Cannot optimize firewall

  • Resolved MarcGuay

    (@marcguay)


    1 year, 4 months ago

    Hello. I have modified the .user.iniand .htaccessfiles according to the documentation and the Firewall is still said to be only 35% set up and I am prompted to optimize it. I have verified with phpinfo() that auto_prepend_file is pointing to the correct wordfence-waf.php file and that the paths inside wordfence-waf.php are correct. I would appreciate any help, thanks!

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @marcguay, thanks for getting in touch!

    So we can easily see the platform your site is running on, along with whether PHP sees the auto_prepend_file changes correctly, you can send us a diagnostic report to wftest @ wordfence . com. Use the link at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    I’ll take a look from there to see if there’s anything else that stands out.

    Thanks,
    Peter.

    Thread Starter MarcGuay

    (@marcguay)

    Sent, thanks!

    Thread Starter MarcGuay

    (@marcguay)

    The only thing that I see odd in the diagnostics is that my WP core is installed in a non-standard directory. It is in public_html/wp rather than the webroot.

    Thread Starter MarcGuay

    (@marcguay)

    Can you confirm that the report was received by email?

    Thread Starter MarcGuay

    (@marcguay)

    Any news?

    Plugin Support wfpeter

    (@wfpeter)

    Hi @marcguay, I apologize for the delay in getting to your diagnostic which hadn’t reached our inbox. I’ve now tracked it down.

    I don’t think the path of /public_html/wp should be an issue in itself if WordPress and Wordfence were already installed there by default rather than moved. Like you say, file paths, database/file permissions, connectivity to our server and IP detection all seem good.

    As you are on FPM/FastCGI, use FTP or a file manager to access your .htaccess file in the root directory and make sure this code is input:

    # Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>
</Files>
# END Wordfence WAF

    Then also, in the same directory, add/edit your .user.ini file with this code:

    ; Wordfence WAF
auto_prepend_file = '/your/path/to/wordfence-waf.php'
; END Wordfence WAF

    Make sure to change the path above with the one that you currently see in your .htaccess and ensure auto_prepend_file is removed from .htaccess once you’ve copied it.

    We have seen in rare cases hosts denying configuration of .user.ini/.htaccess to its customers, therefore requiring Wordfence to permanently run in Basic Protection. However, please try the above first. If the firewall isn’t optimized after making those changes, consider consulting your host’s support as to whether you have the ability to modify those settings/files and let us know.

    Thanks,
    Peter.

    Thread Starter MarcGuay

    (@marcguay)

    Hi and thanks for your help. I have access to modify htaccess and .user.ini and my files were already set up as you described above. I’ll post in detail in order to confirm:

    My site’s webroot is public_html.

    /public_html/.htaccess contains:

    ErrorDocument 401 default

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]

# BEGIN WordPress
# Les directives (lignes) entre ??BEGIN WordPress?? et ??END WordPress?? sont générées
# dynamiquement et doivent uniquement être modifiées via les filtres de WordPress.
# Toute modification des directives situées entre ces marqueurs sera surchargée.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress


# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>

# END Wordfence WAF

    /public_html/.user.ini contains:

    ; Wordfence WAF
auto_prepend_file = '/var/www/website.com/public_html/wordfence-waf.php'
; END Wordfence WAF

    /public_html/wordfence-waf.php contains:

    <?php
// Before removing this file, please verify the PHP ini setting auto_prepend_file does not point to this.

if (file_exists(__DIR__.'/wp-content/plugins/wordfence/waf/bootstrap.php')) {
	define("WFWAF_LOG_PATH", __DIR__.'/wp-content/wflogs/');
	include_once __DIR__.'/wp-content/plugins/wordfence/waf/bootstrap.php';
}

    phpinfo() displays the following:

    auto_prepend_file -> /var/www/website.com/public_html/wordfence-waf.php

    Firewall protection remains at Basic. Do you have any other suggestions?

    Thread Starter MarcGuay

    (@marcguay)

    Any updates? (I realize this support is free, it’s just not obvious if I’ve been forgotten or if it’s a normal delay.)

    Thread Starter MarcGuay

    (@marcguay)

    Commenting for visibility in case this thread has been lost again.

    Plugin Support wfpeter

    (@wfpeter)

    Continued: https://www.ads-software.com/support/topic/lost-abadoned-support-topic/

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Cannot optimize firewall’ is closed to new replies.