Wordfence warning about php file during optimization

  • Resolved atomicpro

    (@atomicpro)


    10 months, 1 week ago

    while optimizing wordfence, I get this message about a php file:

    the Wordfence Web Application Firewall is designed to run via a PHP setting called auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP setting is currently in use, and is including this file: /opt/php8.0.30.5/lib/mysql-vars.php

    I don’t know what this file is from. or if it needs to be deleted. Does anyone know what this file might be for, or if it could be malicious?

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    10 months, 1 week ago

    Hi @atomicpro, thanks for reaching out!

    We have seen cases of this file come up previously. I didn’t find much on Google at that time about mysql-vars.php, but the pattern seems that a certain host is including this. You can always check-in with their support just to make sure. If you could let me know the hosting company, it may help other customers asking about this file in future with websites in the same place.

    Once you’re happy that the file is legitimate, when optimizing the firewall using the wizard, selecting the INCLUDE option will ensure that when your auto_prepend_file value is changed to point to wordfence-waf.php, our file will also include mysql-vars.php, ensuring no required files are excluded from your site.

    Many thanks,
    Peter.

Viewing 1 replies (of 1 total)

The topic ‘Wordfence warning about php file during optimization’ is closed to new replies.