Can’t configure firewall on SiteGround

Hi @susantau,

In order to make sure which Firewall setup you should be using:

• Go to the Wordfence Tools page
• Click the Diagnostics tab
• In the Other Tests section (near the bottom of the page), click the link that reads “Click to view your system’s configuration in a new window“. This will open a Wordfence System Info page

Check the Server API field. Is it consistent with the parameter which is “Recommended based on our tests“?

Also, on that same Wordfence System Info page, you’ll see which value has been set for the “auto_prepend_file” directive. Is it the same as the value you specified for the PHP variable via cPanel?

Thank you for your reply! I followed your instructions and, yes, the Server API reports the one that I selected (CGI/FastCGI – which was recommended by the SiteGround support person) and the value of auto_prepend_file shows the correct path.

My WordPress files are all within a subdirectory, not out in the root. When I specified the auto_prepend_file path, I was careful to select my WordPress subdirectory – but is it possible that something else in Wordfence might need adjusting so that it looks for a file in the WordPress subdirectory versus root?

• This reply was modified 7 years, 4 months ago by susantau.

Hi @susantau,

Could you please:

• Go to the Wordfence Tools page
• Click the Diagnostics tab
• Scroll down to the Send Report by Email section
• Send the report to yann[at]wordfence[dot]com

Please make sure to include your WordPress forum username.

Thank you.

• This reply was modified 7 years, 4 months ago by wfyann. Reason: Added WordPress forum username request

OK – just sent you the email report. Thank you!

• This reply was modified 7 years, 4 months ago by susantau.

Hi @susantau,

Thanks for sending the report.

It shows that the “auto_prepend_file” is not set; it displays “no value” for both the Local and Master values.

What could be happening here is that your host has PHP settings defined in a “pool” file which are overriding the options you set.

Another explanation would be that the use of “auto_prepend_file” has been disabled, either by your hosting provider or by a directive in the .htaccess file.

Could you check with your hosting provider and let me know if any of the aforementioned cases applies.

Hi @wfyann,

I just submitted a support ticket to SiteGround asking if either of these cases is true. I will let you know very soon the answer.

Thank you!
Susan

Hi @wfyann, SiteGround Support has fixed the issue – Wordfence’s extended firewall protection has been enabled on the my site.

SiteGround did not directly answer your question that I had passed on to them (is there a pool file or has the auto_prepend_file been disabled?). However, they did tell me this is how they fixed the problem, which I’m guessing answers your question:

To activate the extended protection I had to set the php.ini file to work recursively via the following line:

Code:

myhostserveraddress [~/path of wordpress subdirectory from public_html]# head -1 .htaccess
SetEnv PHPRC /wordpress subdirectory path from home/php.ini

This set the auto_prepended file to also apply for all subfolders of the website including the WordFence plugin.

I don’t understand this, I am hoping this is something I can figure out enough to change the php.ini myself when I proceed to optimize the Wordfence firewall on my other site on SiteGround. Any tips or suggestions are welcome! Perhaps you could add an update to the Wordfence on SiteGround documentation that is here: https://docs.wordfence.com/en/Web_Application_Firewall_Setup#SiteGround_and_other_hosts_without_.user.ini_support

Thank you!

• This reply was modified 7 years, 4 months ago by susantau.
• This reply was modified 7 years, 4 months ago by susantau.

Hi-

I am having the same issue. Siteground tells me that “SetEnv PHPRC /wordpress subdirectory path from home/php.ini” is active in my .htaccess. When they look they see that the prepend line is present too in the info. They also cleared the cache. The site still shows that is has not taken effect. What can I do next? Thanks

Jay

making this a new topic.

Hi @jpomerantz,

Indeed if the solution mentioned here didn’t work for you, then it must be a different issue.

We’ll look into the topic you created.

Thanks

SOLUTION FOR FIREWALL NOT WORKING ON SITEGROUND

1) Create a php.ini file in your installation root folder and add the following line:
auto_prepend_file = '/home/youruser/public_html/yourdomain.com/wordfence-waf.php'

2) Then to make sure this rule is applied recursively, you must add also this line to your root .htaccess file:
SetEnv PHPRC /home/youruser/public_html/yourdomain.com/php.ini

Thats it.

Since my WordPress installation is in its own subdirectory (not in the root), I’d like to verify the locations for the php.ini and .htaccess files and the two relevant paths:

Should the php.ini file be placed in the WordPress subdirectory, and should the path I give for the auto_prepend_file look like this:
/home/youruser/public_html/wordpress-subdirectory/wordfence-waf.php ?

Should the .htaccess file be in the actual root (not the WordPress subdirectory), and should the path I give for SetEnv PHPRC look like this:
/home/youruser/public_html/nov2017wp/php.ini ?

Thank you!
Susan

I think both files should be in the root of the WordPress installation. But in case it doesn′t work, dont worry, you can copy both files to the root of the domain also, it won′t break anything.

Tell me if it works! ??

Hi @susantau,

Sorry about the delayed response.

The SetEnv PHPRC directive allows you to specify a php.ini file for a given subdirectory.

• This reply was modified 7 years, 4 months ago by wfyann. Reason: wrong link