Firewall Optimization False Positive

  • Resolved 2oddballs

    (@2oddballs)


    2 years, 1 month ago

    I have a couple of my sites that have had the free version of Wordfence installed for several years. The firewall optimization was already optimized, and randomly the notification to optimize the Wordfence Web Application Firewall has popped back up as it does when you first install.
    “To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall: [Click Here to Configure] [Dismiss]”

    Our server is LightSpeed. I tried “running” the optimization again, however the message never went away like normal. I fully uninstalled WordPress, made sure all files were taken out of our server and fully reinstalled – yet I cannot get the message to go away on a couple sites.
    I tried looking into doing a manual install without any success.

    So I reached out to our hosting provider support, where they logged into our wordpress sites and tried troubleshooting the error. They looked over the php.ini, .htaccess and user.ini files and they all read correct. They found all files were showing correct and that the message we were seeing was a false positive. Since seeing this error on these sites the percentage showing on the Web Application Firewall for stopping complex attacks has dropped tremendously.

    I dont know if this is some fluke that is randomly happening on just a select few of the sites or if there is a bug or conflict happening.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)

  • Hi @2oddballs

    In version 6.3.12 and later, Wordfence should automatically detect LiteSpeed and servers using the “lsapi” module. If you use a variant of LiteSpeed and the automatic setup is not working, please let me know.

    If your server uses the “lsapi” module and shows that “Basic WordPress Protection” is still active after the firewall optimization, first check that you are using the latest version of Wordfence, and update it if necessary. Otherwise, you may need to add the section below to your “.htaccess” file.

    <IfModule lsapi_module>
    php_value auto_prepend_file ‘/path/to/site/wordfence-waf.php’
    </IfModule>

    You can confirm if your server is using the “lsapi” module by going to the “Tools” > “Diagnostics” page. Expand the “Other Tests” section and click on the link that says “Click to view your system’s configuration in a new window”. If the “Server API” field near the top of that page says “LiteSpeed” then search for “$_SERVER[‘SERVER_SOFTWARE’]” near the bottom of the page. If it says “Apache” then this change should be what you need:

    If none of this helps, can you let me know if you are running any: firewalls, other security plugins, proxies, etc?

    Thanks,

    Joshua

Viewing 1 replies (of 1 total)
  • The topic ‘Firewall Optimization False Positive’ is closed to new replies.