Firewall doesn't configure – directory permissions

Same error

Hi gbeddow,

It looks like the config.php (currently 0600) file needs to be writable by the web server and the wflogs directory (currently 0755) itself also needs to be writable. You can either change the permissions on the file and directory, or change the owner to the web server’s user. Either way should work, let me know if you still run into issues.

Thanks,
Matt

Ditto… is this a valid request from Wordfence? Not too quick to change permissions without validation.

wflogs appears to be a new directory introduced in Wordfence 6.1.1.

That being the case, why is this failing?

I’m trying to be pragmatic here, and not as hesitant as RGrissom when it comes to manually changing file permissions, but some assurances from Wordfence along the lines of what he’s asking seems appropriate in the circumstances.

Why does this newly-introduced directory/file have the “wrong” permissions? Will it be fixed in an update to Wordfence?

wflogs is a new directory introduced in 6.1.1 which contains file necessary for the Web Application Firewall to run. The files and the directory itself need to be writable by the web server user for the Firewall to run, but the rest of Wordfence will continue to function normally otherwise.

@gbeddow To answer your question about the permissions on your files and directory, this can be caused by updating Wordfence via WP-CLI or another command line utility (run by the admin user in your case). I would recommend changing ownership of the files and the directory to your web server’s user and making them writable by only that user. We will be adding an installation process using WordPress’s File System API to help create those files with the correct permissions in a maintenance release in the near future.

Thanks wfmatt for the explanation.

In case this was the cause for other folks, here’s what was triggering this on my server and how I dealt with it:

I found that, even after manually setting the owner of wflogs/config.php to admin (the web server user on my server), every 5 minutes it would get set back to root. That was because, on a low traffic site like mine, the standard wp-cron mechanism which relies on traffic to the site to do its work was simply too unreliable. So a long time ago I turned it off, then created a crontab job (from root) to run wp-cron every 5 minutes. That worked great for the most part, but wp-cron apparently triggers something in Wordfence that writes to wflogs/config.php, in the process changing its owner – in this case back to root. So the solution was to remove wp-cron from crontab, then create a file in /etc/cron.d where you can specify the user. It looks something like this:

# m   h     dom   mon   dow   user    command
*/5   *     *     *     *     admin   cd /ReadyNAS-Volume/public_html/; /usr/bin/php -q /ReadyNAS-Volume/public_html/wp-cron.php >> /ReadyNAS-Volume/rsyslog/wp-cron.log 2>&1

The owner of wflogs/config.php stopped changing, and I was able to configure the Wordfence firewall.

resolved

I have version 6.1.2 with the same issue. But there is no wflogs directory on my server!! Any idea?

Like @loocarius I don’t have ~/wp-content/wflogs/

@loocarius and @rgrissom: This most likely means that your wp-content folder is not writable by the user that the web server runs as — if you can temporarily adjust the permissions on wp-content itself, and refresh the page where you see the warning about the missing directory, it should be created then.

If you still have trouble and need more details, please make a new post using the form at the bottom of the Wordfence forum here. (The www.remarpro.com forum rules ask us to keep each person’s issues separate, and it also helps us keep track of open issues, so no one gets skipped in long posts.) Thanks!

-Matt R

Thank you Matt R it worked!

Noted regarding new posts!!