Support » Plugin: Wordfence Security - Firewall & Malware Scan » Addon Domain and Wordfence waf.php problem

  • Resolved patboran

    (@patboran)


    I’ve just installed WP and WF on website2, which is set up as an AddOn Domain (on Siteground) of an existing website1, on which WF Premium is working flawlessly.

    When I try to set up the firewall I get the following warning :

    “(To make your site as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP setting called auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP setting is currently in use, and is including this file:

    /home/yyyy/public_html/wordfence-waf.php”

    I see in a post of two years ago that the advice was to choose OVERRIDE, and I’ve done so, but the Firewall fails to be implemented and the same message is still there.

    I’m nervous of messing up the firewall/WF setup on website1 (an ecommerce site) but would like to have the protection of even basic Wordfence on website 2 (a simple personal site).

    Any ideas where I’m going wrong? All advice gratefully received from a community that constantly surprises and inspires! Thanks in advance

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @patboran

    The optimization wizard won’t work on SiteGround because they disallow the use of a .user.ini file and a php.ini file must be used instead. This requires a manual setup.

    Each site must have a wordfence-waf.php file present in the directory where WordPress is installed. This is the same directory where the WordPress wp-config.php configuration file exists. The wordfence-waf.php file is generated automatically when you run through the firewall optimization wizard, even though it fails to complete. Based on your description you should have a wordfence-waf.php file present in the WordPress file system on both websites.

    Each site must have a php.ini file present in the directory where WordPress is installed. This is the same directory where the WordPress wp-config.php configuration file exists.

    Each site must have a line of code added to the .htaccess file present in the directory where WordPress is installed. This is the same directory where the WordPress wp-config.php configuration file exists. This line of code tells the web server to use the correct php.ini file for that site as you have two php.ini files present in the hosting account.

    For each site find the correct server file path. Expand the WordPress Settings section on the Wordfence Tools >> Diagnostics page. Look for the line ABSPATH, an example is below:

    /home/xxxxx/public_html/

    NOTE: The file path will be different for each site!!!

    Don’t continue unless a wordfence-waf.php file is present in the directory where WordPress is installed for both sites.

    For each site create or edit the php.ini and add this code below. NOTE: You must have the correct file path to the wordfence-waf.php file in the code below for each site that you found earlier!!!:

    ; Wordfence WAF
    auto_prepend_file = '/home/xxxxx/public_html/wordfence-waf.php'
    ; END Wordfence WAF

    Now, For each site edit the .htaccess file and add this line of code below. NOTE: You must have the correct file path to the correct php.ini file in the code below for each site that you found earlier!!!:

    SetEnv PHPRC /home/xxxxx/public_html/php.ini

    Once that is complete you can send a diagnostics report for both websites and I can check that you have done this properly. Please go to the top of the “Diagnostics” tab on the Wordfence “Tools” page. There will be a “SEND REPORT BY EMAIL” button to send the diagnostics report. Enter wftest [at] wordfence [dot] com as the email and @patboran as the forum username please.

    Once you have emailed me the diagnostics reports can you reply here to let me know that they have been sent. This is important in the unlikely event that your installations of WordPress are having an issue with sending mail.

    Thanks so much for the exhaustively thorough response to my query. To be honest I’m not at all sure that I’m capable of carrying out the process you describe without going badly wrong somewhere (and doing more damage than good).

    Maybe it makes more sense to try to hire someone to take on the task on my behalf, especially as they would have your generous instructions to follow. The question now is where to find them.

    But thanks again, sincerely, for your thoughts, and for your time.

    Plugin Support wfphil

    (@wfphil)

    Hi Patrick,

    I see that you have opened a premium support ticket as you are a premium customer so I will send full instructions for you there and SiteGround are normally happy to help with this. I will mark this as resolved.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.