Wordfence Firewall wont update htaccess

SJW
(@whitsey)

7 years ago
I have tried to “Optimize the Wordfence Firewall” using the method “Apache + SuPHP”

Every time I click “Continue” I get this message:

We were unable to make changes to the .htaccess file. It’s possible WordPress cannot write to the .htaccess file because of file permissions, which may have been set by another security plugin, or you may have set them manually. Please verify the permissions allow the web server to write to the file, and retry the installation.

My htaccess file has permissions 644 which is correct.
To test, I tried changing htaccess to 777 but I still get the same error.

I’m thinking there may be a lock or semaphore somewhere that wordfence isn’t clearing to retest this file?

What am I missing?

Ok, so I thought I would update permalinks to see if WP could write to htacess and NO?
I changed htaccess to 777 again and still no:

If your .htaccess file were writable, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your .htaccess file. Click in the field and press CTRL + a to select all.

Now I’m concerned – I’m installing Wordfence because the site was recently hacked. Is there some way that the file is using a remote htaccess?
- This topic was modified 7 years ago by SJW. Reason: additional test results

Viewing 11 replies - 1 through 11 (of 11 total)

wfyann
(@wfyann)

7 years ago
Hi @whitsey,

In order to check if this could be related to your environment, could you please check the Wordfence System Info page:
- Go to the Wordfence Tools page
- Click the Diagnostics tab
- In the Other Tests section (near the bottom of the page), click the link that reads “Click to view your system’s configuration in a new window”.
- Server API
- Loaded Configuration File
- PHP Version
Also you can find additional information on the Firewall setup here.
- This reply was modified 7 years ago by wfyann. Reason: rephrasing
Thread Starter SJW
(@whitsey)

7 years ago
Thanks for the reply.

I clicked the link “Click to view your system’s configuration in a new window” but all it did was open the home page of the website, so I tried a few extra things:
- I tried a few times with a browser reload with the same result.
- I tried it in incognito mode to exclude browser caching and still only home page
- I removed htaccess & php.ini and tried = same result
- I changed theme to the default twentyseventeen and still = loads the home page
- (I have no caching software installed.)
I have had my server company review the account and all permissions etc are set correctly and they can’t find anything wrong.

Can’t help but think that this is related in some way.
- PHP version is 5.6
Is there another way to get Server API & Loadad Config File?
wfyann
(@wfyann)

7 years ago

Hi @whitsey,

It seems you have a redirection in place either via a plugin or a theme.

If you have a default theme then it’s most likely related to a plugin.

Could you temporarily disable plugins that might be causing this and try again to open the Wordfence System Info page?

Alternatively, you can add a script to your server in order to get that information.

repairman1946
(@repairman1946)

7 years ago

I have also tried to “Optimize the Wordfence Firewall” using the method “Apache + SuPHP”, with the same messages.

My question is: In this suggestion, how do I access “php.ini:” [Alternate method:

We’ve also included instructions to manually perform the change if you are using a web server other than what is listed in the drop-down, or if file permissions prevent this change.

You will need to append the following code to your php.ini:

auto_prepend_file = ‘/homepages/25/d458073587/htdocs/site/demo2/wordfence-waf.php’]

Thread Starter SJW
(@whitsey)

6 years, 12 months ago

Thanks @wfyann

I am of the same opinion – I have tried everything I can think of that could possible be redirecting URLs that’s why I’m here – usually you can find the problem in htaccess or the default theme or a plugin.

These are the plugins used – if you can think of anything, please do let me know otherwise, i’ll keep trying. I’ll try the server script as well.

Akismet Anti-Spam – Version 3.3
All In One SEO Pack – Version 2.3.12.2.1
Calendar – Version 1.3.9
Contact Form 7 – Version 4.7
Google Language Translator – Version 5.0.30
MailPress – Version 5.4.1
Really Simple CAPTCHA – Version 1.9
Slideshow – Version 2.3.1
Widgets on Pages – Version 0.0.12
Wordfence Security – Version 6.3.6
WP CSS Dropdown Menu – Version 4.0.2
WP CSS Dropdown Menu JS add-on – Version 4.0.2
Thread Starter SJW
(@whitsey)

6 years, 12 months ago
Oh, the server script is just phpinfo.

Ok, here are the settings:
- Server API: CGI/FastCGI
- Loaded Configuration File: /home/xxxxxxx/public_html/php.ini
- PHP Version: 5.6.26
BTW – I’ve already added auto_prepend_file to php.ini and it is being loaded so I think Wordfence is working properly, I just don’t like not knowing why I can’t do it from wp-admin when I have done it on other sites previously…
- This reply was modified 6 years, 12 months ago by SJW.
- This reply was modified 6 years, 12 months ago by SJW.
wfyann
(@wfyann)

6 years, 12 months ago

Hi @whitsey,

I’m not sure which of these plugins (if any) is causing the redirection and whether or not it’s related to Wordfence not being able to update the .htaccess file.

What I suggest at this stage is to disable one plugin at a time and try to access the Wordfence System Info page in order to identify the potential culprit.

If you’re OK to revert the changes made to the php.ini file, you can also try and carry out the optimization procedure each time you disable one plugin.

I would also highly recommend you follow these steps to check if your site has been hacked.

wfyann
(@wfyann)

6 years, 11 months ago

Hi @whitsey,

The reason why you were able to setup the firewall via the admin interface on other sites but not on this one could be explained by difference in the systems configurations.

Regarding the redirection issue, I am assuming that the instructions helped you identify the cause and ultimately solve the problem.

However, if you are still experiencing it, please create another topic for that specific problem so we can further investigate.

Thank you.

Thread Starter SJW
(@whitsey)

6 years, 11 months ago

The site was hacked – that’s why I installed Wordfence and started the process of hardening.
The system is exactly the same as the others – i have a VPS which I use to create accounts with the same configuration so that’s definitely not it.

I have not solved the problem – I am still trying to identify it. The redirection isn’t an issue I care about. I just used phpinfo() to get the info.

wfyann
(@wfyann)

6 years, 11 months ago

Hi @whitsey,

Sorry about the delayed response.

In your original post you wrote:

I have tried to “Optimize the Wordfence Firewall” using the method “Apache + SuPHP”

However the phpinfo() shows: Server API= CGI/FastCGI. Have you tried optimizing the firewall with that server configuration?

Also, even though the error message you received when carrying out the procedure was:
“We were unable to make changes to the .htaccess file.[…]”. Could you please check if you see the lines “# Wordfence WAF” and “# END Wordfence WAF” with code in between, in the .htaccess file?

On sites with CGI/FastCGI (like yours), the firewall setup uses .user.ini; can you see such file populated with the auto_prepend_file directive?

emmathefoodbrood
(@emmathefoodbrood)

6 years, 10 months ago

I’m having the same problem – something is obviously blocking my being able to optimise. And I am a complete computer novice so I have no idea what’s meant by adding code etc. I do know I haven’t been hacked because I’m brand new and wordfence says I haven’t!
Help!

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Wordfence Firewall wont update htaccess’ is closed to new replies.