I would suggest you use either the .user.ini or the .htaccess file in the forum directory to tell PHP to STOP auto-prepending the WordFence WAF firewall file into there. It is catching and blocking some of the POSTs.
Since your forum is in a subdirectory of the main install, the WAF “auto_prepend” will extend into there.
Put this option in the forum directory’s .htaccess file
php_value auto_prepend_file none
Or better, create a .user.ini file in that directory stating
auto_prepend=none
The “none” tells PHP that you do not want an “auto_prepend_file” to be used there.
Thread Starter
patjk
(@patjk)
@crudhunter : Thanks, I tried this method yesterday:
“create a .user.ini file in that directory stating
auto_prepend=none”
And the issue still persists. This should be in the /forum directory, right?
Should I try the .htaccess method instead? I’m wondering why the .user.ini method isn’t working.
Thanks.
Not all hosting environments support .user.ini files. They are only supported and processed if you run the CGI/FastCGI SAPI. In other types, like suPHP, use .htaccess.
The auto_prepend config can generally be placed in either of php.ini, .user.ini, or with the different syntax, in .htaccess files. Just like other PHP config values.
IF the PHP environment you are using support that file. As mentioned, .user.ini is only supported by CGI/FastCGI/PHP-FPM. Not under others.
One thing to check is where the original “auto_prepend = Wordfence WAF” config is in your site’s root directory. Did WordFence put it in php.ini, .user.ini, or ,htaccess? You should likely use the same to turn it off for the subdirectory..
Yes, to do the disconnect, it would have to go in the forums directory.
Hi patjk,
as has already been stated, the solution to this would be to replicate the Wordfence Firewall Optimization in the subdirectory where your forum resides but change it so it sets the auto_prepend_file value to none. So just check what the setup looks like in the root of your WordPress installation, copy the setup to your forum subfolder and change the code which might look something like this
php_value auto_prepend_file '/home/public_html/wordfence-waf.php‘
to this
php_value auto_prepend_file none
The setup will either involve code in .htaccess, code in .user.ini or a .user.ini and code in .htaccess which loads the .user.ini.
Be careful not to copy your WordPress .htaccess rules with it as that may give some undesired effects. 🙂
Hope that helps!
Thread Starter
patjk
(@patjk)
@crudhunter @wfasa Thanks. So in the root direction of domain.com, in .htaccess I see:
# Wordfence WAF
<IfModule mod_php5.c>
php_value auto_prepend_file '/home/patjk/public_html/speedsolving/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
—-
I added that same code above to the .htaccess of domain.com/forum except I change:
php_value auto_prepend_file ‘/home/public_html/wordfence-waf.php‘
to this:
php_value auto_prepend_file none
Is that correct? Or do I need to look into user.ini and php.ini as well? It seems to have solved the issue but want to confirm all is okay. Thanks
The auto_prepend would normally be only on one place. So if you found it in .htaccess, that would be it.
You really only need to add the
php_value auto_prepend_file none
in the /forum directory’s .htaccess.
You are simply turning off running of the WAF the forum software can run.
Thread Starter
patjk
(@patjk)
Thanks, much appreciated!
Hi again patjk!
Hoping you got that all sorted now. Setting this thread to resolved for now but don’t hesitate to get back in touch if you have more questions in the future.
Hope you have a great weekend!
