VKWebmaster
Forum Replies Created
-
Hi Wfasa,
I really appreciate your feedback, but its still unclear to me whether the firewall is actually working.
I know from inserting debug code
<div style='display:none;'> MyCheck </div>
into wordfence-waf.php
that my site is loading wordfence-waf.php via a prepend_file directive in .htaccess/.user.ini.
You indicate that this means I should have extended protection. So does a normally working fire wall have a Protection Level: Extended WordPress Protection?
I never see any entries in ‘Blocked by Firewall’ category of the live traffic view.
Am I really lucky or is this what one would expect.Hi,
I’ still trying to get this working, I took a look in bootstrap.php but I’m not sure what I could instrument there.
You indicated that if I see
‘Basic WordPress Protection’ then that indicates that the Firewall is not working, why does the firewall summary page not simply say something more explicit?The firewall page say:
Protection Level: Basic WordPress Protection
Firewall Status: Enabling and ProtectingBut from what you are saying this actually means
Protection Level: Basic WordPress Protection
Firewall Status: Not workingCan you confirm this because I am looking for something that is a definitive indicator of the firewall not working, I was then going to work backwards through the code to see why the firewall was being flagged as not working. Is this a reasonable approach or is there a suitable point in bootstrap that I should instrument?
Protection Level: Basic WordPress Protection
Yes, latest version of wordpress and wordfence.
Every time I load the firewall page I still see
To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall:However the Firewall status says: Enabled and Protecting.
If I go to live traffic and view Blocked by Firewall, there is never any reports of traffic being blocked. That list is always empty.
So at this point I am not sure whether the firewall is working or not.It says:
Server API CGI/FastCGIYes I checked the logs and see no errors during or after the firewall configuration process.
Still trying to get this working!
I amended my wordfence-waf.php file to include a line to print a div
as follows:<?php // Before removing this file, please verify the PHP ini setting <code>auto_prepend_file</code> does not point to this. if (file_exists('/usr/local/xxx/vhosts/xxxx/webspace/siteapps/WordPress/htdocs/wp-content/plugins/wordfence/waf/bootstrap.php')) { define("WFWAF_LOG_PATH", '/usr/local/xxx/vhosts/xxxx/webspace/siteapps/WordPress/htdocs/wp-content/wflogs/'); include_once '/usr/local/xxx/vhosts/xxxx/webspace/siteapps/WordPress/htdocs/wp-content/plugins/wordfence/waf/bootstrap.php'; echo "<div style='display:none;'> MyCheck </div>"; } ?>I see the tag
<div style=’display:none;’> MyCheck </div>
On every page after that edit. This confirms (I think) that .user.ini is working, wordfence-waf.php is being called and that bootstrap.php is being included but I still get the message saying the firewall needs to be configured.
I see there is a reference to wflogs but I cannot view these, could they give us a clue to what is happening?According to the hosting firm my site is using CGI/FastCGI, wordfence plugin was identifying my server as Apache + suPHP (recommended based on our tests),
I have changed the dropdown to CGI/FastCGI and reran the firewall configuration but I still get the
To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall
message, can anyone tell me what .htaccess and user.ini should contain for a server API of CGI/FastCGI?Still cannot get this working, I have tried all of the options in the dropdown now without success, Is there some way od debugging this?
The selected option for me was
Apache + suPHP (recommended based on our tests)
After backing up .htacess and user.ini
I end up with a user.ini file with the line
; Wordfence WAF
auto_prepend_file = ‘/usr/local/xxxx/xxxx/xxxx/xxxx/xxxx/WordPress-88806/htdocs/wordfence-waf.php’
; END Wordfence WAFThis is the path to my wordpress install
My .htaccess file has been modified with this additional line
Wordfence WAF
<IfModule mod_suphp.c>
suPHP_ConfigPath ‘/usr/local/xxxx/xxxx/xxxx/xxxx/xxxx/WordPress-88806/htdocs’
</IfModule>
<Files “.user.ini”>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files># END Wordfence WAF
Where in both instances
/usr/local/xxxx/xxxx/xxxx/xxxx/xxxx/WordPress-88806/htdocs/wordfence-waf.php
is the absolute path to the filewordfence-waf.php
I can go back to my shared hosting service and clarify aspects of this but I need to know what to ask.
Anyone got suggestions on how to make this work, I tried adding a prepend directive to my .htaccess file but that does not seem to work, should it? How do people without access to php.ini make this work?
Forum: Plugins
In reply to: [Quick Event Manager] You are already registered for this eventI am also seeing this issue, probably after I installed Yoast, I appreciate that it is difficult to resolve for now I have changed the default message from ‘You are already registered for this event’ to ‘Thank you for Booking this Event’. I presume that if you simply disabled the check then we would end up with duplicates for an event.