Wordfence is including a file from my dev site

  • Resolved cag8f

    (@cag8f)


    5 years, 2 months ago

    Hello. My WordPress dashboard is displaying a Wordfence message:

    >> To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall:

    When I click to configure, it displays this message:

    To make your site as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP setting called auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP setting is currently in use, and is including this file:

/var/www/html/kabult/kabultec.org/dev/wordfence-waf.php

    (screenshots)
    But the path of that file is a path to my dev site, which is on https://kabultec.org/dev/. My dev site also has Wordfence installed and activated. Why is Wordfence on my live site trying to include a file from Wordfence on my dev site? And how can I resolve this issue?

    Thanks.

    • This topic was modified 5 years, 2 months ago by cag8f.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi @cag8f,

    I think because your live and dev site are on the same machine, and they share the same process, the auto_prepend_file is also shared.

    This makes it so that Wordfence can only be installed on one of the sites. Can you try removing auto_prepend_file from your .htaccess, and then try optimizing the firewall on your live site? Once you’ve done that, see if your dev site also works with Wordfence.

    Dave

    Thread Starter cag8f

    (@cag8f)

    @wfdave Thanks for that. My live site has an .htaccess file, and my dev site has a separate .htaccess file. Each has a ‘Wordfence WAF’ section. In my live site’s .htaccess, that section is:

    # Wordfence WAF
<IfModule mod_php5.c>
	php_value auto_prepend_file '/var/www/html/kabult/kabultec.org/wordfence-waf.php'
</IfModule>
<IfModule mod_php7.c>
	php_value auto_prepend_file '/var/www/html/kabult/kabultec.org/dev/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>

# END Wordfence WAF

    While in my dev site’s .htaccess, that section is:

    # Wordfence WAF
<IfModule mod_php5.c>
	php_value auto_prepend_file '/var/www/html/kabult/kabultec.org/dev/wordfence-waf.php'
</IfModule>
<IfModule mod_php7.c>
	php_value auto_prepend_file '/var/www/html/kabult/kabultec.org/dev/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>

# END Wordfence WAF

    Thoughts? The dev site seems to reference the dev site wordfence-waf.php twice, while in one case on the live site, it references the dev site wordfence-waf.php.

    >> Can you try removing auto_prepend_file from your .htaccess

    I can try this. But which .htaccess are you referencing? And which lines specifically should I remove–every line that contains auto_prepend_file?

    Thanks.

    Thread Starter cag8f

    (@cag8f)

    Hi @wfdave Any update to this issue?

    Plugin Support wfscott

    (@wfscott)

    @cag8f

    In your live site’s .htaccess I see:

    <IfModule mod_php5.c>
    php_value auto_prepend_file ‘/var/www/html/kabult/kabultec.org/wordfence-waf.php’
    </IfModule>
    <IfModule mod_php7.c>
    php_value auto_prepend_file ‘/var/www/html/kabult/kabultec.org/dev/wordfence-waf.php’
    </IfModule>

    In the second IfModule there it is referencing a path to the dev site. Can you double check that and change it if it is incorrect and see if you’re still seeing the message?

    Thanks,
    Scott

    Thread Starter cag8f

    (@cag8f)

    @wfscott

    Thanks for the reply. Unfortunately, I’m now currently migrating my site–both live site and dev site–to a new web host. When that completes, my dev site may be configured differently (i.e. it may be on a sub-domain, instead of sub-directory as it is now). In light of that, how about we close this ticket. When my hosting is fully migrated, I can check if this issue is still present. If so, I’ll try your latest suggestion. If there are still issues, I’ll create a new ticket, and reference this ticket at the same time. Sound good?

    Plugin Support wfscott

    (@wfscott)

    @cag8f

    Sounds good — let us know what you find. Hope it all migrates well for you!

    I will resolve this ticket and feel free to reach out if you run into any issues again.

    Scott

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Wordfence is including a file from my dev site’ is closed to new replies.