Warning Configuration of the Wordfence Web Application Firewall

  • In the last few days, I noticed that Wordfence repeatedly displays on all my websites the below warning EVEN if I configure it successfully (by clicking on the configure, downloading the htaccess/ini files, and hitting complete). The day later, the warning will appear again and this happened for a few days multiples times on many websites that I manage.

    “To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall: Click here to Configure OR Dismiss”

    What can possibly go wrong? All plugins and Wordfence too are all always up-to-date.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @jeriss, thanks for getting in touch.

    I have seen some hosts enforce and even replace .htaccess and/or .user.ini files, so as these are modified due to setting the auto_prepend_file directive, this might be something to reach out and ask your host or server administrator.

    I have seen reports of ini files in locatons like the /etc/php/7.4/fpm/conf.d directory that resets the user_ini.filename to an empty value. You may need to consult your host about this if you don’t have access to this location.

    On some servers, you could use FTP or a file manager to access your .htaccess file in the root directory and make sure this code is input:

    # Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>
</Files>
# END Wordfence WAF

    Then also, in the same directory, edit your .user.ini file with this code:

    ; Wordfence WAF
auto_prepend_file = '/your/path/to/wordfence-waf.php'
; END Wordfence WAF

    Make sure to change the path above with the one where wordfence-waf.php actually resides.

    There is some more information around adding this code and how to manually optimize the firewall here: https://www.wordfence.com/help/firewall/optimizing-the-firewall/#firewall-optimization-setup

    Let me know what you find out!

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Warning Configuration of the Wordfence Web Application Firewall’ is closed to new replies.