WAF configuration/installation issue

Hi @scooterlord, sorry to see you’re having problems with this.

Due to the .user.ini and .htaccess issues, it seems to be related to the running/optimization element of the firewall, which indeed could be file permissions for the /wflogs folder.

Is your Plesk configuration in a position to try the WAF’s MySQLi storage engine, to avoid needing to write to the wflogs folder at all? You can read more about the setup here: https://www.wordfence.com/help/firewall/mysqli-storage-engine/

Let me know how you get on.

Peter.

Hello and thanks for the reply.

I followed the guide, so I practically:
– Added define('WFWAF_STORAGE_ENGINE', 'mysqli'); inside wordfence-waf.php
– Removed ‘wp-content/wflogs’ folder
– Switched from the Firewall menu from ‘Learning mode’ to ‘Enabled and Protecting’

However, I would expect the optimization notification to disappear – however it still says click here to optimize. I guess it is not needed, but its confusing.

How can I validate that now it is actually running? Is pointing to the file made automatically even without a .user.ini file?

Thanks again and looking forward to your response.

Hi @scooterlord, thank-you for trying that for me.

There could still be issues with optimization, I’ll provide the troubleshooting guide for your reference: https://www.wordfence.com/help/firewall/optimizing-the-firewall/troubleshooting/

If nothing there sheds light on the potential problem, can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

Note: For the fastest response time, please make sure and add any information or questions directly to this topic and not the email address above unless asked.

Thanks,

Peter.

Peter, hello again and thanks for the reply. I have asked but didn’t get a straight answer – what is an indicator of whether the WAF is active or note? How can one tell?

From what I understood it was the user.ini file that points to wordfence-waf.php, correct? If user.ini is not used, how is the plugin directed to look for the file?

I will check the guide tomorrow (too late now for this kind of thing) and will report back. In the meantime if you can answer my questions above, it will be a great convenience!

I just sent the report.

Also added the ifmodule code in my .htaccess but still no luck. After optimization I get blank page. Renaming .user.ini restores my website.

so…any update on this one?

Hi @scooterlord, thanks for the feedback and your patience, sorry for the delay.

To tell if the WAF is active, you can visit Wordfence > Firewall, where the dashboard will show a check mark with “Wordfence Firewall Activated”. Your firewall, once optimized, should show as 84% on this page (which is the max a free customer can reach).

The .user.ini on certain setups show the path to wordfence-waf but indeed as you specify in your second message .htaccess can also contain the auto_prepend_file line.

From the diagnostic, it looks like your Server API is FPM/FastCGI. If you could use FTP or a file manager to access your .htaccess file in the root directory and make sure this code is inserted:

# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>
</Files>
# END Wordfence WAF

Then also, in the same directory, edit your .user.ini file with this code:

; Wordfence WAF
auto_prepend_file = '/var/www/vhosts/motornoid.com/httpdocs/wordfence-waf.php'
; END Wordfence WAF

Make sure you don’t have any files hidden and if the .user.ini doesn’t exist in your root directory, you can create one and add the code above.

Thanks,

Peter.

Hello again,

what you are asking me to add is exactly what is causing the issue.

.htaccess already contains the specified code.

Once I add the .user.ini the website completely breaks – I see blank page.

Also, please remove from your comment sensitive information that reveal the website!

Hi @scooterlord, I have put in an edit request with www.remarpro.com as per your request as we lose Edit privileges after the reply has aged over 60 minutes. Sometimes users are not familiar with their paths so it can be helpful to give exact content to copy/paste.

I thought the original issue may have misformed the .htaccess and .user.ini changes so now I know those in the format I provided have definitely already been tried. I don’t want to make assumptions in case I omit possible solutions due to misinterpreting the steps you have already tried. Issues arising of this nature on Plesk setups are not well-covered on the forums, and naturally we have many customers running WordPress installations on all kinds of server/software combinations, so we may require trial & error from time-to-time which I appreciate your continued participation in.

The blank page you see when .user.ini is present often means that the path being used in the auto_prepend_file directive is incorrect. If you check your PHP error logs (if enabled), you’ll probably see an error like:

PHP Fatal error: Unknown: Failed opening required '/path/to/wordfence-waf.php' (include_path='.:/usr/share/php') in Unknown on line 0

If the path shown in your logs is correct, there’s a chance there could be something else in the wordfence-waf.php that’s causing a fatal error, but that should appear in the log too if that’s the case! If you see fatal errors of this nature, you can forward them to me at wftest @ wordfence . com with your forum name in the subject line so I can consult with our development team. If there is a bug or other configuration that needs looking at on a Plesk setup that can potentially help you and others going forward, we will do our best to ensure documentation and troubleshooting guides reflect that.

Thanks again,

Peter.

Thank you for your reply. It’s a bit late right now but will try your suggestion and report back.

Hello, I apologize in advance, due to personal issues, I didn’t get the chance to work on this yet, will try to do soon and report, please don’t close this thread.

Hi @scooterlord,

No worries at all, just as a general rule, topics that age over 7 days with no activity may be closed on the forums, but when there is possible feedback expected from the customer I will at least check-in before that happens and @ again.

Thanks for keeping me up-to-date,

Peter.

Hello again,

I finally managed to find some time and attend this matter.

In order for my website to work, essentially after ‘optimizing’ I had rename my ‘.user.ini’ to a different filename, leaving everything else as is. I reverted it back and was ready to investigate the PHP errors. However, to my surprise it now seems to be working, essentially, without me doing anything new! I don’t know if any updates happened in the background that led to this though.

However, you mentioned somewhere that ‘when optimized’ I should be seeing 84% for the free version – but I now see 55% for the WAF, which maybe leads me to believe that I haven’t done something properly (again!). I am posting a screenshot of my screen to see if it helps.

View post on imgur.com

Hi @scooterlord,

That’s good news on the .user.ini despite it being a slightly unusual fix. If you hover your mouse pointer over the percentage ring, a tooltip should appear and show a list of what needs to be done to increase your percentage, as long as the reporting is working as it should do.

Let me know if you have further questions around the results of this check.

Peter.

Hello again and thanks for the support.

Reads 11% Enable Premium Rules and 35% Enable Real-Time IP Blocklist. This totals to 101%, that’s ok though. So, I assume everything is working, correct?

NS