Security Live TRaffic

Hello @yukilna and thanks for reaching out to us!

It sounds like your IP detection might be incorrect.

Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

Thanks!

Hello !

I have just sent the report by email as requested.

Many thanks for your help!

Thanks for sending those reports @yukilna

Looks like I can see two potential issues here.

1) It looks like your Firewall hasn’t been optimized yet. Optimizing the firewall will make it work more efficiently.

https://www.wordfence.com/help/firewall/optimizing-the-firewall/ can walk you through how to complete that.

2) As I mentioned in my previous post, I believe your IP detection might be causing some IPs to show from different countries. Navigate to Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs and change this to Use the X-Real-IP HTTP header. Then continue to monitor your Live Traffic to make sure the same issue isn’t happening.

Let me know if you have any questions!

Thanks!

Thanks a lot !

I have changed the IP detection but I can’t manage to optimize the fire wall.

When I follow your guide lines and the recommended “Apache + CGI/FastCGI” option I have this message :
“The changes have not yet taken effect. If you are using LiteSpeed or IIS as your web server or CGI/FastCGI interface, you may need to wait a few minutes for the changes to take effect since the configuration files are sometimes cached. You also may need to select a different server configuration in order to complete this step, but wait for a few minutes before trying. You can try refreshing this page.”

I have waited a while a tried several times but changes don’t apply and I can’t manage to have the “extend protection”. Shall I change and choose something else or manual configuration ? I don’t know anything about this so could you please advise ?

Thanks a lot & have a great day !

Hello again @yukilna

If you open your .htaccess file in your root directory, you should see this code there:

# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>
</Files>
# END Wordfence WAF

Then also open up for your user.ini in the same directory, it should have this code in it, but you will have to adjust the path to point at your wordfence-waf.php:

; Wordfence WAF
auto_prepend_file = '/path/to/waf/wordfence-waf.php'
; END Wordfence WAF

Let me know what you find!

Thanks!

Hi,

Thanks for these details.

I’m not sure what you mean by root directory and how to access it… ?

Thank you

If you provide my previous instructions to your host, they should be able to assist you by editing the files.

Let me know what they do.

Thanks!

Hi,
They have explained how to edit the files.
The .htaccess was fine but the user.ini file had the following:

; Wordfence WAF
auto_prepend_file = ‘/htdocs/wordfence-waf.php’
; END Wordfence WAF

I have changed to what you recommended:
; Wordfence WAF
auto_prepend_file = ‘/path/to/waf/wordfence-waf.php’
; END Wordfence WAF

The change is saved and “stays”. But one I try again to optimize the wordfence firewall with the recommended “Apache + CGI/Fast CGI” I always get this message:

“The changes have not yet taken effect. If you are using LiteSpeed or IIS as your web server or CGI/FastCGI interface, you may need to wait a few minutes for the changes to take effect since the configuration files are sometimes cached. You also may need to select a different server configuration in order to complete this step, but wait for a few minutes before trying. You can try refreshing this page.”
and user.ini goes back to being:
; Wordfence WAF
auto_prepend_file = ‘/htdocs/wordfence-waf.php’
; END Wordfence WAF

I have adjusted the path again several time but keep having this problem…

Many thanks for your help

Hello again @yukilna

I looked at your path in the diagnostic. You will want your user.ini to go as follows:

; Wordfence WAF
auto_prepend_file = ‘/htdocs/wordfence-waf.php’
; END Wordfence WAF

It says your Server API is FPM/FastCGI and the default configuration for FastCGI should have worked. However, on some sites with PHP FPM, we do sometimes see situations where the settings are being overridden. This is from our documentation:

In rare cases, when a host uses PHP-FPM, they may have PHP settings defined in a “pool” file. These settings can override options set in your custom php.ini or .user.ini file. You may need to ask the host if they have settings in the pool file. The default location for the pool file on new Ubuntu servers is similar to /etc/php/7.0/fpm/pool.d/www.conf (depending on the PHP version) and an example of an option that would override your auto_prepend_file option is php_admin_value[auto_prepend_file] = none. If the host is able to remove this option, it should allow your settings to be used for the firewall.

So I would at this point recommend that you reach out to your host and ask them this:

I need to set a PHP value auto_prepend_file on my site but it doesn’t seem to be taking effect. Can you explain how to set auto_prepend_file on my site?

Hopefully, they’ll be able to give you an idea of why it’s not working. If you have any questions, let me know!

Thanks!

Hi again Adam,

Thanks for all your help with that! Unfortunately it’s all very confusing for me….

My host showed me a link to access some detail information via phpinfolws.php
I have seen this:
Directive Local value Master value
auto_prepend_file /htdocs/wordfence-waf.php no value

Then they told me to send them screenshot of the problem but I’m not sure what the problem is. Isit the fact that there is no “master value” ?

Is the above information of any help?

Many thanks

It looks like it’s set correctly there. Was that set before or did you change it to that?

If you go to your Wordfence > Firewall page, does it say 100% now?

Let me know what you find!

Thanks!

Unfortunely no it says 48%

When I try optimizing it I have this message:
Installation Successful
The changes have not yet taken effect. If you are using LiteSpeed or IIS as your web server or CGI/FastCGI interface, you may need to wait a few minutes for the changes to take effect since the configuration files are sometimes cached. You also may need to select a different server configuration in order to complete this step, but wait for a few minutes before trying. You can try refreshing this page.

But then it doesn’t work. I still only have the basic protection level…

Many thanks

Now that you have set that auto_prepend_file, can you send me another diagnostic. Also, could you email me your htaccess file so I can review it?

Thanks!