Can’t activate Extended Protection as htaccess not set recursively on my server

  • Resolved talie02

    (@talie02)


    1 year, 11 months ago

    My website lives on a LiteSpeed server, WordPress is installed in a subdirectory and the Wordfence ‘Extended Protection’ was activated. All was working as expected.

    Last year my website was automatically migrated to VentraIP (from their sub-company, Zuver). My website and Wordfence continued to work as expected with ‘Extended Protection’ activated.

    I’ve just upgraded to WP 6.1, all plugins (including Wordfence) and changed PHP to 8.0.25. Wordfence now shows that I only have ‘Basic WordPress Protection’.

    I’ve tried going through the process of activating the ‘Extended Protection’ again (and following your documentation regarding LiteSpeed). I get a success message, but Diagnostics shows ‘WAF auto prepend active = No’. And the “Click to view your system’s configuration in a new window” shows that ‘auto_prepend_file = No value’.

    However, if I place an htaccess file in the WordPress subdirectory then ‘auto_prepend_file’ has the correct file. But ‘WAF auto prepend active’ still has ‘No’.

    I’ve worked out that htaccess is not applying to any subdirectories. After talking to my Host, it turns out that htaccess isn’t applied recursively on their environment (and php.ini and user.ini aren’t supported either). I.e. auto_prepend_file works on the top-level directory but not subdirectories. (I don’t know why changing to PHP 8 would stop recursive htaccess…?)

    VentraIP claims they’ll continue looking at other ways of recursive setting ‘auto_prepend_file’. But for now, they said I need to include an htaccess file in every directory that needs the Wordfence WAF file prepended.

    1. Do you have a list of WordPress directories for which I need to include an htaccess file?
    2. Will adding htaccess to all directories even fix the issue?
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @talie02, thanks for getting in touch.

    I have seen one case of non-recursive .htaccess and that was because the site was built elsewhere and migrated. It was on PHP5 so I don’t think it has direct correlation with PHP version. It’s possible that your host does have something configured incorrectly, but I’m not sure what it could be without seeing more information.

    Could you check your wordfence-waf.php file that it contains:

    <?php
// Before removing this file, please verify the PHP ini setting <code>auto_prepend_file</code> does not point to this.
if( ! defined('WFWAF_STORAGE_ENGINE')) { define('WFWAF_STORAGE_ENGINE', 'mysqli'); }

if (file_exists(__DIR__ . '/wp-content/plugins/wordfence/waf/bootstrap.php')) {
	define("WFWAF_LOG_PATH", __DIR__ . '/wp-content/wflogs/');
	include_once __DIR__ . '/wp-content/plugins/wordfence/waf/bootstrap.php';
}

    Try that if the paths are different on your version to see if it solves the issue. If not, please can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    Thanks,

    Peter.

    Thread Starter talie02

    (@talie02)

    Hi @wfpeter

    In the wordfence-waf.php file, the only difference between your code and mine – the WFWAF_STORAGE_ENGINE line was not present in my file. I added the line but my website freaked out and showed a 500 error on the frontend. So I’ve removed the line again.

    Have just now sent the ‘Send Report by Email’.

    Thanks, Natalie.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Can’t activate Extended Protection as htaccess not set recursively on my server’ is closed to new replies.