malcare-waf.php

  • Resolved webcart

    (@webcart)


    3 years, 5 months ago

    Hi,
    I get this notice again and again:
    “To make your site as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP setting called auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP setting is currently in use, and is including this file:
    ………………..cloudwaysapps.com/xxxx/public_html/malcare-waf.php”

    I confirm to include it, downloads the httacess and seconds file, confirm but in the next time, this message shows up again.

    Site is hosted @cloudways.
    I saw a suggestion in the forum to delete malcare-waf.php file.
    When I did it the site went down with 500 error.
    What is your best advice to deal with this?

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @webcart

    Please ask Cloudways to help you to add back the file that you should not have deleted.

    The Cloudways Bot Protection feature below conflicts with our firewall if you want to optimize our firewall so you will need to ask Cloudways to help you to disable the Cloudways Bot Protection feature and then you should be able to optimize the Wordfence firewall:

    https://www.cloudways.com/blog/announcing-bot-protection/

    Thread Starter webcart

    (@webcart)

    Hi @wfphil,
    No problem for the deleted file. I had a backup.
    Also no problem to disable Cloudways Bot protection plugin and remove that file.
    The question is for security reasons – Will I loose any security level if remove Cloudways Bot Protection plugin?

    Plugin Support wfphil

    (@wfphil)

    Hi @webcart

    Thank you for the update.

    The link below has the following details:

    https://www.cloudways.com/blog/announcing-bot-protection/

    “Bot Protection will essentially identify traffic surges, block malicious traffic, protect your website from attacks, reduce server resource usage, and in addition, provide a detailed traffic report within the Cloudways Platform.”

    Wordfence also has this functionality:

    https://www.wordfence.com/help/firewall/

    https://www.wordfence.com/help/tools/live-traffic/

    “Another important outcome of the bot traffic management is protection against Denial of Service (DoS) attacks that could paralyze your website and server.”

    Wordfence was not built to protect against DoS / DDoS protection. When optimized, the Wordfence Firewall will significantly reduce the amount of resources that are used by each individual request that is made to your site. The reason for this is that the Wordfence Firewall loads before any other code loads on your site. But if you are actually targeted by a DoS / DDoS attack, you need something other than a Firewall. What you need is a DoS / DDoS mitigation service. It’s called mitigation, because there is no way to actually block requests without using resources.

    “Brute force login attacks are another notorious category of threat that can compromise your WordPress websites.”

    Wordfence has a full and complete suite of tools to prevent brute force login attacks:

    https://www.wordfence.com/help/firewall/brute-force/

    https://www.wordfence.com/help/tools/two-factor-authentication/

    https://www.wordfence.com/help/login-security/

    Thread Starter webcart

    (@webcart)

    Hi @wfphil,
    Thanks for your detailed reply.
    So now from a thought of remove Bot Protection plugin I moved to a thought to keep it.
    Now the question is about the annoying message each time I open the WP panel “To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall” – Can I press the “Dismiss” button? What will be the consequences? That the file will not be scanned by WF and by that a potential hacker could change it and play with it?

    Plugin Support wfphil

    (@wfphil)

    Hi @webcart

    You can dismiss the notice but the Wordfence firewall will not be optimized, which puts your site at greater risk:

    https://www.wordfence.com/help/firewall/optimizing-the-firewall/

    You might still be able to optimize the Wordfence firewall when the Cloudways Bot Protection feature is fully active on your Cloudways hosting account. When you run through the Wordfence firewall optimization wizard you will see a warning that states that the auto_prepend_file PHP function is already being used. You will see two options – INCLUDE and OVERRIDE. Select the INCLUDE option and see if the firewall can be optimized.

    Thread Starter webcart

    (@webcart)

    Hi @wfphil,
    INCLUDE was my choise in the last 5-6 tests.
    It gives me the “Installation Successful” message but next time the message “To make your site as secure as possible, take a moment to optimize the Wordfence…” comes back again like chucky ??

    Plugin Support wfphil

    (@wfphil)

    Hi @webcart

    Thank you for the update.

    It appears from your description that the Cloudways Bot Protection feature and the optimized Wordfence firewall are not compatible and you will have to choose which one you want to use.

    Thread Starter webcart

    (@webcart)

    Hi @wfphil,
    So we’re back to the beginning.
    I guess I will need to wait for plugin update from one of you ??

    Plugin Support wfphil

    (@wfphil)

    Hi @webcart

    Thank you for the update.

    There isn’t anything that we can do to fix this if Cloudways overrides our setting for the auto_prepend_file PHP function set in a server configuration file.

    Thread Starter webcart

    (@webcart)

    Hi @wfphil,
    Thanks.
    Will wait for their solution.

    Plugin Support wfphil

    (@wfphil)

    Hi @webcart

    Thank you for the update.

    Depending on their infrastructure, Cloudways may not be willing to make their feature and our firewall compatible so that is something you will need to ask them.

    Thread Starter webcart

    (@webcart)

    Believe me, I will… ??

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘malcare-waf.php’ is closed to new replies.