Title: Nginx
Last modified: March 16, 2020

---

# Nginx

 *  Resolved [wigglepit](https://wordpress.org/support/users/wigglepit/)
 * (@wigglepit)
 * [6 years, 2 months ago](https://wordpress.org/support/topic/nginx-25/)
 * Wanted to install Wordfence on site using Nginx, running into roadblocks. Contacted
   my host and they said:
 * “Unfortunately, Wordfence is one of the plugins that has a requirement we are
   unable to accommodate at this time. The wordfence-waf.php file needs to created
   within the root, which we lock down for security reasons. However, that file 
   seems to be a part of the Extended Protection option. You may be able to install
   the plugin without using that feature. Please try (1) turning off this option
   or (2) re-installing without using the Extended Protection option. ”
 * Would like your suggestions on this. Wouldn’t turning this off defeat the purpose
   of the plugin, so does this mean I shouldn’t use Wordfence for my site? Even 
   if I bought premium? If not, can you help me figure out how to turn it off? And
   what about the .user.ini file?
 * Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Support [wfphil](https://wordpress.org/support/users/wfphil/)
 * (@wfphil)
 * [6 years, 2 months ago](https://wordpress.org/support/topic/nginx-25/#post-12554625)
 * Hi [@wigglepit](https://wordpress.org/support/users/wigglepit/)
 * Will your hosting provider allow the uploading of a manually created **_wordfence-
   waf.php_** file in the root directory where WordPress is installed?
 * If they will allow this then send me your Wordfence diagnostics report. Please
   go to the top of the “**_Diagnostics_**” tab on the Wordfence “**_Tools_**” page.
   There will be a “**_SEND REPORT BY EMAIL_**” button to send the diagnostics report.
   Enter **_wftest [at] wordfence [dot] com_** as the email and **_[@wigglepit](https://wordpress.org/support/users/wigglepit/)_**
   as the forum username please.
 * Once you have emailed me the diagnostics report can you reply here to let me 
   know that it has been sent. This is important in the unlikely event that your
   installation of WordPress is having an issue with sending mail.
 * For your information, if the firewall can’t be optimized then it will have to
   run in **_Basic WordPress Protection_** mode, which you can read about here:
 * [https://www.wordfence.com/help/firewall/#firewall-optimization](https://www.wordfence.com/help/firewall/#firewall-optimization)
 *  Thread Starter [wigglepit](https://wordpress.org/support/users/wigglepit/)
 * (@wigglepit)
 * [6 years, 2 months ago](https://wordpress.org/support/topic/nginx-25/#post-12557043)
 * Thank you for the reply! Here is what they said:
 * We wouldn’t be able to create the file manually on our Platform at this point,
   there is a limitation on our platform, the file wouldn’t have the correct file/
   write privileges in order to be able to function correctly, so sorry about this!
   At the moment the workaround is to use the Basic WordPress protection mode or
   utilize service like Cloudflare. If there are any changes around this in the 
   future, we’ll be happy to provide an update from our team.
 *  Plugin Support [wfphil](https://wordpress.org/support/users/wfphil/)
 * (@wfphil)
 * [6 years, 2 months ago](https://wordpress.org/support/topic/nginx-25/#post-12557639)
 * Hi [@wigglepit](https://wordpress.org/support/users/wigglepit/)
 * Thank you for the update.
 * It appears that they may misunderstand so can you ask them again please – here
   is some more information.
 * The **_wordfence-waf.php_** file would be created completely outside of the server
   and then simply uploaded to the root directory where WordPress is installed.
 * The **_wordfence-waf.php_** file would contain this code (with the correct absolute
   file path):
 *     ```
       <?php
   
       // Before removing this file, please verify the PHP ini setting 'auto_prepend_file' does not point to this.
   
       if (file_exists('/absolute/file/path/to/wp-content/plugins/wordfence/waf/bootstrap.php')) {
       define("WFWAF_LOG_PATH", '/absolute/file/path/to/wp-content/wflogs/');
       include_once '/absolute/file/path/to/wp-content/plugins/wordfence/waf/bootstrap.php';
       }
       ?>
       ```
   
 * Then this code would need to be added to the **_.user.ini_** file in the root
   directory where WordPress is installed:
 *     ```
       ; Wordfence WAF
       auto_prepend_file = '/absolute/file/path/to/wordfence-waf.php'
       ; END Wordfence WAF
       ```
   
 * If they will allow the **_wordfence-waf.php_** file to be uploaded and the **_.
   user.ini_** file to be modified then due to file permission restrictions Wordfence
   wouldn’t be able to store the firewall data via the file storage method and you
   can try using the MySQLi storage engine instead:
 * [https://www.wordfence.com/help/firewall/mysqli-storage-engine/](https://www.wordfence.com/help/firewall/mysqli-storage-engine/)
 * If it turns out that you can’t optimize the firewall at all; what is the hosting
   provider please so we know this for future reference?
 *  Thread Starter [wigglepit](https://wordpress.org/support/users/wigglepit/)
 * (@wigglepit)
 * [6 years, 2 months ago](https://wordpress.org/support/topic/nginx-25/#post-12558424)
 * Thank you so much! They answered me with some clarification and options I’d like
   to run by you, is there any way I can send it to you direct (rather than on a
   public forum) for privacy? Thanks!
 *  Plugin Support [wfphil](https://wordpress.org/support/users/wfphil/)
 * (@wfphil)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/nginx-25/#post-12564463)
 * Hi [@wigglepit](https://wordpress.org/support/users/wigglepit/)
 * Thank you for the update.
 * You can send info to wftest [at] wordfence [dot] com but I will have to reply
   here as we don’t provide email support.
 * Make sure you put [@wigglepit](https://wordpress.org/support/users/wigglepit/)
   in the email subject field and let me know here when you have sent it so I can
   look for the mail.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Nginx’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 5 replies
 * 2 participants
 * Last reply from: [wfphil](https://wordpress.org/support/users/wfphil/)
 * Last activity: [6 years, 1 month ago](https://wordpress.org/support/topic/nginx-25/#post-12564463)
 * Status: resolved