Hi @thewebsitecompany,
It sounds like you’ve been pretty thorough with your cache and attempting manual installation. There are some considerations for Litespeed, most notably noabort for failing scans, but I’m not sure this is related to optimization also: https://www.wordfence.com/help/advanced/system-requirements/litespeed/
It might be best if you send a diagnostic report over to wftest @ wordfence . com. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email
Thanks,
Peter.
Hi @thewebsitecompany, I’ve not received a diagnostic report this week so I was just wondering if you are able to mark this as resolved if the optimization is now working, or still need to send it over to us?
Thanks again,
Peter.
Hi, thank you for following up. Unfortunately, I still have the issue as my site is being hacked almost weekly so I suspect the firewall is not correctly integrated as my other sites are fine (with same setups).
I have sent the diagnostics.
Thank you.
Hi @thewebsitecompany,
Did you include your forum username (thewebsitecompany) when sending the diagnostics? I don’t have them in our inbox when searching for your email.
The Wordfence diagnostic can be exported as a txt file on the Wordfence > Tools > Diagnostics page, which could be sent directly to the wftest @ wordfence . com email address from your personal/work email. Remember to put your forum username in the email’s subject line and let me know here you’ve sent it so I can try finding it there instead and I’ll take a look.
If your site has been compromized and you’re not referring to attempts picked up in Live Traffic, it sounds like there could be another attack vector. As a rule, any time I think someone’s site has been compromised I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database. Make sure to do this.
Once I see your diagnostic we can decide whether a full site cleaning might be necessary.
Thanks,
Peter.
Hi,
Yes I definitely included my username in the report. I can try again from my personal email if it has not been received.
Thank you
Bex
That’d be great @thewebsitecompany, the txt export sent manually to wftest @ wordfence . com with your username in the subject would be perfectly fine for me to take a look at as the one direct from your site doesn’t seem to have come through.
Let me know once it’s been sent.
Peter.
Hi, I have sent the diagnostics txt manually via my work email.
Thank you
Bex
@wfpeter Please can you look at this? Thanks
Hi @thewebsitecompany,
I have looked at your diagnostic report and aside from your max_execution_time value being 120 when we’d recommend 60 (we’ve seen issues with higher values than this) and WP_MEMORY_LIMIT being 40 when we’d recommend 128 or 256, there doesn’t appear to be too much wrong. I’m not seeing communication errors but of course auto_prepend_file is still reporting no value.
Do you see the same result for an unset auto_prepend_file if you run a test.php containing <? echo phpinfo(); in the root of your site? With Litespeed, I see you’ve already tried manually setting the value in php.ini, but you could try populating the .htaccess/.user.ini files manually too. On some servers, you could use FTP or a file manager to access your .htaccess file in the root directory and make sure this code is input:
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
Then also, in the same directory, edit your .user.ini file with this code:
; Wordfence WAF
auto_prepend_file = '/your/path/to/wordfence-waf.php'
; END Wordfence WAF
Make sure to change the path above with the one where wordfence-waf.php actually resides.
Thanks again,
Peter.
