auto_prepend_file not working

  • Resolved wally2012

    (@wally2012)


    8 years, 4 months ago

    Hello,

    on a brand new website I just installed Wordfence and I got the message:

    To be as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP ini setting called auto_prepend_file in order to ensure it runs before any potentially vulnerable code runs.

    so using the preselected server configuration (Apache+suPHP) I clicked continue but in my .htaccess file I only found the following added by wordfence:

    # END WordPress

    # Wordfence WAF

    # END Wordfence WAF

    Plus, the warning message is still in my WP dashboard. Can you please advise on how to fix this?

    Thanks!

Viewing 9 replies - 1 through 9 (of 9 total)
  • wfyann

    (@wfyann)

    8 years, 4 months ago

    Hi @wally2012,

    On sites with CGI/FastCGI or suPHP, the firewall setup uses the “.user.ini” file.

    Have you checked the suggestions outlined in our documentation?

    Thread Starter wally2012

    (@wally2012)

    8 years, 4 months ago

    Hello,

    I checked the Wordfence diagnostic and my hosting is using PHP version 7.0.26 , does this mean it’s a CGI/FastCGI or suPHP hence I need to use .user.ini file as described in your documentation?

    Thanks!

    wfyann

    (@wfyann)

    8 years, 4 months ago

    Hi @wally2012,

    In order to make sure which Firewall setup you should be using:

    • Go to the Wordfence Tools page
    • Click the Diagnostics tab
    • In the Other Tests section (near the bottom of the page), click the link that reads “Click to view your system’s configuration in a new window“. This will open a Wordfence System Info page

    Check the Server API field. Is it consistent with the parameter which is “Recommended based on our tests“?

    Thread Starter wally2012

    (@wally2012)

    8 years, 4 months ago

    Hello,

    so in the diagnostic, I get this API field:

    Server API: CGI/FastCGI

    while in the recommended based on the test I get:

    Apache+suPHP

    seeing the difference, in the drop-down menu shall I pick Apache+CGI/FastCGI option and click CONTINUE?

    Thanks!

    wfyann

    (@wfyann)

    8 years, 4 months ago

    Hi @wally2012,

    I’m not sure why the “Apache+suPHP” configuration is suggested.

    Please select the “Apache+CGI/FastCGI” option.

    Thread Starter wally2012

    (@wally2012)

    8 years, 4 months ago

    Ok I picked that, but this is what i get in my .htaccess file, i don’t think it’s correct?

    # END WordPress

    # Wordfence WAF

    # END Wordfence WAF

    wfyann

    (@wfyann)

    8 years, 3 months ago

    Hi @wally2012,

    Indeed, this doesn’t seem correct.

    Could you enable WP DEBUG and check the generated debug file?

    Also, could you please confirm which hosting provider you’re using?

    wfchloe

    (@wfchloe)

    8 years, 3 months ago

    Hello!

    I hope we were successful in helping you resolve your issue with Wordfence! Since we have not heard back from you in the past 2 weeks I will now be marking this support thread as resolved. However, if we still haven’t resolved your issue please reach out to us as we would be more than happy to further assist you!

    Thanks and have a great day!
    Chloe

    Thread Starter wally2012

    (@wally2012)

    8 years, 3 months ago

    Hi @wfyann,

    in my dashboard, the message is not there any longer, so I guess I’ll have to go into Wordfence settings to enable the auto_prepend. I am good in enabling the DEBUG, but can you please provide the steps to generate the right logs that you need?

    Thanks!

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘auto_prepend_file not working’ is closed to new replies.

Tags