Just tried adding to my htaccess file and still not making warning go away..
Tried it with and without php.ini at the end as per instructions found on the https://docs.wordfence.com/en/Web_Application_Firewall_Setup page
SetEnv PHPRC /home/public_html/mydot.com/
I’m having the same problem where the configuration message won’t go away despite having the correct code in .htaccess and php.ini.
I found a fix that works for me. The code that Wordfence adds to the htaccess was enclosed in an IfModule statement. When I removed that IfModule statement so it was just php_value then it works.
I don’t see any change to my htaccess file so there is nothing to remove as you describe..
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteRule ^site-admin/?$ /wp-login.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Ok, so i poked around a few of the other sites I have updated and I did find the code and once I added it to my htaccess the configure warning message went away.. Must be an issue where it doesn’t write to htaccess if php.ini part fails on initial setup..
# Wordfence WAF
<IfModule mod_suphp.c>
suPHP_ConfigPath ‘/home/public_html/mydot.com’
</IfModule>
<Files “.user.ini”>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
Hi modiphier,
Thanks for the details — we’ll look at automating this in a future version, or including it in the documentation if it may not be possible on some sites.
@wpdev999: Thanks also for the input!
-Matt R
@wfmattr
Just for reference, the host for the site in question uses CloudLinux to manage PHP. It doesn’t support php.ini or .user.ini. Any PHP variables should be added to .htaccess.
Hi wpdev999,
Thanks for the additional details — I checked with the dev team, and it looks like we may just need to change the IfModule directive to use mod_lsapi instead of mod_php5 in this case, so we can likely cover this in one of the upcoming releases. Thanks!
-Matt R
