/home/oursite/public_html' 
    </IfModule> 
    <Files ".user.ini"> 
    <IfModule mod_authz_core.c> 
    Require all denied 
    </IfModule> 
    <IfModule !mod_authz_core.c> 
    Order deny,allow 
    Deny from all 
    </IfModule> 
    </Files> 
    # END Wordfence WAF

    Solution:
    The Setup Wizard is not designed to figure out that type of custom wordfence htaccess code since it is not standard PHP/php.ini handler htaccess code. So you will need to do these steps below to fix this problem.

    1. Copy the Wordfence WAF htaccess code to this BPS Root Custom Code text box: CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    Note: A scheduled task has been created for this wordfence problem and will be included in the next BPS version.

    Additional Wordfence problems reported by numerous Wordfence users on the WordPress.org site:
    Wordfence Problem Versions: 6.1.2, 6.1.3, 6.1.4, 6.1.5 and 6.1.6
    A large number of Wordfence users are experiencing various serious to critical problems (website crashed, website not loading, etc.) with the new Wordfence WAF. It appears that Wordfence is scrambling to fix the bugs/coding mistakes and releasing back to back new Wordfence versions. At this time it is unknown if Wordfence will continue to release additional back to back versions or if the bugs/coding mistakes are all fixed. If you are using Wordfence then you should probably wait until all the dust settles before upgrading Wordfence on your website.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.