|
Shawn
|
October 6, 2016 at 8:26 pm
I have a new EE4 install on a long time WordPress website (v4.6.1). I’m running WordFence (v6.2.0). I do not use the cache feature of WordFence, but do use WP Super Cache (v1.4.8) and have excluded the recommended strings. I also have the Mobile App for my iPhone installed and I’m using the Application Passwords plugin. I created a new user for our mobile ticket checkers at our events and gave the user the Event Administration role in WP. So, my problem is that if the mobile device IP is not in the WordFence IP whitelist it will not be allowed to log in and will be blocked from future tries (being added to the WordFence Blocked IP list). I’ve tried it both with my home IP and with my cell IP. Once I whitelist either, it works fine and I can use the Mobile App without issue, I see the events, can check-in guests. Obviously I can’t whitelist all mobile devices while at our event (they will probably be using their cell phones). Any chance you know enough about Wordfence to help me configure something to allow this mobile app access? If needed, I guess I can contact the fine people at WordFence too. 🙂
|
|
Josh
|
October 7, 2016 at 7:48 am
Hi Shawn,
We’re not familiar with WordFence. When you contact them you can explain that you’re using Basic Authentication to allow access to a custom REST API endpoint on your site. So the app isn’t logging into the WordPress admin or anything like that. Maybe they have a way to not block that part of your site.
|
|
Shawn
|
October 7, 2016 at 8:18 am
Response from Wordfence before I shared your comments:
When the Event Espresso people answer ask exactly what that message means and what kind of response is it receiving. You can also try putting the waf into learning mode and trying again. That might whitelist the action.
|
|
Josh
|
October 7, 2016 at 8:40 am
Looks like the server is throwing a 403 Forbidden error when the app tries to send a request to your server.
As an aside, you should probably change that password now that there’s a screenshot of it posted here.
|
|
Shawn
|
October 7, 2016 at 10:03 am
Perhaps. I am working with WordFence to have their firewall learn the login pattern. They also asked if there was an IP range I could whitelist on the WordFence firewall, I’m guessing from the application/service.
Thanks for the password change reminder. I wasn’t too worried, the website/user info was blocked…but I changed it anyway.
|
|
Josh
|
October 7, 2016 at 10:11 am
The IP range would be from the various mobile devices. When you use the mobile apps, it’s connecting directly to your server. There actually isn’t a service between the mobile app and your server.
|
|
Shawn
|
October 7, 2016 at 12:05 pm
Thanks for the info, I’ll continue to look to WordFence support on this. I may continue to ask questions and if it gets resolved I’ll post back.
|
