jamwordfence1
Forum Replies Created
-
Hi Peter et al,
If you get a moment …could you answer my quick question of ~3 weeks ago please!…its related to the .user.ini file and location or rather the position of your ‘auto_prepend_file’ in the .htaccess file (I give you a typical listing order and worry it may not be correctly positioned/prioritised….
Thanks…Best…John
Hi Peter,
Thank you for those very helpful observations and suggestions…very much appreciated!
I have (and have done for some while but still get many log-in attempts) blocked access to XML-RPC, hopefully it helps, with regards to making the .user.ini file so its not visible publicly (don’t have any users other than myself) is this via the Permissions settings? (currently 644)…and finally I can see the reference auto_prepend only in two places and these are within the #Wordfence WAF routine which is almost always at the end of the .htaccess file…depending on which cache I am using on the particular website the order is typically…as below….should this order change? (eg. WordFence subroutine move up the file) …I did a search for a auto_prepend file across all files but none could be found so I am hoping that I am not a file missing..hopefully this is a label for a passing variable and not an actual file?….thanks for all your help…sure am learning a few things… 😎…Best…John
1 # BEGIN LiteSpeed noabort
8 # BEGIN WordPress
24 # BEGIN Security Block
25 # Block the include-only files
36 # Disable directory listing
39 # Deny access to .htaccess file
45 # Deny access to wp-config.php file
51 # Force HTTPS
56 # Remove header with PHP version
62 # Wordfence WAF
63 <IfModule LiteSpeed>
64 php_value auto_prepend_file ‘/xxxxxxxxxxxxxxxxx/wordfence-waf.php'
65 </IfModule>
66 <IfModule lsapi_module>
67 php_value auto_prepend_file ‘/xxxxxxxxxxxxxxxxx/wordfence-waf.php'
79 # END Wordfence WAFHi Peter,
Thank you for this information...just what I was looking for.
Yes, I have had a barrage of very targeted and relentless attacks from players who seem to have a large variety of alias IP’s...
...one (from India – Tata Services) actually gained access to my cPanel account (I’ve no idea what they did of didn’t do) even though I use 1password manager with a 23 digit random generated password and 2FA with a 30 second OTP...they still gained access ...and Namecheap just say its me...lol.
Hence the need to deny access o most ( I don’t have and won’t many subscribers).
I did notice in my .htaccess file that waf routine ...assumed to be WordFence... seemed to have some dynamic passing parameters in php files...
...maybe that is helpful in ‘denying access’ although I suspect it might still permit these Asian based IP’s access....without knowing how they gained access its hard to know exactly what to do for the best...hence my slight overreaction.
It’s a shame that obviously talented people should use those talents to create such a negative contribution to society...but maybe that is just me getting old...lol.
Let me know if I have missed the point in anyway ...or if you have any other thoughts or comments.
Best...
JohnThanks Peter,
Yes…Mia was super helpful…still dont understand how they gained access to my domain (they have repeatedly emailed using my website domain address…..and not just the one website….even emailed me with handbag offers to make the point they could get my domain blacklisted…AND dont know why Wordfence failed to find two viruses using the sensitive / longer Wordfence scan….makes me lose some confidence in Wordfence.
Best…
John
PS. Any chance for a multisite licence for my super simple and small websites…will reduce these to 5 in number if it helped…?