Hi @iwantaufani,
Could you make sure that the wp-content/ directory is writable by the web server user, at least during the setup process.
You can then make wp-content/ unwritable as long as wp-content/wflogs/ has been created and remains writable by the web server user.
Also, please have a look at the Firewall Setup guide on our docs platform.
Hello @wfyann,
thank so much for your response
as per your instruction first I have set the folder permission into 777 as you can see at this link http://prntscr.com/eqce91
and then I reinstall the plugin, however after I installed again the plugin still when I click the configure button http://prntscr.com/eqcfig
the error message appeared as is http://prntscr.com/eqcfy8
Do I miss the steps ?
thank you
best regards
iwan taufani
@iwantaufani,
Could you check that the setting specified for the optimization is consistent with your actual configuration. In order to find out which Firewall setup you should be using:
- Go to the Wordfence Tools page
- Click the Diagnostics tab
- In the Other Tests section (near the bottom of the page), click the link that reads “Click to view your system’s configuration in a new window“. This will open a Wordfence System Info page
- Check the Server API field. Is it consistent with the parameter which is “Recommended based on our tests“?
Another thing you might want to check is the content of the .htaccess file (at the root of your WordPress install) to see if you can find a “# Wordfence WAF” section where the auto_prepend_file variable is set.
In case the auto_prepend_file isn’t set, please check the permissions on the .htaccess file.
If it is set, please contact your hosting provider to check if the use of auto_prepend_file has been disabled.
A word of caution regarding the ownership of the wp-content directory:
For security reasons, having the root user as the owner of the directory is not recommended.
In your case this is probably due to the fact the web server runs as root which can have major consequences on your system’s security.
You might want to modify your web server’s configuration in order to specify a different user.
hello @wfyann,
thank you for your response
I have several questions that I want to ask you
1. I have checked my Server API and the result is “Apache 2.0 Handler” but how can I find the “Recommended based on our tests“ ? so I can compare both of the data
2. You are suggesting that “For security reasons, having the root user as the owner of the directory is not recommended ”
Could you guide me how to change it ?
thank you
could you also help me set the plugin so my website will more secure ?
Hi Iwan (@iwantaufani)
Just after you clicked the “Click here to configure” button, you will see a drop-down list with a blue “Continue” button right next to it.
One of the options in that list will be followed by “(Recommended based on our tests)“.
Also on the Wordfence System Info page, could you check the values associated with the following parameters:
- Loaded Configuration File
- PHP Version
- cURL support
- cURL Information
Regarding the modification of the user the web server runs as, I’m afraid this falls outside of the scope of Wordfence support.
However, there are plenty of resources that will provide guidance. (For example, try the following string in a search engine: “change the user apache runs as”)
