Wordfence Scan issue

Not able to run the WordFence on our Word Press.

The issue with Cloudflare and more specifically - Maybe the Bot Fight mode:

I’ve tried whitelisting both the server’s IP address and the site’s IP in Site Tools → Speed → Cloudflare → IP Access Control, however, to no avail.

One thing I noticed is that the native WordPress cron jobs don’t seem to work:

baseos | [email protected]:~/www/aonegadget.com/public_html$ wp cron test
Warning: WP-Cron spawn succeeded but returned HTTP status code: 503 Service Unavailable

I tested the plugin and recreated the error.

it seems that Cloudflare is causing the issue. When the website is accessed via the local hosts file (to bypass Cloudflare) the scan is working properly and this is recorded in the logs:

Hope you help us to solve the issue.
Thanks

Possibly, yes.

May I ask have you followed the instructions from below article?:

Furthermore, if you added the IPs (from Wordfence article above + your origin host / server IP) to the IP Access Rules (with Allow) and therefore created a Firewall Rule (again, with Allow) putting it on the 1st (from above), I think it should work.

Nevertheless, in the Wordfence options you have to select and choose “ CF-Connecting-IP ” option (Use the Cloudflare “CF-Connecting-IP”). Do not forget to save to apply the changes.

There could be a temporary workaround as like, before running a scan, you could temporarly select Pause Cloudflare on Site from the Cloudflare dashboard for your domain, or switch to the :grey: (DNS-only). After the scan completes, switch back to proxied :orange:

I admit I see them too at Firewall events intentionally due to my Firewall Rules to catch empty user-agents and HTTP/1.0 requests as follows on the great Firewall tutorials provided from below:

In this particular case, you have to add your origin host / server IP to both IP Access Rules and a Firewall Rule with the action Allow - as far as I saw and tested, it could be triggered due to too much same behaviour requests from the same IP address via HTTP/1.0 and empty user-agent too.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.