Title: PHP 7.3: Invalid command ‘php_value Last modified: January 25, 2020 --- # PHP 7.3: Invalid command ‘php_value * Resolved [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/) * Hi, * My host moved all sites to a new server 10 days ago. Today, all the sites running NinjaFirewall went down with 500 server errors. The error log shows: * `/home/XXXX/XXXX/.htaccess: Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration` * All sites use PHP version 7.3 with the suphp PHP handler. All the sites have the following `.htaccess` rule for the firewall: * ``` # BEGIN NinjaFirewall php_value auto_prepend_file /home/XXXX/XXXX/wp-content/nfwlog/ninjafirewall.php # END NinjaFirewall ``` * And all sites have the following rule in the `.user.ini` file: * ``` ; BEGIN NinjaFirewall auto_prepend_file = /home/XXXX/XXXX/wp-content/nfwlog/ninjafirewall.php ; END NinjaFirewall ``` * If I comment out these lines in `.htaccess`, I recover access to the sites, but I cannot log into the WordPress dashboard. One site gives me a 404 error and takes me to `http://79.153.226.174/$`. Another with brute force protection always on just scrolls between the captcha page, and another with brute force protection always on allows me to access the WordPress dashboard. * Could you indicate what the correct `.htaccess` rules should be for one site, and then I will try this accross all sites? - This topic was modified 6 years, 2 months ago by [barnez](https://wordpress.org/support/users/pidengmor/). Reason: Correct typos * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fphp-7-3-invalid-command-php_value%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 11 replies - 1 through 11 (of 11 total) * Thread Starter [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/#post-12364585) * The troubleshooter script for the 404 error site linked to above gives: * ``` HTTP server : Apache PHP version : 7.3.13 PHP SAPI : CGI-FCGI auto_prepend_file : /home/XXXX/XXXX/wp-content/nfwlog/ninjafirewall.php wp-config.php : found in /home/XXXX/XXXX/wp-config.php NinjaFirewall detection : NinjaFirewall WP Edition is loaded (Full WAF mode) Loaded INI file : /opt/cpanel/ea-php73/root/etc/php.ini user_ini.filename : .user.ini user_ini.cache_ttl : 300 seconds User PHP INI : .user.ini found - DOCUMENT_ROOT : /home/XXXX/XXXX ABSPATH : /home/XXXX/XXXX/ WordPress version : 5.3.2 WP_CONTENT_DIR : /home/XXXX/XXXX/wp-content Plugins directory : /home/XXXX/XXXX/wp-content/plugins User Role : Unknown role (or user not logged in) User Capabilities : Error: missing manage_options capability - Error: missing unfiltered_html capability Make sure you are logged in to WordPress before running this script. Log dir permissions : /home/XXXX/XXXX/wp-content/nfwlog dir is writable Cache dir permissions : /home/XXXX/XXXX/wp-content/nfwlog/cache dir is writable NinjaFirewall (WP edition) troubleshooter v1.8 ``` * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/#post-12364649) * You should remove the rules from your .htaccess, your host is using PHP FCGI which requires .user.ini only. Try to comment out the lines in your .user.ini too, and wait a few minutes until PHP refreshes its cache. Then log in to WordPress admin dashboard, go to “NinjaFirewall > Dashboard” and click on the “Click here to enable its Full WAF mode” link to automatically add the directive to your . user.ini. * Thread Starter [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/#post-12364926) * Commenting out `.user.ini` helped. It took a little while for PHP to refresh, but then the backend was accessible and the Firewall was running in WordPress WAF mode. However, during the setup for the Full WAF mode it shows the following message: * ``` Oops! Full WAF mode is not enabled yet. Make sure your HTTP server support the php_value auto_prepend_file directive in .htaccess files. Maybe you need to restart your HTTP server to apply the change, or simply to wait a few seconds and reload this page? ``` * After refreshing the page it shows ‘NinjaFirewall is running in Full WAF mode.’ But the same rules with are added to `.htaccess` again, so I am back where I started 🙁 : * ``` # BEGIN NinjaFirewall php_value auto_prepend_file /home/XXX/XXXX/wp-content/nfwlog/ninjafirewall.php # END NinjaFirewall ``` * Thread Starter [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/#post-12364935) * **Litespeed** is the default recommended on the setup. If I select **Apache + CGI/FastCGI or PHP-FPM**, after the 300 sec wait it returns back to the installer again. - This reply was modified 6 years, 2 months ago by [barnez](https://wordpress.org/support/users/pidengmor/). Reason: add info on test with other server option * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/#post-12365055) * Try “Apache + suPHP” as you mentioned “PHP version 7.3 with the suphp PHP handler”. * Thread Starter [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/#post-12365203) * Tried Apache + suPHP, but the install rolls back to: **NinjaFirewall is running in WordPress WAF mode**. * The same with all 5 sites. * If I try and unistall and reinstall on one of the 5 sites, I hit the same issue. However, if I try a clean install of Ninja Firewall on another site on the same server, it installs successfully as `NinjaFirewall is running in Full WAF mode.` after using the Litespeed server settings. * It’s strange. Could this be related to the recent server migration? - This reply was modified 6 years, 2 months ago by [barnez](https://wordpress.org/support/users/pidengmor/). * Thread Starter [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/#post-12365453) * Left alone for a while and now the Full WAF mode is accepted using the `Litespeed( recommended)` option. However, the `php_value auto_prepend_file` directive is again being added to the `.htaccess` file. Does this mean that the following srevr error is likely to be triggered again, leading to a 500 server error: * ``` /home/XXXX/XXXX.htaccess: Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration, referer: https://www.XXXX/ ``` * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/#post-12366069) * Your configuration seems to be Litespeed + Apache FCGI: * ``` < HTTP/1.1 302 Found < Connection: Keep-Alive < Content-Type: text/html < Content-Length: 681 < Date: Sun, 26 Jan 2020 10:41:47 GMT < Server: LiteSpeed ``` * Try “Apache + suPHP” and select “php.ini”, not “.user.ini”. * Thread Starter [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/#post-12366220) * I have tried that. It creates the `php.ini` file and adds the `suPHP_ConfigPath` rules to the `.htaccess` file, but after the 300 sec refresh it is still in WordPress WAF mode. * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/#post-12366257) * That’s odd. Maybe only LiteSpeed is being used, as suggested by the installer. In that case, select “Apache + PHP 7 module”. It will add the code to the .htaccess with a `` directive that should prevent the 500 error. * Thread Starter [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/#post-12366304) * That’s the one! The Full WAF mode loads fine now on all sites now. Thank you for your help. Viewing 11 replies - 1 through 11 (of 11 total) The topic ‘PHP 7.3: Invalid command ‘php_value’ is closed to new replies. * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137) * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/) * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/) ## Tags * [500 error](https://wordpress.org/support/topic-tag/500-error/) * [PHP 7.3](https://wordpress.org/support/topic-tag/php-7-3/) * [php_value](https://wordpress.org/support/topic-tag/php_value/) * 11 replies * 2 participants * Last reply from: [barnez](https://wordpress.org/support/users/pidengmor/) * Last activity: [6 years, 2 months ago](https://wordpress.org/support/topic/php-7-3-invalid-command-php_value/#post-12366304) * Status: resolved