Title: Sarah's Replies | WordPress.org
---
# Sarah
[ ](https://wordpress.org/support/users/reenipants/)
* [Profile](https://wordpress.org/support/users/reenipants/)
* [Topics Started](https://wordpress.org/support/users/reenipants/topics/)
* [Replies Created](https://wordpress.org/support/users/reenipants/replies/)
* [Reviews Written](https://wordpress.org/support/users/reenipants/reviews/)
* [Topics Replied To](https://wordpress.org/support/users/reenipants/replied-to/)
* [Engagements](https://wordpress.org/support/users/reenipants/engagements/)
* [Favorites](https://wordpress.org/support/users/reenipants/favorites/)
Search replies:
## Forum Replies Created
Viewing 6 replies - 1 through 6 (of 6 total)
* Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
In
reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Unable to optimise the firewall](https://wordpress.org/support/topic/unable-to-optimise-the-firewall/)
* Thread Starter [Sarah](https://wordpress.org/support/users/reenipants/)
* (@reenipants)
* [4 years, 2 months ago](https://wordpress.org/support/topic/unable-to-optimise-the-firewall/#post-15381163)
* Hello,
* I’ve been back-and-forthing with my hosting provider.
* They have confirmed that my .htaccess is recursive, so it doesn’t make sense
that the Wordfence auto_prepend_file code is not working even though I have it
in “/home/username/public_html/.htaccess”.
* ```
php_value auto_prepend_file '/home/username/public_html/wordfence-waf.php'
```
* The auto_prepend_file doesn’t seem to work unless I put it into “/home/username/
public_html/wp-admin/.htaccess”. I asked my Hosting provider whether there was
a reason for this, as I thought it would work if I just had it in “/home/username/
public_html/.htaccess”.
* This was their response:
* > While investigating the issue, I found that the plugin was originally intended
> to work with auto_prepend_file added in the .user.ini file and the .htaccess
> was only a secondary alternative to it. You may refer to the developers thread
> at:
> [https://wordpress.org/support/topic/waf-configuration-installation-issue/#post-14173061](https://wordpress.org/support/topic/waf-configuration-installation-issue/#post-14173061)
> Since there is no server-level restriction on this, I would recommend you reach
> out to the vendor for more insight on this.
* I followed the instructions at that [post link](https://wordpress.org/support/topic/waf-configuration-installation-issue/#post-14173061)
also, without any success.
* So to clarify, I have now tried the following:
* – Added `define('WFWAF_STORAGE_ENGINE', 'mysqli');` inside wordfence-waf.php
–
Removed the “wp-content/wflogs” folder – Switched the Firewall from ‘Learning
mode’ to ‘Enabled and Protecting’
* The following code is in the .htaccess file in my root directory:
* ```
# Wordfence WAF
Require all denied
Order deny,allow
Deny from all
# END Wordfence WAF
```
* In the same directory, I have a .user.ini file with the following code:
* ; Wordfence WAF
auto_prepend_file = ‘/home/username/public_html/wordfence-waf.
php’ ; END Wordfence WAF
* I have even tried the other user’s suggestion of renaming the .user.ini file
and then renaming it back again, without any success.
* Any insight would be very much appreciated.
* Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
In
reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Unable to optimise the firewall](https://wordpress.org/support/topic/unable-to-optimise-the-firewall/)
* Thread Starter [Sarah](https://wordpress.org/support/users/reenipants/)
* (@reenipants)
* [4 years, 2 months ago](https://wordpress.org/support/topic/unable-to-optimise-the-firewall/#post-15371883)
* Just an update…
* I inserted this code into .htaccess of my root folder:
* ```
# Wordfence WAF
php_value auto_prepend_file '/home/username/public_html/wordfence-waf.php'
php_value auto_prepend_file '/home/username/public_html/wordfence-waf.php'
Require all denied
Order deny,allow
Deny from all
# END Wordfence WAF
```
* That didn’t work on its own, so I created .htaccess within /wp-admin/ where I
also inserted the code. I refreshed the firewall and it now states “extended
protection”.
* I’m now wondering whether this is just a temporary fix or an actual solution?
Should I copy that code across to .htaccess in /wp-content/ and /wp-includes/
or just leave it as it is? Is it actually providing the proper level of protection?
* Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
In
reply to: [[NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall] Unable to activate full WAF mode](https://wordpress.org/support/topic/unable-to-activate-full-waf-mode/)
* Thread Starter [Sarah](https://wordpress.org/support/users/reenipants/)
* (@reenipants)
* [4 years, 2 months ago](https://wordpress.org/support/topic/unable-to-activate-full-waf-mode/#post-15371775)
* I followed your advice and although the troubleshooter script said that it was
running in Full WAF mode, the firewall did not display that.
* “auto_prepend_file” value was empty when I checked “info.php” in /wp-admin/ folder.
* It appeared that it was not affecting subdirectories.
* I have now added the “auto_prepend_file” directive to .htaccess within the /wp-
admin/ folder. Check of “info.php” shows positive value. I refreshed the firewall,
which now displays that it is running in Full WAF mode.
* So to sum up, I now have the following code in .htaccess of my root folder as
well as /wp-admin/.htaccess
* ```
# BEGIN NinjaFirewall
php_value auto_prepend_file "/home/blah/public_html/wp-content/nfwlog/ninjafirewall.php"
# END NinjaFirewall
```
* My question now is: Is this really a fix? Or have I just made a temporary fix
that I still need a proper resolution for? Is the Full WAF mode actually working
like it says it is? Do I have to copy the code into a .htaccess file within each
of the subdirectories such as /wp-content/ and /wp-includes/ ?
- This reply was modified 4 years, 2 months ago by [Sarah](https://wordpress.org/support/users/reenipants/).
- This reply was modified 4 years, 2 months ago by [Sarah](https://wordpress.org/support/users/reenipants/).
* Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
In
reply to: [[NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall] Unable to activate full WAF mode](https://wordpress.org/support/topic/unable-to-activate-full-waf-mode/)
* Thread Starter [Sarah](https://wordpress.org/support/users/reenipants/)
* (@reenipants)
* [4 years, 3 months ago](https://wordpress.org/support/topic/unable-to-activate-full-waf-mode/#post-15368312)
* My site is hosted by A2 Hosting. Their response is that the .user.ini file works
in the root folder and any subdirectories.
* I currently have NinjaFirewall deactivated while I’m looking for a fix.
* Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
In
reply to: [[Jetpack - WP Security, Backup, Speed, & Growth] Jetpack connectione rror](https://wordpress.org/support/topic/jetpack-connectione-rror/)
* Thread Starter [Sarah](https://wordpress.org/support/users/reenipants/)
* (@reenipants)
* [4 years, 3 months ago](https://wordpress.org/support/topic/jetpack-connectione-rror/#post-15368142)
* Hello @bobmatyas –
* It’s actually resolved on its own now and I’m not entirely sure what happened.
My hosting provider confirmed that there was nothing wrong with my SSL.
* Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
In
reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Unable to optimise the firewall](https://wordpress.org/support/topic/unable-to-optimise-the-firewall/)
* Thread Starter [Sarah](https://wordpress.org/support/users/reenipants/)
* (@reenipants)
* [4 years, 3 months ago](https://wordpress.org/support/topic/unable-to-optimise-the-firewall/#post-15367337)
* Hello Peter,
* Yes, I’ve followed both the troubleshooting and initial setup documentation.
* **Directive in the .user.ini file is:**
; BEGIN Wordfence WAF auto_prepend_file
= ‘/home/username/public_html/wordfence-waf.php’ ; END Wordfence WAF
* **I have the following directive in .htaccess:**
# Wordfence WAF php_value auto_prepend_file ‘/home/username/public_html/wordfence-waf.php’
php_value auto_prepend_file ‘/home/username/
public_html/wordfence-waf.php’ Require all denied Order deny,allow
Deny from all # END Wordfence WAF
* I have also tried renaming .user.ini to php.ini without any success.
I have
deactivated all plugins and tried with just WordFence running. It didn’t work.
* My site is on A2 Hosting.
Server API: LiteSpeed V8.0 Cloudlinux 1.3 . $_SERVER[‘
SERVER_SOFTWARE’] LiteSpeed
* Permissions on my WordPress site’s directories are 755.
How do I check that
the owner on my WordPress root directory is www-data?
- This reply was modified 4 years, 3 months ago by [Sarah](https://wordpress.org/support/users/reenipants/).
Viewing 6 replies - 1 through 6 (of 6 total)