romprod

Never mind, I’ve figured it out, the following was loaded into a .htaccess file.

# Wordfence WAF
<IfModule mod_php7.c>
       php_value auto_prepend_file '/var/www/html/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
       Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
       Order deny,allow
       Deny from all
</IfModule>
</Files>

<IfModule mod_env.c>
   SetEnv PHPRC /etc/php/7.0/apache2/php.ini
</IfModule>

# END Wordfence WAF