I want to be sure I understand your issue.
When you talk about the Vhost server do you mean that sites are served in a directories like this.
public_html/SiteA
public_html/SiteA/SiteB
public_html/SiteA/SiteC
public_html/SiteA/SiteD
and so on.
If so, is SiteA the one with the working firewall? Sites B, C, and D are the ones affected by SiteA’s firewall. Is that right?
Tim
Hi Tim
Na, the directories are like this…
public_html/SiteA
public_html/SiteB
public_html/SiteC
public_html/SiteD
“SiteA the one with the working firewall? Sites B, C, and D are the ones affected by SiteA’s firewall.” That is correct.
Regards
Chris
Hi @ckhatton,
Wordfence will generate or modify the .htaccess
found in the document root.
Is the .htaccess
found in /public_html
or only in /public_html/SiteA
?
Dave
Only in /public_html/SiteA
.
Looking at the WordFence ones, they look a little over engineered.
One site with WordFence installed, has no WordFence lines in the .htaccess, which happens to be the website we have to switch off WordFence to edit other sites.
Are any of this lines likely to affect other sites on the server…
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# Wordfence WAF
<IfModule mod_php7.c>
php_value auto_prepend_file '/var/www/html/websites/siteA/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
Especially php_value auto_prepend_file '/var/www/html/websites/siteA/wordfence-waf.php'
?
Where’s .user.ini
located?
Thank you
Chris
php.ini or .user.ini (either can be used) should be in SiteA, SiteB, etc. Did you clone all these sites when setting them up?
Tim
Na they are expanded straight from a wordpress.zip
downloaded from the official WordPress site, at the time of setup.
The website which happens to be the website we have to switch off WordFence to edit other sites, I will install WordFence fully and see if it fixes it.
Thank you
Chris
I’ve just realised that because it is an Apache2 server the files php.ini
and user.ini
aren’t used, only .htaccess
, and hence why I couldn’t see them.
-
This reply was modified 5 years, 1 month ago by Chris Hatton.
Ar, this might be something. When I tried to uninstall enhanced protection I got this…
Unable to Uninstall
Extended Protection Mode has not been disabled. This may be because 'auto_prepend_file' is configured somewhere else or the value is still cached by PHP. Try Again
Does that mean WordFence has added that line in the main php conf files, and why it might be affecting other websites?
Yep… It’s been listed 4 times in…
$ etc > php > 7.0 > apache2 > php.ini
The file is 7241 lines long!! 😟
I am going to clean up the file now and remove the ‘auto_prepend_file’ line.
What worries me is, how does WordFence have write access to that file??
-
This reply was modified 5 years, 1 month ago by Chris Hatton.
-
This reply was modified 5 years, 1 month ago by Chris Hatton.