Error with Wordfence firewall config data

  • Resolved levdesign

    (@levdesign)


    6 years, 1 month ago

    Hi,

    We are getting a 500 server error which seems to be related to Wordfence wflogs:

    “[15-Oct-2018 17:16:40 America/Chicago] Error reading Wordfence Firewall config data, configuration file could be corrupted or inaccessible. Path: /home2/xxxxxxx/public_html/wp-content/wflogs/config-livewaf.php”

    The error first appeared on 15th of October. It made us unable to even log into the WordPress dashboard and also made some frontend pages of our site inaccessible.

    When we renamed the two files “config-livewaf.php” and “attack-data.php” for debugging purpose, we managed to log into to WordPress and the error temporarily disappeared. But it came back again as soon as we clicked on something on WordPress dashboard, as a fresh new copy of the files was automatically generated.

    We don’t want to deactivate Wordfence or rename the Wodrfence plugin folder as we have quite a lot of custom settings and would prefer not to have to reset them.

    Our system settings are:
    Wordfence version: 7.1.16
    WAF file permissions: 0600 – using template
    WordPress version 4.9.8
    php version: 7.0.31
    Server architecture: Linux 3.10.0-693.11.6.1.ELK.el6.x86_64 x86_64

    Could you please provide your opinion on what could be causing this error (hacking, conflict with other plugins, wflogs permissions, etc) and how we can fix it. Also, to help with debugging, we can send the content of our wflogs folder and other required info if you could provide a forwarding email address.

    Thank you in advance for your support.

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi @levdesign,
    Sorry for the late reply. It is accurate that the files in the wflogs folder regenerate if they are deleted. The wflogs folder contains the files that make up the immediate memory of the Firewall. The reason for this is that the Firewall needs to load before WordPress itself loads and at this point, a connection to the database has not yet been established.

    Most likely this is what it looks like, meaning it’s a permissions problem with the wflogs folder. You can try adding this constant to the very start of wordfence-waf.php to see if that makes a difference:

    define('WFWAF_LOG_FILE_MODE', 0660);

    If that helps, then it means that owner only write permissions don’t work with your wflogs, possibly because you have multiple server users running in the environment? The thing to look out for here is if there are other users running on the server other than the one WordPress is currently running as (you can see the name of this user on the Wordfence diagnostics page showing up as the “process owner”).

    Let me know how it goes!

    Thread Starter levdesign

    (@levdesign)

    @wfasa Thank you for your reply.

    By looking at the Wordfence Tools > Diagnostics page I can see that the “Process Owner” is correct.

    I also checked that the web server can read from and read to ~/wp-content/wflogs.
    Our WAF and the config-livewaf.php file permissions is 0600.

    Based on this info do you still recommend adding the line below to our wordfence-waf.php file?
    define(‘WFWAF_LOG_FILE_MODE’, 0660);

    We hadn’t encountered this error before despite using Wordfence on our site for a couple of years and we haven’t changed any permissions recently, which makes me think that the problem could be unrelated to permissions. Do you have any other suggestions for troubleshooting? Thanks again.

    wfasa

    (@wfasa)

    Hi @levdesign,
    It’s possible that there is some other problem which would then likely be a config or performance problem with writing to disk. But unless you’ve changed anything on the server recently, that doesn’t seem more likely.

    We did change the default permissions on files in wflogs in Wordfence 7.1.14 which is a fairly recent release. We changed it from allowing group read/write to owner only (by default).

    The alternative to setting the constant that allows group write would be to try to figure out which process is causing the issue. You should then look in PHP error logs to determine when exactly the error started occurring and then check raw access logs to see which requests were happening at the time. Then you have to try to figure out why that request would have been running with a different user (could be a custom setup cron job possibly?).

    wfdave

    (@wfdave)

    Hi @levdesign,

    We haven’t heard back from you in a while, so I’ve gone ahead and marked this thread as resolved.

    Please feel free to open another thread if you’re still having issues with Wordfence.

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Error with Wordfence firewall config data’ is closed to new replies.