Optimizing The Wordfence Firewall

  • Resolved kateharris

    (@kateharris)


    9 months, 1 week ago

    Hey guys, I have a message saying the following: To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall. When I configure and download the .HTACCESS, I get an Installation Failed message of: We were unable to make changes to the .htaccess file. It’s possible WordPress cannot write to the .htaccess file because of file permissions, which may have been set by another security plugin, or you may have set them manually. Please verify the permissions allow the web server to write to the file, and retry the installation.

    Would anyone know how to fix this?

    The site’s theme is Kadence using Gutenberg. There are a few code snippets which are being used on the site. I’m not sure if these could be causing the issue at all

    <span id="docs-internal-guid-d3a43e49-7fff-ad42-b57c-45c7f6f873c6">
    <span style="font-size: 11pt; font-family: Arial, sans-serif; background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">Remove Google Fonts</span><span style="font-size: 11pt; font-family: Arial, sans-serif; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">function disable_google_fonts() {<span class="Apple-tab-span" style="text-wrap: nowrap;">	</span>return false;}add_filter( 'print_google_fonts', 'disable_google_fonts' );

</span>
    </span>
    <span style="text-decoration: underline;">Ensure Webfont is Loaded
</span>
function custom_font_display( $current_value, $font_family, $data ) {
	return 'swap';
}
add_filter( 'font_display', 'custom_font_display', 10, 3 );

    <span style="text-decoration: underline;">Stop Lazy Load
</span>
add_filter( 'wp_lazy_loading_enabled', '__return_false' );

    <span style="text-decoration: underline;">Remove Unused JS
</span>
/**
 * We will Dequeue the jQuery UI script as example.
 *
 * Hooked to the wp_print_scripts action, with a late priority (99),
 * so that it is after the script was enqueued.
 */
function wp_remove_scripts() {
// check if user is admina
 if (current_user_can( 'update_core' )) {
            return;
        } 
 else {
    // Check for the page you want to target
    if ( is_page( 'homepage' ) ) {
        // Remove Scripts
  wp_dequeue_style( 'jquery-ui-core' );
     }
 }
}
add_action( 'wp_enqueue_scripts', 'wp_remove_scripts', 99 );

    <span style="text-decoration: underline;">Explicit Fixed Width and Height
</span>
add_filter( 'the_content', 'add_image_dimensions' );

function add_image_dimensions( $content ) {

    preg_match_all( '/<img[^>]+>/i', $content, $images);

    if (count($images) < 1)
        return $content;

    foreach ($images[0] as $image) {
        preg_match_all( '/(alt|title|src|width|class|id|height)=("[^"]*")/i', $image, $img );

        if ( !in_array( 'src', $img[1] ) )
            continue;

        if ( !in_array( 'width', $img[1] ) || !in_array( 'height', $img[1] ) ) {
            $src = $img[2][ array_search('src', $img[1]) ];
            $alt = in_array( 'alt', $img[1] ) ? ' alt=' . $img[2][ array_search('alt', $img[1]) ] : '';
            $title = in_array( 'title', $img[1] ) ? ' title=' . $img[2][ array_search('title', $img[1]) ] : '';
            $class = in_array( 'class', $img[1] ) ? ' class=' . $img[2][ array_search('class', $img[1]) ] : '';
            $id = in_array( 'id', $img[1] ) ? ' id=' . $img[2][ array_search('id', $img[1]) ] : '';
            list( $width, $height, $type, $attr ) = getimagesize( str_replace( "\"", "" , $src ) );

            $image_tag = sprintf( '<img src=%s%s%s%s%s width="%d" height="%d" />', $src, $alt, $title, $class, $id, $width, $height );
            $content = str_replace($image, $image_tag, $content);
        }
    }

    return $content;
}


    <span style="text-decoration: underline;">Remove WordPress Media Images from being Created for no reason
</span>
function add_image_insert_override( $sizes ){
    unset( $sizes[ 'thumbnail' ]);
    unset( $sizes[ 'medium' ]);
    unset( $sizes[ 'medium_large' ] );
    unset( $sizes[ 'large' ]);
    unset( $sizes[ 'full' ] );
    return $sizes;
}
add_filter( 'intermediate_image_sizes_advanced', 'add_image_insert_override' );

    I really appreciate any help or advice you might have.

    Thank you,

    Kate

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @kateharris, thanks for getting in touch.

    If the .htaccess isn’t writeable, this can be as simple as changing file permissions on your WordPress directory (and files within) to 755 with an owner of www-data. If that doesn’t work, I’d consider reaching out to your host or server administrator to check whether you are able to make changes to .htaccess on your site, as in rare cases these can be restricted.

    If you’re comfortable doing so, you could also try populating the following at the top of your .htaccess file manually:

    ; Wordfence WAF
auto_prepend_file = '/your/path/to/wordfence-waf.php'
; END Wordfence WAF

    wordfence-waf.php should be in your site’s root folder, and you can discover the path you should use by visiting Wordfence >Tools > Diagnostics > WordPress Settings > ABSPATH.

    A typical wordfence-waf.php looks like this, so you can also create this file yourself and populate it with this information if Wordfence wasn’t able to create it:

    <?php
// Before removing this file, please verify the PHP ini setting <code>auto_prepend_file</code> does not point to this.
if( ! defined('WFWAF_STORAGE_ENGINE')) { define('WFWAF_STORAGE_ENGINE', 'mysqli'); }

if (file_exists(__DIR__ . '/wp-content/plugins/wordfence/waf/bootstrap.php')) {
	define("WFWAF_LOG_PATH", __DIR__ . '/wp-content/wflogs/');
	include_once __DIR__ . '/wp-content/plugins/wordfence/waf/bootstrap.php';
}

    I’d recommend making a backup of your site before attempting any manual changes, just so it can be reinstated afterwards should you encounter any problems.

    Let me know how you get on!
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Optimizing The Wordfence Firewall’ is closed to new replies.