Firewall on site hosted at one.com

  • Resolved oneofthemany

    (@oneofthemany)


    8 months, 1 week ago

    I have a site hosted through one.com. I’ve tried multiple times (without any luck) to enable the optimized firewall. Do you know if they have changed anything regarding access to the root directories – or are they still not accessible?

    If a supporter see this and would like a log, please inform me of an e-mail or the like for sending information about my site which I would like to keep less public since the optimized firewall is not enabled.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @oneofthemany, thanks for getting in touch.

    The last I was aware, one.com were disabling the use of .user.ini, so we were unable to set auto_prepend_file with .htaccess or php.ini. It may be worth reaching out to your host’s support to see if they’ve now made allowances to set this value anywhere, which should point to the wordfence-waf.php in the root folder of your site.

    Running Wordfence unoptimized still has a good amount of benefit, but it’s not possible to block hits before WordPress and plugins load.

    Thanks,
    Peter.

    Thread Starter oneofthemany

    (@oneofthemany)

    Thank you for the response, Peter! It’s a shame that the option might still be disabled by one.com. I’ll reach out to their support to check if they’ve changed anything. I’ll let you know what they say. ??

    Plugin Support wfpeter

    (@wfpeter)

    Thanks! You can always let us know at genbiz @ wordfence . com if they’ve changed their stance so we can update our information about this host.

    @wfpeter Just saw this thread and I just wanted to chime in with the fact that one.com lists wordfence a popular security plugin (and hence recommended) plugins on their support page here: https://www.one.com/en/wordpress-hosting/how-to-use-wordpress (Search the page for “wordfence” and you’ll find it)

    However, they have partnered with patchstack which is monitoring all wp sites using their own plugin (https://www.one.com/en/about/news/wordpress-vulnerabilities-repaired) so that might have something to do with it.

    Thread Starter oneofthemany

    (@oneofthemany)

    @wfpeter I’ve forgotten to update this with a follow-up. One.com has the same stance as before on the .user.init.

    @se1988 Sounds like a reasonable explanation. A bit annoying that I can’t choose what I want to manage on a server that I’m paying for though. Bit too much sandbox for my liking, but I guess it’s worth it for all ease of use that comes with One.com

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.