Support » Plugin: Wordfence Security - Firewall & Malware Scan » Installing on main and add-on domain

  • Resolved guischarf



    A similar question was asked before, but its answers do not quite address this problem. I am installing and configuring WordFence [WF] in a cpanel add-on domain. So I have 2 working WordPress sites running out of the same cpanel hosting as this:

    /home/yyyy/public_html/ <- WordPress Site One
    /home/yyyy/public_html/addon/ <- WordPress Site Two

    Site One already has WordFence installed, I am installing on Site Two

    When I go on CLICK HERE TO CONFIGURE, a popup opens with this message:

    To make your site as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP setting called auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP setting is currently in use, and is including this file:

    That means that WordFence on Site Two is finding wordfence-waf.php file that belongs to Site One.

    It then suggests that either I merge or override the settings, and here is where things start to get confusing. What will each action do? How do the differ? I would like to keep the sites and their plugins completely independent. What should I do? Merge or Override?

    To make things worse, further down it shows this note:

    NOTE: If you have separate WordPress installations with Wordfence installed within a subdirectory of this site, it is recommended that you perform the Firewall installation procedure on those sites before this one.

    Is it saying I should install WF in Site Two before I install WF in Site One? This does not make much sense to me, since Site One was created and configured way before Site Two existed.

    How should I proceed? Can I just ignore this Note?

    Thanks so much!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Hi @guischarf

    In this case, you should just choose “Override”, as this will keep the wordfence-waf.php file loaded for the first site, and when a user hit your second site, the other wordfence-waf.php on the second site will be loaded.

    If the note message was followed you wouldn’t see this whole thing in first place. Also, although you have already configured the firewall on the first site, you still have the chance to click on “Remove Extended Protection” on the first site from (Wordfence > Firewall > Manage Firewall > Protection Level), then configure the firewall on the second site followed by the first site.




    Similar situation here!
    Mine is two wp site in the same hosting, site 2 is not just a directory in site 1.

    They’re separate two site, but sharing the same domain and same IP.
    Basically they’re totally the same.

    The Problem is I was installed wordfence each site.
    Only one shows normal(Blacklist) and the other’s not.

    Any suggestion to fix it?

    Many thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Installing on main and add-on domain’ is closed to new replies.