Title: Advanced Firewall without changing php.ini?
Last modified: November 3, 2017

---

# Advanced Firewall without changing php.ini?

 *  Resolved [dianimation](https://wordpress.org/support/users/dianimation/)
 * (@dianimation)
 * [8 years, 8 months ago](https://wordpress.org/support/topic/advanced-firewall-without-changing-php-ini/)
 * Hi there!
 * Unfortunately I’m not able to optimize the Web Application Firewall. Every time
   I tried it ends in a 500 internal server error (error in a cgi-script). I can’t
   change the php.ini by myself (don’t have access to the servers root-configuration),
   and my hosting-provider will not do it, because it’s a shared server. Is there
   a way to get it work anyway?
 * I already tried:
    * all steps in the “click here for help”-section, which don’t
   need a php.ini-modification * I deinstalled Wordfence with all of its tables 
   and manually deleted the Wordfence-sections in .htaccess and user.ini and reinstalled
   Worfence again.
 * After reinstallation all of the files are there and modified: The specific sections
   are placed in .htaccess and user.ini and the wordfence-waf.php is created. But
   after that, the 500 internal server error appears and I have to override the 
   htaccess-file with my backup to get the site to work again.
 * Is there a way without changing the php.ini at all?
    Please for help! Thanks,
   Diana
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fadvanced-firewall-without-changing-php-ini%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [wfalaa](https://wordpress.org/support/users/wfalaa/)
 * (@wfalaa)
 * [8 years, 8 months ago](https://wordpress.org/support/topic/advanced-firewall-without-changing-php-ini/#post-9647873)
 * Hi Diana,
    May I know first which hosting provider are you using?
 * Also, checking the server error log should reveal more information regarding 
   this “500 internal server error”, in case you don’t know where to find your server
   error log file, then I suggest asking your server provider.
    After that you can
   re-configure the firewall again and make note of the pre-selected “server’s configuration”
   and let me know what it was, then when you get this “500 internal server error”
   again, you have to look into the server error log file and let me know what you
   will find there.
 * Thanks.
 *  Thread Starter [dianimation](https://wordpress.org/support/users/dianimation/)
 * (@dianimation)
 * [8 years, 8 months ago](https://wordpress.org/support/topic/advanced-firewall-without-changing-php-ini/#post-9650103)
 * Thanks for your quick reply!
 * The hosting provider is a small local one, called cablelink. Their support told
   me, that I can’t change the php.ini. My WordPress-error-log-file doesn’t show
   anything for these dates. I asked the cable-link-support for specific server-
   error-logs. Hopefully I will get an answer soon.
 * But I previously asked the provider-support about my server-configuration – the
   preselected one “Apache + mod_php” should be the right one.
 * I’ll be back as soon as I get the error-log …
 *  Thread Starter [dianimation](https://wordpress.org/support/users/dianimation/)
 * (@dianimation)
 * [8 years, 8 months ago](https://wordpress.org/support/topic/advanced-firewall-without-changing-php-ini/#post-9655125)
 * Hi there!
 * News from my provider – the server-error-log shows this error:
 * [Fri Nov 03 12:28:57.935814 2017] [core:alert] [pid 32312] [client
    MYIP:60933]/
   vhost_44145/.htaccess: php_value not allowed here, referer: [http://www.MYSITE.at/wp-admin/admin.php?page=WordfenceWAF&wafAction=configureAutoPrepend&currentAutoPrepend](http://www.MYSITE.at/wp-admin/admin.php?page=WordfenceWAF&wafAction=configureAutoPrepend&currentAutoPrepend)
 * Am I right, that this does confirm, that my provider doesn’t allow to add something
   to php.ini? And is there another way to get the Advanced Firewall up and running?
 * Thanks again! Diana
 *  [wfalaa](https://wordpress.org/support/users/wfalaa/)
 * (@wfalaa)
 * [8 years, 8 months ago](https://wordpress.org/support/topic/advanced-firewall-without-changing-php-ini/#post-9656517)
 * Hi Diana,
    The last error message means that adding this line: `php_value auto_prepend_file'/
   path_to/wordfence-waf.php'` to “.htaccess” file isn’t supported by your host,
   since you have mentioned that editing php.ini file manually isn’t supported either,
   then I’m afraid you don’t have any other choices to enable “[Extended Protection](https://docs.wordfence.com/en/Web_Application_Firewall_-_Basic_WordPress_Protection_vs._Extended_Protection)”
   on your website.
 * Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Advanced Firewall without changing php.ini?’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * ["500 internal server error"](https://wordpress.org/support/topic-tag/500-internal-server-error/)

 * 4 replies
 * 2 participants
 * Last reply from: [wfalaa](https://wordpress.org/support/users/wfalaa/)
 * Last activity: [8 years, 8 months ago](https://wordpress.org/support/topic/advanced-firewall-without-changing-php-ini/#post-9656517)
 * Status: resolved