• Resolved gbeddow

    (@gbeddow)


    Hi,

    I upgraded to WordFence 6.1.1 this morning, but trying to configure its firewall displays:

    “We were unable to write to ~/wp-content/wflogs/ which the WAF uses for storage. Please update permissions on the parent directory so the web server can write to it.”

    There are no additional buttons or other options on this screen.

    I tried deactivating two other plugins that potentially conflict with WordFence (NinjaFirewall and Sucuri), changing the Upload setting in NinjaFirewall to allow file uploads, updating to the 6.1.2 version of Wordfence, and uninstalling & reinstalling WordFence: No change.

    Interestingly, the WordFence firewall configures OK on some other sites I manage, just not this one – and those other sites have NinjaFirewall and Sururi configured similarly to this one.

    I’d be happy to manually configure some permissions, but it’s not clear from the error message precisely which directory is “the parent directory”, or what permissions WordFence needs. I did note, however, that the wflogs directory has “the usual” files in it, so WordFence is able to write to that directory:

    # ls -al /ReadyNAS-Volume/public_html/wp-content/wflogs
    total 88
    drwxr-xr-x+ 1 admin admin   128 Apr 12 10:40 .
    drwxrwxrwx+ 1 guest guest   142 Apr 12 09:35 ..
    -rw-rw-rw-+ 1 admin admin 40083 Apr 12 09:35 attack-data.php
    -rw-------+ 1 root  root    711 Apr 12 10:40 config.php
    -rw-rw-rw-+ 1 admin admin   133 Apr 12 09:35 .htaccess
    -rw-rw-rw-+ 1 admin admin    51 Apr 12 09:35 ips.php
    -rw-rw-rw-+ 1 admin admin 18457 Apr 12 09:35 rules.php
    -rw-rw-rw-+ 1 admin admin 13814 Apr 12 09:35 wafRules.rules

    Any ideas?

    Thanks.

    https://www.ads-software.com/plugins/wordfence/

Viewing 11 replies - 1 through 11 (of 11 total)
  • Same error

    Plugin Contributor wfmatt

    (@wfmatt)

    Hi gbeddow,

    It looks like the config.php (currently 0600) file needs to be writable by the web server and the wflogs directory (currently 0755) itself also needs to be writable. You can either change the permissions on the file and directory, or change the owner to the web server’s user. Either way should work, let me know if you still run into issues.

    Thanks,
    Matt

    Ditto… is this a valid request from Wordfence? Not too quick to change permissions without validation.

    Thread Starter gbeddow

    (@gbeddow)

    wflogs appears to be a new directory introduced in Wordfence 6.1.1.

    That being the case, why is this failing?

    I’m trying to be pragmatic here, and not as hesitant as RGrissom when it comes to manually changing file permissions, but some assurances from Wordfence along the lines of what he’s asking seems appropriate in the circumstances.

    Why does this newly-introduced directory/file have the “wrong” permissions? Will it be fixed in an update to Wordfence?

    Plugin Contributor wfmatt

    (@wfmatt)

    wflogs is a new directory introduced in 6.1.1 which contains file necessary for the Web Application Firewall to run. The files and the directory itself need to be writable by the web server user for the Firewall to run, but the rest of Wordfence will continue to function normally otherwise.

    @gbeddow To answer your question about the permissions on your files and directory, this can be caused by updating Wordfence via WP-CLI or another command line utility (run by the admin user in your case). I would recommend changing ownership of the files and the directory to your web server’s user and making them writable by only that user. We will be adding an installation process using WordPress’s File System API to help create those files with the correct permissions in a maintenance release in the near future.

    Thread Starter gbeddow

    (@gbeddow)

    Thanks wfmatt for the explanation.

    In case this was the cause for other folks, here’s what was triggering this on my server and how I dealt with it:

    I found that, even after manually setting the owner of wflogs/config.php to admin (the web server user on my server), every 5 minutes it would get set back to root. That was because, on a low traffic site like mine, the standard wp-cron mechanism which relies on traffic to the site to do its work was simply too unreliable. So a long time ago I turned it off, then created a crontab job (from root) to run wp-cron every 5 minutes. That worked great for the most part, but wp-cron apparently triggers something in Wordfence that writes to wflogs/config.php, in the process changing its owner – in this case back to root. So the solution was to remove wp-cron from crontab, then create a file in /etc/cron.d where you can specify the user. It looks something like this:

    # m   h     dom   mon   dow   user    command
    */5   *     *     *     *     admin   cd /ReadyNAS-Volume/public_html/; /usr/bin/php -q /ReadyNAS-Volume/public_html/wp-cron.php >> /ReadyNAS-Volume/rsyslog/wp-cron.log 2>&1

    The owner of wflogs/config.php stopped changing, and I was able to configure the Wordfence firewall.

    Thread Starter gbeddow

    (@gbeddow)

    resolved

    I have version 6.1.2 with the same issue. But there is no wflogs directory on my server!! Any idea?

    Like @loocarius I don’t have ~/wp-content/wflogs/

    Plugin Author WFMattR

    (@wfmattr)

    @loocarius and @rgrissom: This most likely means that your wp-content folder is not writable by the user that the web server runs as — if you can temporarily adjust the permissions on wp-content itself, and refresh the page where you see the warning about the missing directory, it should be created then.

    If you still have trouble and need more details, please make a new post using the form at the bottom of the Wordfence forum here. (The www.ads-software.com forum rules ask us to keep each person’s issues separate, and it also helps us keep track of open issues, so no one gets skipped in long posts.) Thanks!

    -Matt R

    Thank you Matt R it worked!

    Noted regarding new posts!!

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Firewall doesn't configure – directory permissions’ is closed to new replies.