Support » Plugin: Wordfence Security - Firewall & Malware Scan » Can’t configure firewall on SiteGround

  • Resolved susantau

    (@susantau)


    Hi,

    I had no problems installing Wordfence on all my WordPress sites EXCEPT my 2 sites on SiteGround. This is what happened:

    Basic installation of the Wordfence free plugin goes smoothly – except for a notification at the top of the screen that indicates the firewall still needs to be configured to benefit from extended versus basic firewall protection. But selecting the preselected configuration (Apache + SuPHP) did nothing – even after long waits and refreshing the page.

    I contacted SiteGround support and was told I need to select Apache + CGI/FastCGI. Which I did — but that didn’t work either.

    SO then I followed the instructions for Web Application Firewall Setup and the section specifically concerning SiteGround at https://docs.wordfence.com/en/Web_Application_Firewall_Setup#If_installation_completes_without_errors_but_the_firewall_still_shows_Basic_WordPress_Protection

    In cPanel, I added the variable auto_prepend_file = mypath to my subdirectory where my WordPress installation is and saved to all subdirectories. Then I went back to the WordPress Dashboard and the Wordfence firewall configuration page and selected Apache + CGI/FastCGI — but after waiting half an hour, still nothing has changed. My firewall protection still says “Basic” versus “Extended.”

    Could you please tell me what I’m doing wrong? Wordfence is such an excellent product, I really want it working without hitch on both of my SiteGround sites.

    Thank you!

    Susan

    • This topic was modified 4 years, 2 months ago by susantau.
Viewing 15 replies - 1 through 15 (of 19 total)
  • Hi @susantau,

    In order to make sure which Firewall setup you should be using:

    • Go to the Wordfence Tools page
    • Click the Diagnostics tab
    • In the Other Tests section (near the bottom of the page), click the link that reads “Click to view your system’s configuration in a new window“. This will open a Wordfence System Info page

    Check the Server API field. Is it consistent with the parameter which is “Recommended based on our tests“?

    Also, on that same Wordfence System Info page, you’ll see which value has been set for the “auto_prepend_file” directive. Is it the same as the value you specified for the PHP variable via cPanel?

    Thread Starter susantau

    (@susantau)

    Thank you for your reply! I followed your instructions and, yes, the Server API reports the one that I selected (CGI/FastCGI – which was recommended by the SiteGround support person) and the value of auto_prepend_file shows the correct path.

    My WordPress files are all within a subdirectory, not out in the root. When I specified the auto_prepend_file path, I was careful to select my WordPress subdirectory – but is it possible that something else in Wordfence might need adjusting so that it looks for a file in the WordPress subdirectory versus root?

    • This reply was modified 4 years, 2 months ago by susantau.

    Hi @susantau,

    Could you please:

    • Go to the Wordfence Tools page
    • Click the Diagnostics tab
    • Scroll down to the Send Report by Email section
    • Send the report to yann[at]wordfence[dot]com

    Please make sure to include your WordPress forum username.

    Thank you.

    • This reply was modified 4 years, 2 months ago by wfyann. Reason: Added WordPress forum username request
    Thread Starter susantau

    (@susantau)

    OK – just sent you the email report. Thank you!

    • This reply was modified 4 years, 2 months ago by susantau.

    Hi @susantau,

    Thanks for sending the report.

    It shows that the “auto_prepend_file” is not set; it displays “no value” for both the Local and Master values.

    What could be happening here is that your host has PHP settings defined in a “pool” file which are overriding the options you set.

    Another explanation would be that the use of “auto_prepend_file” has been disabled, either by your hosting provider or by a directive in the .htaccess file.

    Could you check with your hosting provider and let me know if any of the aforementioned cases applies.

    Thread Starter susantau

    (@susantau)

    Hi @wfyann,

    I just submitted a support ticket to SiteGround asking if either of these cases is true. I will let you know very soon the answer.

    Thank you!
    Susan

    Thread Starter susantau

    (@susantau)

    Hi @wfyann, SiteGround Support has fixed the issue – Wordfence’s extended firewall protection has been enabled on the my site.

    SiteGround did not directly answer your question that I had passed on to them (is there a pool file or has the auto_prepend_file been disabled?). However, they did tell me this is how they fixed the problem, which I’m guessing answers your question:

    To activate the extended protection I had to set the php.ini file to work recursively via the following line:

    Code:

    myhostserveraddress [~/path of wordpress subdirectory from public_html]# head -1 .htaccess
    SetEnv PHPRC /wordpress subdirectory path from home/php.ini

    This set the auto_prepended file to also apply for all subfolders of the website including the WordFence plugin.

    I don’t understand this, I am hoping this is something I can figure out enough to change the php.ini myself when I proceed to optimize the Wordfence firewall on my other site on SiteGround. Any tips or suggestions are welcome! Perhaps you could add an update to the Wordfence on SiteGround documentation that is here: https://docs.wordfence.com/en/Web_Application_Firewall_Setup#SiteGround_and_other_hosts_without_.user.ini_support

    Thank you!

    • This reply was modified 4 years, 2 months ago by susantau.
    • This reply was modified 4 years, 2 months ago by susantau.

    Hi-

    I am having the same issue. Siteground tells me that “SetEnv PHPRC /wordpress subdirectory path from home/php.ini” is active in my .htaccess. When they look they see that the prepend line is present too in the info. They also cleared the cache. The site still shows that is has not taken effect. What can I do next? Thanks

    Jay

    making this a new topic.

    Hi @jpomerantz,

    Indeed if the solution mentioned here didn’t work for you, then it must be a different issue.

    We’ll look into the topic you created.

    Thanks

    SOLUTION FOR FIREWALL NOT WORKING ON SITEGROUND

    1) Create a php.ini file in your installation root folder and add the following line:
    auto_prepend_file = '/home/youruser/public_html/yourdomain.com/wordfence-waf.php'

    2) Then to make sure this rule is applied recursively, you must add also this line to your root .htaccess file:
    SetEnv PHPRC /home/youruser/public_html/yourdomain.com/php.ini

    Thats it.

    Thread Starter susantau

    (@susantau)

    Since my WordPress installation is in its own subdirectory (not in the root), I’d like to verify the locations for the php.ini and .htaccess files and the two relevant paths:

    Should the php.ini file be placed in the WordPress subdirectory, and should the path I give for the auto_prepend_file look like this:
    /home/youruser/public_html/wordpress-subdirectory/wordfence-waf.php ?

    Should the .htaccess file be in the actual root (not the WordPress subdirectory), and should the path I give for SetEnv PHPRC look like this:
    /home/youruser/public_html/nov2017wp/php.ini ?

    Thank you!
    Susan

    I think both files should be in the root of the WordPress installation. But in case it doesn´t work, dont worry, you can copy both files to the root of the domain also, it won´t break anything.

    Tell me if it works! 😉

    Hi @susantau,

    Sorry about the delayed response.

    The SetEnv PHPRC directive allows you to specify a php.ini file for a given subdirectory.

    • This reply was modified 4 years, 2 months ago by wfyann. Reason: wrong link
Viewing 15 replies - 1 through 15 (of 19 total)
  • The topic ‘Can’t configure firewall on SiteGround’ is closed to new replies.