Lite Speed extended security with Wordfence.

  • Resolved Nadav Levi

    (@123nadav)


    10 months ago

    Hello guys, how are you?

    I actually opened a similar ticket about this issue a year ago, but I still have some dilemmas with your plugin.

    I have a LiteSpeed server on GCP (not CyberPanel):

    https://docs.litespeedtech.com/cloud/images/wordpress/

    When I activate the “EXTEND PROTECTION” with WordFence, there is an automatic option for LiteSpeed setup by your plugin. However, the plugin usually fails to set up the EXTEND PROTECTION automatically and creates “rewrites” inside the .htaccess file, which are not useful. This is because on a LiteSpeed server, you need to edit the php.ini in the LiteSpeed server UI (screenshot):

    https://ibb.co/zNn8560

    Here is a document from OpenLiteSpeed on how to do it:

    https://openlitespeed.org/kb/enable-wordfence-on-openlitespeed/

    Another thing is that I have a dedicated server for one WordPress website. It doesn’t have a user.ini file, as I deleted it because it was constantly showing errors in the scan (this was the topic I opened a year ago, and you told me it was better to delete it).

    So my question is, why do I have rewrites inside the .htaccess file? (screenshot):

    https://ibb.co/8cjKRKV

    I want to know if it is better to keep them or not (even if I don’t have a user.ini file and the rewrite is not useful).

    Also, why haven’t you changed anything regarding this over the past year? I’m pretty sure you are aware of this.

    So what do you recommend I do after all this explanation? (to remove your code from the .htaccess or keep it? what is better?)

    Regards,

    Nadav

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfmargaret

    (@wfmargaret)

    Hi @123nadav,

    Thank you for reaching out to us.? On typical LiteSpeed servers, the .htaccess and .user.ini files can be used.? As Wordfence is detecting your server as a LiteSpeed server, it recommends the LiteSpeed settings.? When you apply those settings, it updates the .user.ini and .htaccess files.

    OpenLiteSpeed, as you know, doesn’t use .user.ini or .htaccess and needs to be manually configured instead.  We outline this in our documentation here:  https://www.wordfence.com/help/firewall/optimizing-the-firewall/troubleshooting/#other-installation-issues 

    I’d recommend taking a backup of your .htaccess to be safe, but as OpenLiteSpeed shouldn’t be using the .htaccess, the rewrites added by the automatic configuration can be removed.

    Please let us know if you have any other questions!

    Thanks,
    Margaret

    Thread Starter Nadav Levi

    (@123nadav)

    it can be removed? or you recommended to remove them? is 2 diffrent things.

    Its harmful? or it can stay there? what you recommended as the best practice?

    and by the way, i notice only to this 2 automatic things happend by your plugin, have maybe more stuff should be deleted on lite speed server?

    • This reply was modified 9 months, 4 weeks ago by Nadav Levi.
    Plugin Support wfmargaret

    (@wfmargaret)

    Hi @123nadav,

    Since OpenLiteSpeed doesn’t use the .htaccess file, the rewrites can be removed without impacting the site, but it also is not harmful if they stay.? If you decide to remove them, please take a backup of your .htaccess to be safe.

    When you use optimize the firewall using the LiteSpeed/lsapi configuration, only the .htaccess and .user.ini are updated.

    Please let us know if you have any other questions!

    Thanks,
    Margaret

    Thread Starter Nadav Levi

    (@123nadav)

    Thanks @wfmargaret .

    Appriciate you help here. have a nice day.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Lite Speed extended security with Wordfence.’ is closed to new replies.