Cannot Optimize firewall

Hi @norwood451,

I’m sorry you’re having this issue with the optimization procedure. I totally understand how frustrating this can be, especially when you’ve tried different ways to get things to work!

Here are a few steps I’d like to suggest. Please accept my apologies in case you’ve already performed some (or all) of them.

In order to find out which Firewall setup you should be using:

• Go to the Wordfence Tools page
• Click the Diagnostics tab
• In the Other Tests section (near the bottom of the page), click the link that reads Click to view your system’s configuration in a new window. This will open a Wordfence System Info page.
• Check the Server API field. Is it consistent with the parameter which is “Recommended based on our tests“?

Another thing you might want to check is the content of the .htaccess file (at the root of your WordPress install) to see if you can find a “# Wordfence WAF” section where the auto_prepend_file variable is set.

In case the auto_prepend_file isn’t set, please check the permissions on the .htaccess file.

If it is set, please contact your hosting provider to check if the use of auto_prepend_file has been disabled.

Also please take a look at this article on our docs platform.

recommended Tests did not match api field as shown in the main page, but I did try that LiteSpeed V6.10 and got the same error.

“The changes have not yet taken effect”.?

Server API= LiteSpeed V6.10

Not sure if it is off or on?
# Wordfence WAF
<IfModule mod_php5.c>
php_value auto_prepend_file ‘/home/dnorwood/public_html/wordfence-waf.php’
</IfModule>
<Files “.user.ini”>
<IfModule mod_authz_core.c>

So, not resolved yet. Any other suggestions.

@norwood451,

Have you tried adding the lsapi_module section to your .htaccess file as described in our documentation?

Is this the file I need to need to change?

/public_html/wp-content/plugins/wordfence/lib/.htaccess

if so, would I write it like this and upload to my back end?

deny from all
<IfModule lsapi_module>
php_value auto_prepend_file ‘/path/to/wordfence-waf.php’
</IfModule>

If I had the premium version, would I have all of these problems configuring wordfence?

Also, if I buy the premium version and paid the extra $49.00. Will they configure my site correctly, or suggest changes so that I will not get hacked again? I am sure I have removed the hacked content, and it probally was due to someone hacking my password. FYI: my developer, never set it up for protection and never told me there were any hacking issues to be aware of.

I am willing to pay for help to make sure my site is secure, but I do not see any options for that from wordfence except for the premium service. What I would also need would be advise and if the site host on x10 is secure and what I should do to make the host secure? Maybe a better Host? Is godady secure? I think x10 is a resaler of godaddy, but support is limited.

Hi @norwood451,

Sorry about the delayed response.

The file you actually need to modify is the .htaccess located at the root of your WordPress site.
In your case the file should be in /public_html.

For readability reasons I suggest you include the lsapi_module paragraph between the “# Wordfence WAF” and “# END Wordfence WAF” lines.

Hi wfyann – Sorry, but I am very confused now what to do. Can you please spell out exactly want I need to add to the bottom of the ..htaccess file so I do not screw up.

how do I add it all correctly?

???For readability reasons I suggest you include the lsapi_module paragraph between the

“# Wordfence WAF” and “# END Wordfence WAF” lines.

deny from all
<IfModule lsapi_module>
php_value auto_prepend_file ‘/path/to/wordfence-waf.php’
</IfModule>

Hi norwood451,

It looks like you got the wrong rules installed in .htaccess initially. Please remove the whole #Wordfence WAF section you currently have in your .htaccess.

Then

1. modify the code below so that the path is correct and
2. add this code to your .htaccess

# Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file ‘/[full path to this file]/wordfence-waf.php’
</IfModule>
# END Wordfence WAF

If you are unsure what the path is, check on the Wordfence “Diagnostics” page, click on “Click to view your system’s configuration in a new window”. Here you can find these server variables

_SERVER[“DOCUMENT_ROOT”]
_SERVER[“SCRIPT_FILENAME”]

Both these can be used to determine what the root path to your WordPress site is. So, let’s say _SERVER[“SCRIPT_FILENAME”] is /home/mysite/public_html/index.php the modified code you enter in your .htaccess would be

# Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file ‘/home/mysite/public_html/wordfence-waf.php’
</IfModule>
# END Wordfence WAF

Let us know if that works.

Thanks!

Wfyann already said this but I also want to emphasize that the .htaccess you should be editing is the .htaccess in the root of your WordPress installation. The same place where you have wordfence-waf.php, wp-config.php, wp-cron.php, wp-load.php etc.

Very Funny. Actually not funny. It shut down My web site- I removed code and it is fine now.

I am not sure how can you expect me trust wordfence if the author provides incorrect information? Why does this plug-in not work out of the box?

I added this code to the bottom of the .htaccess file in root (public_html)

# Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file ‘/home/mysite/public_html/wordfence-waf.php’
</IfModule>
# END Wordfence WAF

How can I send you the ..htaccess file so you can give me correct information.

Hello again norwood451,

I have given you the correct information. I happen to have the same server setup on my own site, and it works fine there.

If the fix I just provided you with is not working, it is possible that your host has disabled auto_prepend_file on your server. So I would advise you to reach out to your web host for help in that case.

I’m afraid there is not much more we can do.

Best of luck!

Contact with the host is often a waste of time. They take there time to answer the question and when they do try to answer the question they then say that they do not understand my question. After rewriting the question I never here from them and see the ticket is closed. Also, when I ask something the say that they are not blocking anything. I have been trying to get them to fix my recover password email for a week.

I am changing hosts, but in the meantime I would like wordfence working – Do I have to pay to have it work? is this normal to have to write so many emails to get it to work?