Support » Plugin: Wordfence Security - Firewall & Malware Scan » Firewall optimization not working or not detected

  • Hi there,

    first of all, Wordence is an amazing product, thank you for such a complex tool!

    I switched on experimentally PHP-FPM on one site to test performance (rest of the sites uses mod_php). Everything is working as a charm, but I’m facing one issue with Wordfence. Once the environment has been changed, Wordfence offered again option for optimization of FW by auto_prepend_file, this time by .user.ini file. Setup was successful, however Wordfence still offering options for optimization:
    IMG

    And Wordfence > Tools > Wordfence Firewall Current WAF configuration says auto_prepend_file is not active:
    IMG 2

    But phpinfo says it is:
    IMG 3

    I tried to disable other plugins – no luck.
    I tested, if wordfence-waf.php is executed – yes.
    I tried to remove plugin and data a make clean Wordfence installation – no effect.

    Only setting via global php.ini works as expected.

    Huh, I’m pretty confused.

    Thanks in advance for any hint,
    Ludek

    • This topic was modified 1 month, 3 weeks ago by  ludekcerny.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support WFGerroald

    (@wfgerald)

    Hey @ludekcerny,

    I spoke with a colleague about this, and here were his thoughts.

    In rare cases, when a host uses PHP-FPM, they may have PHP settings defined in a “pool” file. These settings can override options set in your custom php.ini or .user.ini file. You may need to ask the host if they have settings in the pool file. The default location for the pool file on new Ubuntu servers is similar to /etc/php/7.0/fpm/pool.d/www.conf (depending on the PHP version) and an example of an option that would override your auto_prepend_file option is php_admin_value[auto_prepend_file] = none. If the host is able to remove this option, it should allow your settings to be used for the firewall.

    https://www.wordfence.com/help/firewall/optimizing-the-firewall/troubleshooting/

    Please let me know if this helps.

    Thanks,

    Gerald

    Hi, thanks for your fast response.

    I have full control over the server, so I checked this rare case before, but IMO this is not my case. When you look at this picture, the file is prepended by local settings: https://pivovarolesna.cz/wp-content/uploads/fw-03.png, but Wordfence tough, it isn’t. My theory is, that Wordfence in not able to detect it properly.

    I tested, if the files:
    /wordfence-waf.php
    /wp-content/plugins/wordfence/waf/bootstrap.php

    are executed and they are! So prepending seems to be working, however Wordfence says no. Strange. If you want to inspect the situation on the server, I can grant you access to the FTP and WP admin. Let me know.

    Cheers.
    Ludek

    Hi @wfgerald

    Some ideas?
    I tried just execute test.php in the root with this code:
    print_r (ini_get (‘auto_prepend_file’));
    and the output is
    /var/www/pivovarolesna.cz/www/wordfence-waf.php

    I’m really wondering if auto_prepend_file really works and the error is only in wordfence detection.

    BR,
    L.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.