How to add deny all on user.ini file

  • Resolved cher443

    (@cher443)


    5 years, 5 months ago

    I added a user.ini file at the recommendation of Wordfence, but the plugin also recommended adding a “deny all” command to the file. However, it did not specify where to add it, so I want to make sure that I insert the code correctly to make sure that it works.
    The initial content of the file looks something like this:
    ; Wordfence WAF
    auto_prepend_file = ‘/mydirectoryfilepathandwebsite.com/wordfence-waf.php’
    ; END Wordfence WAF

    Is it okay to simply put the “deny all” command on the line following “; END Wordfence WAF, or should it go before any of the above content? Thank you.

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hey @cher443,

    You’ll actually want to add the deny code to the .htaccess file found in your root directory. It’s meant to protect your user.ini file which has the code that makes sure the WAF is loaded before any other code on the site. The htaccess file is found in your root directory, you might check it to see if the code was automatically added.

    # Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
        Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
</IfModule>
</Files>

# END Wordfence WAF

    Please let me know what you find.

    Thanks,

    Gerroald

    Thread Starter cher443

    (@cher443)

    Thank you, Gerroald. I am using this plugin for several sites. I did notice that for one site, the denial coding was automatically added to the .htaccess file. I am curious as to why one site has an auto_prepend command on its .htaccess file, while the latest site for which I added the Wordfence Firewall to does not have auto_prepend in its .htaccess file. Thank you in advance for your feedback.

    Hey @cher443,

    It should have the deny rule within it. Did you get any errors about Wordfence being able to write to the file when setting up the Firewall?

    Can you share information about your server environment and hosting? If so, I can share the code to manually add to the htaccess.

    https://www.wordfence.com/help/firewall/optimizing-the-firewall/troubleshooting/

    Thanks,

    Gerroald

    Hey @cher443,

    We haven’t heard back from you in a while, so I’ve gone ahead and marked this thread as resolved.

    Please feel free to open another thread if you’re still having issues with Wordfence.

    Thanks,

    Gerroald

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘How to add deny all on user.ini file’ is closed to new replies.