Support » Plugin: Wordfence Security - Firewall & Malware Scan » Not auto-updating, even with .htaccess noabort

  • Resolved webcoast

    (@webcoast)


    Hi, the server that my client is hosted with uses LiteSpeed, and I have tried both of these settings in the .htaccess, but Wordfence is still not auto-updating to the latest version. Scanning of the system is working ok though, it is just auto-updating which is not working.
    I have tried these options (one at a time) in .htaccess and left it for about a week each, but still Wordfence did not auto-update.

    # BEGIN litespeed noabort
    RewriteEngine On
    RewriteRule .* – [E=noabort:1]
    # END litespeed noabort

    # BEGIN litespeed noabort
    SetEnv noabort 1
    # END litespeed noabort

    What else can I do, apart from having to upgrade manually each time Wordfence releases a new version? I don’t know whether the host has “External Application Abort” set to “No Abort”. If I set one of the .htaccess options can I bypass the Litespeed no abort check? Or do I have to have a separate setting “External Application Abort” set to “No Abort” to bypass the Litespeed no abort check?

    Thanks
    Nicola

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Hi Nicola,

    First, we need to make sure that the snippets were added to the correct “.htaccess” file and that your server is loading this file correctly. May I ask if the scans were working fine before adding the code in “.htaccess” file or not?
    You can confirm that with your web host and if the code was added correctly, you shouldn’t receive emails like this.

    If the code was added correctly, then there must be something else causing this issue, if you have object caching enabled on your hosting account, try to clear that type of cache, also if you are able to create a staging site clone of your website that would be great to disable other plugins and watch this issue for day or something.

    Let me know how it goes,
    Thanks.

    Hi,
    So I have made some progress, and a few things have changed as a result, but the Wordfence version still isn’t being auto-updated.

    I sent an email to the hosting provider for this client, and this is what they replied with “As you are on shared hosting we do not have litespeed caching enabled on the server enabled by default however reviewing your wordpress plugins I can see you have ‘litespeed-cache’ enabled, Looking into your hosting account I can also see there was ‘opcache’ enabled, This is a PHP Caching module. I have gone and disabled opcache but havn’t touched litespeed-cache”

    So it sounds like even though the server has the litespeed capability, it isn’t enabled for this client (maybe they have to pay extra for it?). So, I have deactivated and deleted the Litespeed plugin which was previously installed. The .htaccess file still contains the following at the very top of the file
    # BEGIN litespeed noabort
    SetEnv noabort 1
    # END litespeed noabort

    Even with litespeed cache plugin deleted the site did not auto-update to the latest version of Wordfence, so after a couple of days I updated it manually. As soon as I did that, I received this email :
    This email was sent from your website “Queensland Motorcycle School” by the Wordfence plugin at Tuesday 7th of August 2018 at 05:00:30 AM The Wordfence administrative URL for this site is: http://www.queenslandmotorcycleschool.com.au/wp-admin/admin.php?page=Wordfence
    To preserve the integrity of your website we are not running Wordfence auto-update.
    You are running the LiteSpeed web server which has been known to cause a problem with Wordfence auto-update.
    Please go to your website now and make a minor change to your .htaccess to fix this.
    You can find out how to make this change at:
    https://www.wordfence.com/help/?query=dashboard-litespeed-warning

    Alternatively you can disable auto-update on your website to stop receiving this message and upgrade Wordfence manually.

    User IP: 127.0.0.1
    User hostname: localhost

    So it seems that Wordfence is detecting that Litespeed is installed on the server, but since the host says that it is not ACTIVE/ENABLED for this client, Wordfence should be ignoring it. I have no idea whether what the hosting provider is saying is true – is it possible to have a Lite Speed Server, but to not use the litespeed functionality for a site on that shared server?

    Let’s assume that it IS possible to have a litespeed server, but to not have the litespeed active. Should there be the no abort or Set ENV in the .htaccess? Should I tick the ‘skip noabort check’ box? What should I do?

    Thanks
    Nicola

    Hi Nicola,

    I read your web host support agent’s reply and what I understand is that only LiteSpeed caching isn’t enabled on your server, but the server is still running on LiteSpeed. I recommend sharing this doc page with your web host and confirm with them that there isn’t anything that can make LiteSpeed abruptly abort requests.

    Thanks.

    did you resolve your issue? I’m in the same situation and Wordfence is not auto updating, I do not have LiteSpeed but Varnish not sure if this is the same cause.

    Hi elnath78, yes the issue was resolved. I ended up sharing the doc page that wfalaa suggested, with the website host support technicians and they made some adjustments to the .htaccess file which resolved the issue.

    Here is a section from the .htaccess file, I see they commented out the original noabort and added a different version.
    ## BEGIN litespeed noabort
    #SetEnv noabort 1
    ## END litespeed noabort

    # BEGIN litespeed noabort

    RewriteEngine On
    RewriteRule .* – [E=noabort:1]

    # END litespeed noabort

    Hope this helps.
    Regards, Nicola

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Not auto-updating, even with .htaccess noabort’ is closed to new replies.