Title: Warning about php_auth.php when activating WAF
Last modified: August 31, 2016

---

# Warning about php_auth.php when activating WAF

 *  [Touda](https://wordpress.org/support/users/touda/)
 * (@touda)
 * [10 years ago](https://wordpress.org/support/topic/warning-about-php_authphp-when-activating-waf/)
 * When activating the new Wordfence firewall on a customer’s blog, I see this warning:
 * > The Wordfence Web Application Firewall is designed to run via a PHP ini setting
   > called auto_prepend_file in order to ensure it runs before any potentially 
   > vulnerable code runs. This PHP setting is currently in use, and is including
   > this file:
   > /www/cgi-system/php_auth.php
   > If you don’t recognize this file, please contact us on the WordPress support
   > forums before proceeding.
 * Curiously, that directory doesn’t exist on the server. I can only see a /cgi-
   bin/
 * What should be done in these cases?
 * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/)

The topic ‘Warning about php_auth.php when activating WAF’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [Touda](https://wordpress.org/support/users/touda/)
 * Last activity: [10 years ago](https://wordpress.org/support/topic/warning-about-php_authphp-when-activating-waf/)
 * Status: not resolved