Fix common errors on the Wordfence plugin

Generally speaking, we recommend disabling the Wordfence plugin on your WordPress website, especially if you have the Skystra Shield (Advanced Security) service active on your hosting service.

If you’d like to keep Wordfence on your website, here are some common errors and fixes on a general guideline basis. For specific code and plugin errors triggered by the Wordfence plugin, please contact their development team.

Wordfence a security plugin for WordPress websites. However, Wordfence can be a problematic plugin that triggers several errors on WordPress websites.

Here is a list of common errors that Wordfence can create on WordPress websites:

  • Performance: Wordfence is a resource-intensive plugin, potentially slowing down your website
  • False Positives: The security rules can sometimes be excessive, blocking legitimate users or admin actions
  • Complexity: Configuring Wordfence with its extensive settings can be overwhelming and may lead to misconfiguration
  • Compatibility: There may be conflicts with other plugins or themes, causing website functionality issues

Error: WordPress white screen error

The WordPress white screen error can often be caused by the Wordfence plugin injecting a code snippet into your website .htaccess file. In order to get your WordPress website working again, you need to remove the Wordfence code snippet from your .htaccess file.

1. Log in to your hosting control panel
2. Click on the File Manager button

3. Double click the domains folder

4. Locate your domain name’s folder and double click it. If you have multiple domain names, you will see multiple folders listed.

5. Inside your domain name’s folder, you will see a public_html folder, double click to open it up

6. Inside of your domain name’s public_html folder, locate the .htaccess file -depending on the size of your device’s screen and number of files, you may have to scroll to find it.

Once you locate the .htaccess file, hover over it and do a right-click to get a dropdown, from the dropdown, select Edit.

7. Your window will now pop open the .htaccess file, scroll until you find the Wordfence code in your .htaccess file, it will always begin with # Wordfence WAF and end with # END Wordfence WAF, here is an example of the code snippet and what it looks like inside of an .htaccess file

# Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file
<IfModule lsapi_module>
php_value auto_prepend_file
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
# END Wordfence WAF

8. Highlight and delete all of the Wordfence code in your .htaccess file and then click the Save File button followed by the X button to close the session, here is an example:

Error: False positives in security alerts

Wordfence can sometimes raise false security alerts. These false positives could range from flagging benign activities as suspicious to identifying safe files as malicious.

If you’re confident that the alert is a false positive, you can ask Wordfence to ignore the issue. To do this, click on the Ignore this issue link found in the Issue detail dropdown in the Scan results

Once you ignore the issue, it will appear in your Ignored Results tab under Wordfence > Scan

Error: Overstated resource usage

Wordfence might indicate a high resource usage that could affect your site’s performance; however, it can be a false positive. You can limit the resources that Wordfence uses by following these steps:

1. Wordfence > All Options > Performance Options > Maximum execution time for each scan stage, make sure to click Save Changes button at the top to apply your changes

2. Also consider disabling the Don’t log signed-in users with publishing access under the Live Traffic Options as it consumes considerable resources, make sure to click Save Changes button at the top to apply your changes

Error: Slow website

Even when overstating resource usage, Wordfence remains a highly-resource intensive plugin. Given that Wordfence packs in many features into one plugin, the code base is bloated and is a significant cause in creating a slow and inefficient website loading time.

Consider deactivating the Wordfence plugin. If keeping Wordfence, it may be beneficial to review this guide for tips on how to enhance the speed of your website: Fix a slow website

Error: Frequent site lockouts

Wordfence might frequently lock you out of your own website if it detects too many failed login attempts.

To fix the lockouts, you need to adjust the Brute Force Protection setting.

1. Navigate to Wordfence > All Options > Brute Force Protection

2. Increase the Lock out after how many login failures number or increase the timeframe for the count of login attempts, make sure to click Save Changes button at the top to apply your changes

Error: Wordfence dashboard not loading

Sometimes, the Wordfence dashboard may fail to load due to issues like caching or plugin conflicts.

1. Clear your browser cache
2. If clearing browser cache doesn’t work, deactivate and reactivate the Wordfence plugin
3. If the problem persists, there could be a plugin conflict. Deactivate other plugins one by one until the Wordfence dashboard loads correctly.