is this really critical?

  • Resolved breadf

    (@breadf)


    1 year, 2 months ago

    The scan found this critical issue. Is it really important?

    I contacted server support. They deleted it and then it occured again.

    ; Wordfence WAF
    auto_prepend_file = ‘/mnt/customers/customers-4/customers-el-1702066-30410-******-wordpress-pvc-62a0dded02e147001ec94129/wp-content/wordfence-waf.php’
    ; END Wordfence WAF

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @breadf, thanks for getting in touch.

    Wordfence requires that auto_prepend_file line in your .htaccess or .user.ini file (depending on server setup) in order to be optimized. It tells Wordfence to run before any other site content or plugins have loaded so that we can make any necessary blocks before any other code can execute.

    Wordfence will still run, but only in “Basic Protection” mode if it’s removed. Let me know if the host themselves are disallowing the change.

    If they’re not, was this snippet detected by a Wordfence scan itself or by another malware scanner on your site/server? There’s a good chance it’s a false-positive if it’s the latter. Let me know if it was found in a different filename to .htaccess or .user.ini and if there’s any other supporting text around the scan result to explain why it was picked up.

    Thanks,
    Peter.

    Thread Starter breadf

    (@breadf)

    Hi Peter,

    Yes everytime I deleted it through “delete” button at the scan result. It will tell me to reconfig it for optimal protection and then recreate it. My question is that this is a “real” threat, or a fake alarm?

    Please check this screenshot: https://www.dropbox.com/scl/fi/2t5g7a32lav07mk3qg6vc/11.jpg?rlkey=o8smoh4r7ysekcifweg3x0cx2&dl=0

    Now I have another question. I downloaded my site via all-in-one wp migration to my local computer. I couldn’t log in. The password is correct. On live site, I still can log in. Is this a protection by wordfence? Is there a way to solve this?

    Please check the screenshot on my local computer: https://www.dropbox.com/scl/fi/cfzu8mim87lgs8php0fhh/22.jpg?rlkey=sz8ijqv5k5l80lyvcxnikhx7d&dl=0

    Thanks for your help.

    Plugin Support wfpeter

    (@wfpeter)

    Ah, thanks for the scan screenshot @breadf! This is related to the visibility of the ini rather than the file itself being a problem by existing. Some hosts have the option in their control panel to hide this file, or alternatively NGINX does tend to have the extra step of editing nginx.conf to hide the .user.ini file: https://www.wordfence.com/help/firewall/optimizing-the-firewall/#hide-userini-nginx

    If you’re not using NGINX, you might be able to search for some information on how to traditionally hide this on your configuration.

    With local environments there can be connectivity issues between our servers and back into your site. This is either allowed by default or configurable for your live site but not something we can provide support for in local environments. I would recommend renaming the wordfence plugin folder to “wordfence_bak” to disable anything like reCAPTCHA and 2FA that could be causing problems. We’d also recommend disabling firewall optimization outside of your live site or during a migration too as the auto_prepend_file path is never likely to match.

    Thanks again,
    Peter.

    Thread Starter breadf

    (@breadf)

    Thanks Peter

    It solved my problem.

    I’ll disable wordfence before exporting the site.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘is this really critical?’ is closed to new replies.