SiteFort documentation
Troubleshooting
When something stops working. Step-by-step playbooks for scan failures, blocked visitors, Cloudflare Sync, login lockouts, broken headers, and more.
Troubleshooting
This section is for moments when something is not working: a scan will not start, a legitimate user is blocked, Cloudflare will not sync, a header broke the frontend, or a setting did not apply. Start with the symptom, confirm the layer that owns it, apply the smallest safe fix, and verify the result.First Question: What Changed Last?
Before changing more settings, identify the last change. Most SiteFort issues trace back to one of five layers:| Layer | Typical symptom | Where to look first |
|---|---|---|
| License or cloud connection | Scanner or Vulnerability Scanner unavailable, license banners, credits exhausted, failed cloud scan. | Settings > License & Plan, Scanner banner, scan failure panel, scan log. |
| CDN / proxy / IP detection | Wrong IP blocked, firewall paused, Cloudflare prompt, country rules inaccurate. | Firewall > Advanced > IP Detection and diagnostic details. |
| Firewall policy | Visitor receives block page, crawler blocked, country access issue, Traffic Log entries. | Firewall > Traffic Log, Active Rules, Country policy, Bot rules, Trusted IPs. |
| Hardening or headers | REST API broken, login URL inaccessible, CSS/JS broken, iframe blocked, HTTPS or header issue. | Hardening tab that was changed, Security Headers analysis, Manual Configuration Rules. |
| Account / login controls | User cannot log in, CAPTCHA missing, 2FA problem, lockout, password reset loop. | Hardening > Login Security, Lockouts & Recovery, Two-Factor, Audit Log. |
Rule of thumb: do not reset the plugin or disable multiple modules to troubleshoot one issue. Use the page that owns the visible warning, fix that condition, then verify.
Emergency Playbooks
Legitimate visitors are seeing a SiteFort block page
- Ask for the visitor IP, approximate time, country, URL, and screenshot of the block page.
- Open Firewall > Traffic Log. Search the IP and use the relevant time range.
- Check Protection Type: IP Ban, Country Block, Rate Limit, 404 Flood, UA Ban, Bot Ban, Community Blocklist, REST API Block, or Login Lockout.
- If the block is legitimate but too strict, adjust the owning rule. Example: remove the country from allow-only policy, reduce Maximum bot policy, or increase rate limits.
- If the visitor is trusted, add a narrow allow rule or Trusted IP. Prefer a stable office or VPN IP over a broad wildcard.
- Ask the visitor to retry and confirm the Traffic Log no longer records a block.
An administrator cannot log in
- Check whether the user is using the correct custom login URL. If Custom Login URL was recently enabled, use the copied secure URL.
- Open Hardening > Login Security > Lockouts & Recovery from another administrator account. Unlock the IP or user if active.
- If CAPTCHA fails or is missing, open Settings > Integrations > CAPTCHA / Bot Detection and confirm provider keys are saved. Temporarily disable CAPTCHA if the provider is misconfigured.
- If 2FA is the issue, use recovery codes, email code, or authenticator method. Confirm at least one allowed 2FA method remains enabled before enforcing roles.
- If the user is blocked by country or IP policy, check Firewall Traffic Log and trusted IP rules.
- After access is restored, review Audit Log for repeated failed attempts and adjust thresholds only if false positives continue.
The site appears broken after enabling Security Headers
- Open the affected page in a browser and identify what broke: styles, scripts, fonts, images, embeds, AJAX, forms, checkout, iframe, or media.
- In SiteFort, open Hardening > Security Headers and review the Header Preview and CSP configuration.
- If Content-Security-Policy is in Enforce mode, switch to Report Only while you add required sources.
- Add only the specific domains needed for Scripts, Stylesheets, Images, Fonts, Connections, Frames, Frame Ancestors, Base URI, or Form Action.
- If the issue is in wp-admin, enable Skip CSP on Admin Pages.
- Re-scan headers and test the public page, admin page, checkout, login, and forms before returning CSP to Enforce mode.
Cloudflare Sync says connected but rules are not behaving as expected
- Confirm the affected DNS record is proxied in Cloudflare. Edge rules cannot block traffic that bypasses Cloudflare.
- Open Settings > Integrations > Cloudflare Connection. Check Connection, Account ID, Permission Check, and Detected Plan.
- If permissions are missing, update the token scopes and click Re-verify Credentials.
- Open Firewall > Cloudflare Sync. Check last pushed, plan limits, warning text, and conflicting targets.
- Click Push now. If there are plan limit warnings, reduce synced entries or move less important blocks to origin-only enforcement.
- Check whether the rule type is eligible for edge sync. Wildcard IP patterns may be enforced locally and skipped during Cloudflare sync.
A scan reports malware or suspicious files
- Do not delete files immediately. Open the finding, review severity, file path, and diff if available.
- Take a backup before remediation. If the site is actively compromised, preserve a copy for investigation before cleanup.
- Use Repair for known core, plugin, or theme files when SiteFort offers it. Use Delete only for clearly malicious or unnecessary files.
- Update or deactivate the component that owns the infected path.
- Rotate administrator passwords and review unexpected admin users when account compromise is possible.
- Run a Deep Scan after remediation and verify the Dashboard no longer shows unresolved malware findings.
Module-by-Module Fixes
| Symptom | Likely cause | Fix |
|---|---|---|
| License activation code fails | Invalid or expired OTP, wrong email or license key, used Pro seats, or activation cooldown. | Read the issue card. Request a new code when expired, free a Pro seat in Console when seats are used, or wait for cooldown to expire. |
| Scanner says License Required | The site is not connected to SiteFort Console. | Activate in Settings > License & Plan, then return to Scanner after the banner clears. |
| Scan Credits Exhausted | Cloud scan quota for the billing period has been used. | Use the upgrade path or wait for the reset period shown. Do not exclude important paths to work around quota. |
| Vulnerability Scanner shows no data | License is required, check has not run, or scan is in progress. | Activate license if prompted, click Check Now, and review Last check timestamp after completion. |
| Firewall is paused or validating | IP Detection has not been verified. | Open Firewall > Advanced > IP Detection, apply Cloudflare preset or correct proxy header, then Verify again. |
| Your own IP is blocked | Manual IP rule, country rule, bot rule, rate limit, or login lockout caught your request. | Use another administrator session or hosting access to remove the rule, unlock the lockout, or add your stable admin IP to Trusted IPs. |
| Country blocking blocks real users | Allow-only policy is incomplete, GeoIP source is missing or incorrect, or Cloudflare edge rule applies before WordPress. | Add required countries, switch to block-selected mode, verify MaxMind or Cloudflare country source, and push Cloudflare changes if sync is enabled. |
| Trusted crawler still blocked | User-Agent pattern is too broad or narrow, Cloudflare has a conflicting rule, or crawler IP is not what you expected. | Review Traffic Log User Agent, add a specific Trust pattern, remove conflicting Cloudflare rule, and avoid broad patterns that bypass all checks. |
| REST API integration broke | Restrict REST API Access is blocking an endpoint. | Open WordPress Obscurity > Endpoint Status and allow only the required public endpoint. |
| XML-RPC client stopped working | XML-RPC was fully disabled. | Switch to Disable Pingbacks Only if the site needs Jetpack, mobile apps, or XML-RPC publishing clients. |
| Server hardening does not apply | Write to Files is disabled, wrong server type, Nginx config path not writable, or hosting manages config externally. | Set correct server type, enable Write to Files when appropriate, or copy Manual Configuration Rules into the server config. |
| CAPTCHA does not appear | Provider keys are missing, wrong provider selected, or theme or plugin conflict on login page. | Save keys in Settings > Integrations, confirm provider label shows configured, then test the login form in a private window. |
| 2FA users are stuck during setup | No allowed method, email delivery issue, wrong TOTP time, or missing recovery codes. | Keep at least one allowed method, verify email delivery, check device time for authenticator apps, and regenerate recovery codes after access is restored. |
| Notifications are not delivered | No recipients, WordPress mail problem, severity threshold too high, or digest schedule delays firewall summaries. | Add explicit recipient emails, send tests, lower threshold, and check mail delivery at the hosting or SMTP layer. |
| Webhook test fails | Invalid webhook URL, endpoint rejects payload, or signature verification is wrong. | Save the provider URL, send a test, inspect endpoint logs, and verify HMAC-SHA256 for Generic JSON. |
| Audit Log is empty | Audit Logging is disabled, retention expired entries, or filters hide results. | Enable Audit Logging in Advanced Settings, clear filters, and confirm retention values. |
| Network policies do not affect subsites | Network enforcement is off or templates were not propagated. | Enable Network Policy flags, save, then Propagate Firewall, Hardening, or Both from the main-site configuration. |
Support Handoff Checklist
When escalating an issue to SiteFort support or an internal security team, include evidence instead of only describing the symptom. This reduces back-and-forth and prevents accidental loss of useful logs.- Site URL, WordPress version, SiteFort version, and hosting or server type.
- Exact SiteFort page, tab, banner, status card, or error message.
- Timestamp and timezone of the issue.
- Scanner failure stage and Scan Log output when scan-related.
- Traffic Log row or CSV export when a request was blocked.
- Audit Log rows around the time of a settings change, login event, tool use, or plugin, theme, or core change.
- Cloudflare status cards and warning text when edge sync is involved.
- Diagnostics output from Tools > Diagnostics.
- What changed last and what you already tried.