Paano manalo ng football studio?.REGISTER NOW GET FREE 888 PESOS REWARDS!

cag8f
(@cag8f)

6 years ago

Hello. Does Wordfence add code to my .htaccess file? I have installed the plugin and activated it with default settings. I see a section in my .htaccess entitled

# Wordfence WAF

I assume that was added by Wordfence? If so, I have two questions:

1. Can you tell me exactly which code is added by Wordfence? In addition to the section beginning with # Wordfence WAF and ending with # END Wordfence WAF, there is a separate section beginning with <Files xmlrpc.php>. Is that from Wordfence as well? Does Wordfence add any other code to .htaccess?

2. If I deactivate Wordfence, will this code be removed from .htaccess? I ask because I have done deactivated Wordfence, yet the code is still present.

Thank you.

Viewing 5 replies - 1 through 5 (of 5 total)

wfdave
(@wfdave)

6 years ago
Hi @cag8f,

The code that Wordfence adds to .htaccess is:
```
# Wordfence WAF
<IfModule mod_php7.c>
	php_value auto_prepend_file '/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>

# END Wordfence WAF
```
This allows wordfence-waf to run before every PHP script. The additional code blocks any web access to .user.ini.

The code added to .htaccess is not removed when deactivating Wordfence, so you’ll want to go in and remove it manually. (However, the code is removed upon uninstall)

Dave
Thread Starter cag8f
(@cag8f)

6 years ago
Thanks for that. So to confirm, the following code is *not* added by Wordfence:
```
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 123.123.123.123
</Files>
```
Is that correct?

> The code added to .htaccess is not removed when deactivating Wordfence, so you’ll want to go in and remove it manually. (However, the code is removed upon uninstall)

OK. So does this mean that even when I deactivate Wordfence, wordfence-waf is still run before every PHP script, and web access is still blocked to .user.ini?
Thread Starter cag8f
(@cag8f)

6 years ago

Hello. Any update to this post?

Thanks.

WFSupport
(@wfsupport)

5 years, 12 months ago

We do not add that to the htaccess file.

Tim

Thread Starter cag8f
(@cag8f)

5 years, 11 months ago

OK. That answers the first question. What about the second question:

Does this mean that even when I deactivate Wordfence, wordfence-waf is still run before every PHP script, and web access is still blocked to .user.ini?

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Wordfence .htaccess modifications’ is closed to new replies.