wordfence-waf.php

  • Resolved sakuwasan

    (@sakuwasan)


    3 years, 4 months ago

    Hi Wordfence,
    I found this message after I installed Wordfence plugin. What should I do now ?

    To make your site as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP setting called auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP setting is currently in use, and is including this file:

    /home/mydomainname.com/directory_name/public_html/malcare-waf.php
    If you don’t recognize this file, please contact us on the WordPress support forums(opens in new tab) before proceeding.

    You can proceed with the installation and we will include this from within our wordfence-waf.php file which should maintain compatibility with your site, or you can opt to override the existing PHP setting.

    What is the safest solutions for this ?

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @sakuwasan and thank-you for your message.

    The file you mention (malcare-waf.php) refers to an alternative security plugin called Malcare. We’ve seen sites at Cloudways, for example, with Malcare as they provide it as part of some hosting packages.

    If you wanted to leave Malcare installed, the INCLUDE option in our WAF optimization wizard should override the Malcare auto_prepend_file value so that our wordfence-waf.php file would then include malcare-waf.php. You may need to consult with your host if you wish to remove Malcare altogether though in case there are any unforeseen effects.

    Just as a note, there may be overlapping features when running two security plugins concurrently that can cause performance issues if both are scanning for the same vulnerabilities or checking the same files concurrently, so it would be advised to choose your preferred security plugin option and stick with that going forward.

    Let me know how you get on!

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘wordfence-waf.php’ is closed to new replies.

Tags