unable to configure WordFence 6.2.10

  • If I click on WordFence/Firewall, I get the message:
    To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall: Click here to configure
    WordFence wants to use Apache+mod_php, even though WordFence System Info for PHP 7.1.0 shows “Server API LiteSpeed V6.10”
    I’ve tried both configurations, neither one seems to work. The Apache+mod_php wants to backup .htaccess. LiteSpeed wants to backup .htaccess and .user.ini.
    Both result in the message: The changes have not yet taken effect.
    It doesn’t matter if I wait 5 minutes or 5 hours. The changes do not take effect.

    I then tried appending
    auto_prepend_file = '/home/website/public_html/wordfence-waf.php'
    to my php.ini file.
    I didn’t have a php.ini file, so I created one in the wp_admin directory. Should it go somewhere else? (I don’t have access to anything in /opt.)

    The WordFence System Info says:
    Configuration File (php.ini) Path /opt/alt/php71/etc
    Loaded Configuration File /opt/alt/php71/etc/php.ini

    My .htaccess looks like:

    # BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# Wordfence WAF
<IfModule mod_php7.c>
	php_value auto_prepend_file '/home/website/public_html/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>
# END Wordfence WAF
SetEnv PHPRC /home/website/public_html/wp_admin/php.ini

    .user.ini contains:

    ; Wordfence WAF
auto_prepend_file = '/home/website/public_html/wordfence-waf.php'
; END Wordfence WAF

    So now WordFence System Info includes:
    $_SERVER[‘PHPRC’] /home/website/public_html/wp_admin/php.ini
    But no changes to the other php.ini Status lines quoted above.

    My PHP options include:
    include_path .:/opt/alt/php71/usr/share/pear
    What directory does “.” refer to in this context? Is it my wp_admin directory?

    • This topic was modified 8 years, 2 months ago by chelmite. Reason: corrected typo
Viewing 1 replies (of 1 total)

  • Hi, after reading the instructions at https://docs.wordfence.com/en/Web_Application_Firewall_Setup, I have a very similar problem.

    The .user.ini is ignored.
    Server API = LiteSpeed V6.10
    $_SERVER[‘SERVER_SOFTWARE’] = Apache

    So I should add 

    
<IfModule lsapi_module>
  php_value auto_prepend_file '/path/to/wordfence-waf.php'
</IfModule>

    However this results in a blank screen on reload if the path is incorrect.
    Wordfence Security – Version 6.3.2 does detect LiteSpeed, but seems to use the wrong module to enable the auto_prepend.
    After replacing <IfModule mod_php7.c> or <IfModule Litespeed> with <IfModule lsapi_module> the Extended protection is working.
    Also in Wordfence > Tools > Diagnostics > View System’s Configuration in new window now shows the correct value for auto_prepend.

    I hope this helps you too.

Viewing 1 replies (of 1 total)
  • The topic ‘unable to configure WordFence 6.2.10’ is closed to new replies.