arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Wordfence - protection taken too far? Wordfence Alternative?
#1
I think someone mentioned during our discussion about anti-virus, how those guys who are supposed to protect us can screw us at the same time as well. Since they have such deep access to our Windows, they can do a lot of damage either while they are trying to protect us, or maliciously.

It happened to me tonight.

Tonight was project update all of my blogs - like I have quite a large number of those. Not sure why, but I don't want to get rid of any of them yet. Anyway, one of them had one of my old and regular passwords to get into wp-admin. And I couldn't get in. Then Wordfence sent a notification to my e-mail saying that my password had been compromised, that my account is blocked, and I need to fix my password. So how on earth does a person fix a password, without access to a WordPress blog? WordFence then gave me the option to reset my password, saying it sent it to me by e-mail, and that never arrived (I checked my spam too). Apparently others have been caught this way too, so WordFence had alternative steps, which were to go into cpanel, and disable the WordFence plugin. I did that. And then when I tried to log in, I got the white screen of death. Thanks to WordFence! What kind of protection is this?

In the end I completely removed the WordPress installation and the add on domain, added both back in cpanel, then imported a backup with my all in one plugin, disabled WordFence in the backup just before logging into the imported backup, and finally was able to change the password to a secure password. Why didn't WordFence give me that option right in the beginning?

Guess the silver lining in this is that I now know I have a password problem. If I should come across any of my accounts with that password, I'll need to immediately change it. But it was frustrating to sort out the blog.

Now I have to think of ways to protect my blogs against WordFence. I don't want to let go of WordFence yet, as I do see positives. But I think it is time to find an alternative that is a little less bulky, simpler and lighter. And isn't as clumsy with protection as WordFence has just been. Any one got suggestions for an alternative?
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#2
from their website...

"Leaked Password Protection
Data breaches have become all too common lately, arming attackers with millions of usernames, passwords and other sensitive data. We are unfortunately seeing attacks on WordPress sites in the wild leveraging this info."

I think you should keep it in spite of what just happened. May be just disable the features that don't agree with you.

Cause there are just too many web techs and too much to know if you want to do it on your own. Also there is more cause of concern for less welknown protection plugins. WordFence depends on its reviews online. So it might be easier to get them to listen to you or get answers from their support people on how this has happened.

my vote goes for 'keep it'.
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.
#3
@rudra  Thanks for the feedback.  I agree I should keep it.  I've been using them from the beginning of time, and I do find some of the information they provide valuable.

And they did warn me about my password.  Fortunately I'd long replaced that password in most of my blogs, like I now use only the strong passwords that are generated by WordPress - they're really strong.  But there are still the odd service I'm subscribed to that I'll have to change the password when I get there.
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#4
(07-10-2019, 07:28 AM)deanhills Wrote: I think someone mentioned during our discussion about anti-virus, how those guys who are supposed to protect us can screw us at the same time as well. Since they have such deep access to our Windows, they can do a lot of damage either while they are trying to protect us, or maliciously.

It happened to me tonight.

Tonight was project update all of my blogs - like I have quite a large number of those. Not sure why, but I don't want to get rid of any of them yet. Anyway, one of them had one of my old and regular passwords to get into wp-admin. And I couldn't get in. Then Wordfence sent a notification to my e-mail saying that my password had been compromised, that my account is blocked, and I need to fix my password. So how on earth does a person fix a password, without access to a WordPress blog? WordFence then gave me the option to reset my password, saying it sent it to me by e-mail, and that never arrived (I checked my spam too). Apparently others have been caught this way too, so WordFence had alternative steps, which were to go into cpanel, and disable the WordFence plugin. I did that. And then when I tried to log in, I got the white screen of death. Thanks to WordFence! What kind of protection is this?

In the end I completely removed the WordPress installation and the add on domain, added both back in cpanel, then imported a backup with my all in one plugin, disabled WordFence in the backup just before logging into the imported backup, and finally was able to change the password to a secure password. Why didn't WordFence give me that option right in the beginning?

Guess the silver lining in this is that I now know I have a password problem. If I should come across any of my accounts with that password, I'll need to immediately change it. But it was frustrating to sort out the blog.

Now I have to think of ways to protect my blogs against WordFence. I don't want to let go of WordFence yet, as I do see positives. But I think it is time to find an alternative that is a little less bulky, simpler and lighter. And isn't as clumsy with protection as WordFence has just been. Any one got suggestions for an alternative?

To reset password, I would make another dummy wp site and goto its phpmyadmin, goto db then get into users and copy my own salt and go to original site and replace it with old salt and password reset Smile. Better to reinstall
Premium Web Hosting | ShadowCrypt | Manal Shaikh Official Website
If you find my post/thread useful, you're supposed to +rep me. 
#5
(07-11-2019, 01:48 AM)Manal Wrote: To reset password, I would make another dummy wp site and goto its phpmyadmin, goto db then get into users and copy my own salt and go to original site and replace it with old salt and password reset Smile. Better to reinstall
Thanks @Manal, you're right. That was a possibility too. It's what I used to do if there were a password issue in the past. However, I'm sure WordFence worked with something different to cause the white screen of death to come up. I could have fiddled more, but it was just way faster to start from scratch. At that point I was so annoyed with WordFence too, I just wanted to get rid of it and get the satisfaction to delete it in cpanel. WordFence did of course come up again after I had loaded a backup, but this time round I knew to disable the WordFence plugin first, before I logged into the backup of the site. Afterwards, I enabled WordFence again, as I was curious to see whether there would be any other consequences, but there weren't any. It was as though it never happened, so WordFence must be happy with my new password.
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post
3,931
09-20-2020, 08:07 PM
Last Post: tbelldesignco

person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting