Plugin Support
wfphil
(@wfphil)
Hi @wigglepit
Will your hosting provider allow the uploading of a manually created wordfence-waf.php file in the root directory where WordPress is installed?
If they will allow this then send me your Wordfence diagnostics report. Please go to the top of the “Diagnostics” tab on the Wordfence “Tools” page. There will be a “SEND REPORT BY EMAIL” button to send the diagnostics report. Enter wftest [at] wordfence [dot] com as the email and @wigglepit as the forum username please.
Once you have emailed me the diagnostics report can you reply here to let me know that it has been sent. This is important in the unlikely event that your installation of WordPress is having an issue with sending mail.
For your information, if the firewall can’t be optimized then it will have to run in Basic WordPress Protection mode, which you can read about here:
https://www.wordfence.com/help/firewall/#firewall-optimization
Thank you for the reply! Here is what they said:
We wouldn’t be able to create the file manually on our Platform at this point, there is a limitation on our platform, the file wouldn’t have the correct file/write privileges in order to be able to function correctly, so sorry about this! At the moment the workaround is to use the Basic WordPress protection mode or utilize service like Cloudflare. If there are any changes around this in the future, we’ll be happy to provide an update from our team.
Plugin Support
wfphil
(@wfphil)
Hi @wigglepit
Thank you for the update.
It appears that they may misunderstand so can you ask them again please – here is some more information.
The wordfence-waf.php file would be created completely outside of the server and then simply uploaded to the root directory where WordPress is installed.
The wordfence-waf.php file would contain this code (with the correct absolute file path):
<?php
// Before removing this file, please verify the PHP ini setting 'auto_prepend_file' does not point to this.
if (file_exists('/absolute/file/path/to/wp-content/plugins/wordfence/waf/bootstrap.php')) {
define("WFWAF_LOG_PATH", '/absolute/file/path/to/wp-content/wflogs/');
include_once '/absolute/file/path/to/wp-content/plugins/wordfence/waf/bootstrap.php';
}
?>
Then this code would need to be added to the .user.ini file in the root directory where WordPress is installed:
; Wordfence WAF
auto_prepend_file = '/absolute/file/path/to/wordfence-waf.php'
; END Wordfence WAF
If they will allow the wordfence-waf.php file to be uploaded and the .user.ini file to be modified then due to file permission restrictions Wordfence wouldn’t be able to store the firewall data via the file storage method and you can try using the MySQLi storage engine instead:
https://www.wordfence.com/help/firewall/mysqli-storage-engine/
If it turns out that you can’t optimize the firewall at all; what is the hosting provider please so we know this for future reference?
Thank you so much! They answered me with some clarification and options I’d like to run by you, is there any way I can send it to you direct (rather than on a public forum) for privacy? Thanks!
Plugin Support
wfphil
(@wfphil)
Hi @wigglepit
Thank you for the update.
You can send info to wftest [at] wordfence [dot] com but I will have to reply here as we don’t provide email support.
Make sure you put @wigglepit in the email subject field and let me know here when you have sent it so I can look for the mail.
