‘Optimize The Wordfence Firewall’ does not work ‘anymore’ on all my sites

  • Resolved heveraert

    (@heveraert)


    3 years, 10 months ago

    Dear Wordfence,

    Today I got on all my websites the message (I am not sure when it started):

    “To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall: CLICK HERE TO CONFIGURE”.

    I am able to click on OPTIMIZE THE WORDFENCE FIREWALL, download the .HTACCESS file, click on CONTINUE but then nothing happens & it stops.

    I already did a reset on Wordfence, disactivated Wordfence & Activated again.
    BUT still nothing happens.

    I checked the Diagnotics and “WAF auto prepend active = no”.
    I also sent the diagnotics Report by email / Forum user = @heveraert.

    Thank you & regards,
    Hilde

    PS. I use the Wordfence Central for all my websites.
    +
    In Dashboard:
    Firewall = 48 % (in stead of a 64% previously)
    & Web Application Firewall is now 35 % (in stead of i can’t remember)

Viewing 10 replies - 16 through 25 (of 25 total)
  • Thread Starter heveraert

    (@heveraert)

    Dear @ebedo

    I tried what you suggested but that did not work.

    • Change .htaccess file in root – No success
    • Change .htaccess file in wp-admin – No success

      • Dear @wfadam
      Dear all,

      I just got the same answer form one.com as @johnwerner got.

      “The technicians indicated that it is a known issue but that we are currently not allowed to modify files such as php.ini / .user.ini. This is where the “auto_prepend_file” value is stored.

      In SHORT:
      It is still an issue.

      What can be done?

      Regards,
      Hilde

    Thread Starter heveraert

    (@heveraert)

    Dear all,

    I got the same answer as @johnwerner from one.com on this issue.
    +
    I did try what you suggested, @ebedo, but that did not work. Did you try it in the meantime or did someone else tried?

    I am concerned about this issue & wonder if there is a work around that works. I would like to keep on using wordfence. I hope it can be solved.

    I hope to hear from you.
    Thanks & regards,
    Hilde

    Plugin Support WFAdam

    (@wfadam)

    Hello, again @heveraert and everyone else who posted here.

    We are still currently attempting to work with one.com’s team. They have suggested the same things to us as they have to you. It seems they have changed some configurations on their end to not allow the use of a .user.ini file or a php.ini file which will not allow our firewall to optimize.

    We hope that they resolve this ASAP so your sites can get the protection they need but so far no update from them.

    Let me know if you hear anything from them!

    Thanks!

    Thread Starter heveraert

    (@heveraert)

    Dear Adam,

    I will certainly do a follow up.

    They ‘suggest’ to use Wordfence (or IThemes Security) as a security plugin. So I guess there are many people with the same issues.

    As soon as I know something, I let you (all) know. Every now & then I try the Firewall optimation.

    Regards,
    Hilde

    Hello

    @heveraert
    I tried adding the code as suggested by one.com but it doesn’t work. Unfortunately.

    @wfadam
    Thanks for now. I hope one.com comes up with a solution.
    I’ll keep trying the firewall optimization and let you know if it works.
    regards,

    Plugin Support WFAdam

    (@wfadam)

    @ebedo @heveraert @johnwerner

    one.com support did respond to us with what we had thought was happening:
    It is not allowed to overwrite files like php.ini / .user.ini.

    Without being able to set the auto_prepend_file, you will be unable to fully optimize the firewall. I would recommend reaching out to them about this or changing to a host that supports basic security needs.

    Sorry! Thanks!

    Thread Starter heveraert

    (@heveraert)

    Dear @wfadam ,

    Thank you for answering.

    I think that Wordfence has more power to do a change in the set-up of a Hosting company than I do. One.com is a well-known company in Europe.

    Changing Hosting for me is not an option for the moment.

    I will give it a last try & will contact one.com (who is, by the way, promoting Wordfence as the Security program to use on their site) & make decisions on that final one.com answer.

    Thank you,
    Hilde

    I reached out to One.com again, and they just confirmed their decision to not allow access to .user.ini / php.ini and stated that they “would understand if we moved to another host”.

    I gave them a 2 star review on Trustpilot and described the problem:
    https://no.trustpilot.com/review/www.one.com

    They just replied to the review, stating that this was newer allowed before (which is odd, because we have used this setting for years and just got blocked a couple of weeks ago), and that they kept the servers secure with SSL and with DDos protection (which means that they do not understand the threat).

    It looks like a ‘no go’ for functioning firewalls at One.com.

    Hi,

    I have also contacted One.com again and they have just confirmed their decision not to allow access to .user.ini / php.ini ”.

    But they also said in their reply email:
    “Our technicians indicate that we hope to allow this in the future, but this will not be changed yet.
    Officially we have not allowed this at any time, but it was indeed technically possible until recently, while this was not the intention. This has not recently been reversed.”

    I’m going to think about my next steps.
    Thank you all for your comments for now.
    Regards,
    Els

    Plugin Support WFAdam

    (@wfadam)

    Thanks for sharing that @ebedo

    I’d recommend finding a host that does support the use of user.ini or php.ini.

Viewing 10 replies - 16 through 25 (of 25 total)
  • The topic ‘‘Optimize The Wordfence Firewall’ does not work ‘anymore’ on all my sites’ is closed to new replies.

Tags