Staging site and wordfence-waf.php

  • Resolved jethrotull

    (@jethrotull)


    4 years ago

    I created a staging site with Siteground and installed wordfence on the staging site. Now I have moved the site from staging to live. In the live site there is a Wordfence notice:

    To make your site as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP setting called auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP setting is currently in use, and is including this file:
    /home/customer/www/staging2.josteltd.com/public_html/wordfence-waf.php.
    This is pointing to the staging site.
    I deleted wordfence plugin and reinstalled but same message.

    How can I correct this? Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfscott

    (@wfscott)

    4 years ago

    @jethrotull

    In your php.ini file in the root of the live site, check for the following:

    auto_prepend_file = /home/customer/www/staging2.josteltd.com/public_html/wordfence-waf.php

    If you see it there, remove that. You will then want to do the following:

    Go to your SiteGround cPanel and go to PHP Variables Manager. Click the sub-folder that your current live WordPress site is located in there. If it is in public_html, click that.

    You will then see a field where you can enter a variable. Enter: auto_prepend_file there and click add. You will see a new field come up for auto_prepend_file where you can enter a path. We will return here in a second.

    In a new tab, go back to your live site and goto Wordfence > Firewall > All Firewall Options. Click the Optimize the Wordfence Firewall button and then click the dropdown box and select Manual Configuration at the bottom, then continue. You will then see something similar to this:
    auto_prepend_file = ‘/home/sitename/public_html/subfolder/wordfence-waf.php’
    Just copy the path inside the single quote characters, in my case, /home/sitename/public_html/subfolder/wordfence-waf.php

    Go back to your PHP Variables Managers tab and paste that path you copied into the auto_prepend_file field and click the checkbox for Apply changes to all sub-directories? and click Save. Make sure the confirmation screen has no errors, then go back to your site and refresh it. The firewall should be at 100%.

    Thread Starter jethrotull

    (@jethrotull)

    4 years ago

    Hi wfscott (@wfscott)

    Really appreciate your detailed response.
    I must have missed something because I got locked out of my own site.
    Have only just got back into the WP dashboard and will try again.

    Thanks for your help

    jebr

    Thread Starter jethrotull

    (@jethrotull)

    4 years ago

    Hi wfscott (@wfscott)

    OK. Done. Tks

    jebr

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Staging site and wordfence-waf.php’ is closed to new replies.