Wordfence will not switch from “Basic WordPress Protection” to “Extended Protect

  • Resolved Peter Berger

    (@petercabrinha)


    8 years, 8 months ago

    Hi

    I am trying to optimize the Wordfence Web Application Firewall, but it remains on “Basic WordPress Protection”. I have this issue on 2 sites I am running.

    – Server configuration – Apache + CGI/FastCGI (confirmed by host)
    – Tried to install with all other plugins deactivated
    – Different themes
    – User.ini and htaccess have been made/changed and contain Wordfence WAF lines
    – PHP 7.0.19
    – auto_prepend_file – no value (from other tests -> system configuration)

    That’s what I can tell you about the issue with my limited tech knowledge.

    Can you tell me what to do, to get it running?

    Thanks in advance, Peter

    The page I need help with: [log in to see the link]

Viewing 13 replies - 1 through 13 (of 13 total)
  • wfyann

    (@wfyann)

    8 years, 8 months ago

    Hi @petercabrinha,

    Can you confirm that the value displayed for the Server API on the Wordfence System Info page is consistent with the configuration you mentioned?

    It could be that the value you entered for auto_prepend_file is being somehow overridden. Could you please check with your hosting provider?

    Also please have a look at this article on our documentation platform which addresses setup issues.

    Thread Starter Peter Berger

    (@petercabrinha)

    8 years, 8 months ago

    Hi @wfyann,

    Thanks. I am really trying to get this done, but it is hard to understand.

    AD1
    I do not see Wordfence System Info page. Is it the Wordfence/ Options page? There I see the Api key.

    AD2
    Is this what you are looking for?
    ; Wordfence WAF
    auto_prepend_file = ‘/www/wordfence-waf.php’
    ; END Wordfence WAF

    AD3
    I’ve read several times and used as far as I understood and was connected to my case.

    Best wishes, Peter

    wfyann

    (@wfyann)

    8 years, 8 months ago

    Hi @petercabrinha,

    In order to make sure which Firewall setup you should be using:

    • Go to the Wordfence Tools page
    • Click the Diagnostics tab
    • In the Other Tests section (near the bottom of the page), click the link that reads “Click to view your system’s configuration in a new window“. This will open a Wordfence System Info page

    Also could you please:

    • Go to the Wordfence Tools page
    • Click the Diagnostics tab
    • Scroll down to the Send Report by Email section
    • Send the report to yann[at]wordfence[dot]com

    Please make sure to include your forum username.

    Thread Starter Peter Berger

    (@petercabrinha)

    8 years, 8 months ago

    Hi Wfann

    The Wordfence System Info page says FPM/FastCGI.

    I’ve send you the report by email.

    Thanks, Peter

    wfyann

    (@wfyann)

    8 years, 8 months ago

    Hi @petercabrinha,

    Thanks for that! We’re looking into it.

    wfyann

    (@wfyann)

    8 years, 8 months ago

    Hi @petercabrinha,

    From the Diagnostics report you sent, it appears that there is no value set for the “Loaded Configuration File” parameter which is odd.

    Loaded Configuration File (none)

    However there are several “Additional .ini files parsed” whose content you’d need to check.

    Considering that the host uses PHP-FPM, it could be the case that PHP settings are defined in a “pool” file and that they override options set in your custom php.ini or .user.ini file, as outlined in our documentation.

    Thread Starter Peter Berger

    (@petercabrinha)

    8 years, 8 months ago

    Hi @wfyann

    Host says:
    Wordfence wants to change php.ini file, which is not possible on our webhosting platform because that runs on shared servers. But Wordfence works anyway.

    wfyann

    (@wfyann)

    8 years, 8 months ago

    Hi @petercabrinha,

    When you say:

    But Wordfence works anyway.

    Do you mean that you were able to finalize the optimization procedure and that the Protection Level now reads “Extended Protection“?

    Have you checked with your hosting provider about the presence of a “pool” file?

    Thread Starter Peter Berger

    (@petercabrinha)

    8 years, 8 months ago

    Hi @wfyann

    It is the tech people of the host that say Wordfence works despite that it says “Basic WordPress Protection”. They also say: “Wordfence wants to change php.ini file, which is not possible on our webhosting platform because that runs on shared servers.”
    I guess that means they have a pool file?

    wfyann

    (@wfyann)

    8 years, 7 months ago

    Hi @petercabrinha,

    Indeed Wordfence is working when the Protection Level shows “Basic WordPress Protection”.
    It’s just that being able to successfully complete the optimization process would enable the “Extended Protection”.

    Please refer to our documentation for more information on Protection Levels.

    Thread Starter Peter Berger

    (@petercabrinha)

    8 years, 7 months ago

    Offcouse. I know. That’s the point we are discussing.

    Host claims firewall is working, despite not able to completely finish installation, because php.ini is on shared servers.

    Do you agree that that is possible? Is there an other way to check?

    wfyann

    (@wfyann)

    8 years, 7 months ago

    Hi @petercabrinha,

    Yes, the firewall is working even if it hasn’t been optimized.

    However, some vulnerable plugins or WordPress itself may run vulnerable code before all plugins are loaded and in such case your server will not load the firewall.

    Thread Starter Peter Berger

    (@petercabrinha)

    8 years, 7 months ago

    Okay, thanks. I guess this is how far we can get on this type of hosting. Thanks for your help.

Viewing 13 replies - 1 through 13 (of 13 total)

The topic ‘Wordfence will not switch from “Basic WordPress Protection” to “Extended Protect’ is closed to new replies.