‘Optimize The Wordfence Firewall’ does not work ‘anymore’ on all my sites

  • Resolved heveraert

    (@heveraert)


    3 years, 10 months ago

    Dear Wordfence,

    Today I got on all my websites the message (I am not sure when it started):

    “To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall: CLICK HERE TO CONFIGURE”.

    I am able to click on OPTIMIZE THE WORDFENCE FIREWALL, download the .HTACCESS file, click on CONTINUE but then nothing happens & it stops.

    I already did a reset on Wordfence, disactivated Wordfence & Activated again.
    BUT still nothing happens.

    I checked the Diagnotics and “WAF auto prepend active = no”.
    I also sent the diagnotics Report by email / Forum user = @heveraert.

    Thank you & regards,
    Hilde

    PS. I use the Wordfence Central for all my websites.
    +
    In Dashboard:
    Firewall = 48 % (in stead of a 64% previously)
    & Web Application Firewall is now 35 % (in stead of i can’t remember)

Viewing 15 replies - 1 through 15 (of 25 total)

  • I also have the same exact problem on all the sites I manage.
    Not using Wordfence Central.
    Please advice what we should do.

    Best Regards
    Jack

    I also had the same problem today

    Same problem on all sites. Appeared suddenly.
    Not using Wordfence Central.
    auto_prepend_file is set no “no value”

    same things for me here as well.

    Thread Starter heveraert

    (@heveraert)

    Dear Readers,

    Since it takes quite a long time to get an answer from Wordfence, I wonder if someone knows the answer?

    I would be delighted to receive a solution.

    Hallo,

    I have the same problem on my sites.
    I hope you have some advice.

    Thank you and best regards

    Plugin Support WFAdam

    (@wfadam)

    Hello all! Also thanks @heveraert for reaching out to us!

    I would like to try and gather some information to see what might be the common between all these sites.

    @heveraert Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    Just curious, what host is everyone using?

    Thanks!

    Thread Starter heveraert

    (@heveraert)

    Dear Wordfence,

    Thank you for anwering.
    I just sent the diagnostic report of one of my sites via email. The forum username = @heveraert.

    The Hosting Company is one.com.

    Have a nice day!
    King regards,
    Hilde

    We are also using one.com for hosting on all the sites this problem occurred on.

    Plugin Support WFAdam

    (@wfadam)

    @heveraert @johnwerner We have been seeing this issue with customers who are hosted on one.com.

    We have brought this issue up with them via other customers. You could reach out to them ask:
    “I need to set an auto_prepend_file PHP value to point at my wordfence-waf.php. This setting was working and then stopped. Wordfence has suggested it might be something restricted from the hosts end. Any thoughts on what might be blocking my auto_prepend_file from working?”

    Let me know how they reply! Thanks!

    Thread Starter heveraert

    (@heveraert)

    Dear WFAdam,

    I just did what you suggested to one.com.
    As soon as I have input from them, I’ll come back to you.

    One more question. Does it harm a lot that the “Optimize Wordfence Firewall” does not work for the moment?

    Thank you for the help & let us hope it will work again soon.

    Kind regards,
    Hilde

    Plugin Support WFAdam

    (@wfadam)

    Thanks for your help in resolving this!

    As for your questions, when you first install Wordfence on your website Basic WordPress Protection will automatically be activated. The plugin will load as a regular plugin after WordPress loads. While it can block many malicious requests, some vulnerable plugins or WordPress itself may run vulnerable code before all plugins are loaded. Additionally, attackers can access some plugin, core, or theme files directly, and in that case, your server will not load the firewall to protect you.

    In the optimization process, Wordfence changes the PHP configuration to allow the firewall to load on your site before WordPress or any other PHP files that may be directly accessible. Once you complete the optimization steps, the firewall will process all PHP requests.

    Let me know what you find!

    Thanks!

    One.com replied:

    “Thank you for your inquiry. I have checked with the technician and unfortunately we do not allow changes in php.ini / .user.ini. They therefore recommend checking with the plugin developer to find another way to use the plugin without making any changes to the .user.ini file.”

    So, next question would be if there are any other ways to work around this.

    John

    Can the firewall be optimized by .htaccess only? (when we are not allowed to edit .user.ini, or php.ini.)

    Hello,

    I received the message below from one.com:

    We don’t usually block this and it normally works.
    They recommend the following: edit the .htaccess file in the directory where you have your WordPress installation.
    You will then need to add the following information to this .htaccess file at the top of each file:

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/?\.user\.ini$
    RewriteRule .* – [F,L,NC]
    </IfModule>

    I haven’t tried it myself yet.
    I hope it works!

    Regards,

Viewing 15 replies - 1 through 15 (of 25 total)
  • The topic ‘‘Optimize The Wordfence Firewall’ does not work ‘anymore’ on all my sites’ is closed to new replies.

Tags