unable to write to ~/wp-content/wflogs/ which the WAF uses for storage

  • I recently cloned the website to a new server, running PHP7, using the cloudways.com (digital ocean) clone app functionality. The website on the old server on cloudways.com (digital ocean), running PHP 5.5 or 5.6 did not have the following issue:

    When attempting to activate the Wordfence Web Application Firewall, I get the message: “We were unable to write to ~/wp-content/wflogs/ which the WAF uses for storage. Please update permissions on the parent directory so the web server can write to it.”

    The wflogs folder permissions are 775. 775 seems to include write permission for user and group.

    The wp-content folder (parent directory) permissions are also 775.

    Under WordFence > Tools > Diagnostics,

    Checking if web server can read from ~/wp-content/wflogs:
    File “config.php” is unreadable, File “wafRules.rules” is unreadable

    Checking if web server can write to ~/wp-content/wflogs:
    File “attack-data.php” is unwritable,
    File “ips.php” is unwritable,
    File “config.php” is unwritable,
    File “rules.php” is unwritable,
    File “wafRules.rules” is unwritable

    When SFTP the files in wflogs folder do not include config.php and do not include wafRules.rules, but do include the following files:

    .htaccess
    attack-data.php
    ips.php
    rules.php

    The .htaccess file contains:

    <IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>

    What should I do to fix this so the WAF activation works? What permissions on what folder(s) will make the WAF activation successful?

    I sent the WordFence Diagnostic Report by email to [email protected]

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @bobwarrick,

    Can you confirm that the wflogs folder is owned by the user the web server runs as?

    Alternatively, you could delete the wflogs folder; it would be automatically recreated as soon a new visit occurs.

    Please note that this will cause the firewall to switch back to Learning Mode.

    Thread Starter galacticwebdesign.com

    (@bobwarrick)

    The wflogs folder was Not owned by the user the web server runs as. The easiest solution was to delete the wflogs folder and it was automatically recreated when a site visit occurred, as you stated. The firewall is back in Learning Mode, but that is OK. The WF Diagnostics is now showing OK for the test of reading and writing the relevant wflogs folder files. When I look at the wflogs folder permissions now, I see that it is now owned by the user the web server runs as. So, thank you very much for your accurate solution.

    The root cause of this, I believe, is that when I cloned this app (web site) and server, the wflogs folder in the clone did not take on the new user the new web server runs as. This created what appeared to be a permissions issue, but in reality, was the wrong user — not the user the web server runs as. The wrong user did not have the proper permissions, but the correct user did — so I did not have to change any of the folder or file permissions — just the user. Deleting the wflogs folder automatically created the proper user — the user the new web server runs as.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘unable to write to ~/wp-content/wflogs/ which the WAF uses for storage’ is closed to new replies.

Tags