Have you looked at:
https://docs.wordfence.com/en/Web_Application_Firewall_Setup.html
This one,
https://www.wordfence.com/help/firewall/optimizing-the-firewall/ — includes the FTP access.
and if you need to disable it,
https://www.wordfence.com/help/firewall/ (at the bottom)
I noticed there was a mention of the CPanel, which is in your website host account. Access to the root folder of your website is accessible via their “File Manager” module. Have you tried that method since that module does allow for uploads?
Hi Charlie,
I have a couple of websites with SFTP configured on non-standard port and I can run the firewall optimization wizard successfully on them. Could you please let me know what happens exactly when you run the wizard? and perhaps sharing some information about your server environment? By the way, there is no need to download wordfence-waf.php file during the firewall optimization process.
Thanks.
Hi wfalaa, thanks for writing in. I’ve tried to connect in two ways:
the first way is simply typing the hostname into the hostname text box – I get:
Failed to connect to FTP Server hostname:21
so then I tried, adding the port on to the end of the hostname as in:
hostname:###
then I get:
Failed to connect to FTP Server hostname:###
I’m able to sftp from a client application using the same username and password. There are no IP address restrictions for that port on the firewall.
When you say there’s no need to download wordfence-waf.php… why is an sftp connection necessary? Something must be downloaded to my server – is there anyway to get whatever file is needed, or make the appropriate configuration change, without the wizard?
-
This reply was modified 7 years, 11 months ago by
gothamww.
Can you update plugins or does that ask you to add you ftp username and password too? If that is the case there is a good discussion on it here:
http://wordpress.org/support/topic/plugin-install-asks-for-ftp-details
There are several possible solutions to address the issue.
Wordfence shouldn’t be the only thing asking for those credentials if it does. I would check, or have your hosting provider check, the permissions and ownership of all your files and folders in WordPress.
tim
Good lord. I had been getting those ftp prompts for years. And I just assumed that since SSH password authentication was off (the whole idea of giving out my sftp information seemed bad), that I couldn’t download plugins using the web interface, so I’ve been downloading them manually and installing them.
Turns out you are right – it was a permissions issue – not an issue with SFTP at all.
All fixed. Thank you for your help – and all other plugins are installing as well.
Thanks again!
So how do we config/optimize the Wordfence firewall without ftp or sftp? It sounds like we can’t. I don’t want to turn ftp on my server and i use keys, not passwords, so there are there are no credentials to enter when prompted by WordPress/Wordfence.
For security reasons, I don’t want to start using ftp and passwords on my server. In this case, it is possible to config the Wordfence firewall or not?
I skimmed the docs and didn’t find anything helpful in my situation. Thx
Hi SpaceDroid – I changed my ssh settings to allow ftp to connect, then changed them back. I didn’t mind having my server exposed for a very short period of time.
Hi gothamww, sure I can do that too but I really want to know if the Wordfence firewall can be configured without ftp. It seems like it can’t, which I think it strange given it’s a security product created by a company dedicated to security.
I guess since this topic is marked resolved no one from Wordfence is going to answer my question.
yes, agreed, it’d be nice if there was another way.