Firewall server config setting for WP Engine?

Hi @vitsippa,

The blog post describes changes made to Wordfence’s Storage Engine. The setting for optimizing your firewall still needs to be manually selected by you.

Wordfence’s Storage Engine

When Wordfence updates the rules for the firewall, they are placed within /wp-content/wflogs/*.

However, on websites that have a static file-system, Wordfence is unable to write to that directory. The developers got around this by moving the rules into the database.

By default, Wordfence will still use the folder /wp-content/wflogs/* to store its rules, but if it detects that you’re using WP Engine, it will use the database instead.

A different setting, is when you’re trying to optimize the firewall. Wordfence uses various files (such as .htaccess or .user.ini) to make sure that traffic is routed through the application firewall.

WP Engine uses mod_php, as per this article that says WP Engine stack uses Apache2 and mod_php.

https://code.tutsplus.com/tutorials/the-benefits-of-wp-engine-developer-tools–cms-25471

So after selecting mod_php, WAF should be enabled on your website.

Dave

Thank you, just to be sure:
So the support at the web hotel that told me I should choose “NGINX” in your list was not correct. The right choice in your firewall web server config list is “Apache mod_php”, when using Wordfence together with WP Engine?
And after that the rest will work automatic?

Hi again,

I did another search and noticed that WP Engine has a logo of NGINX on this page: https://wpengine.com/technology/

So choosing NGINX for the optimization should be the right choice. After that, stuff like rate limiting or brute force rules will work normally.

Dave

Good, I will choose NGINX, thank you for taking the time to help me!

So the support was right, that is also good to know ?? This is new to everyone and I could not find any specific info about it anywhere, so just wanted to be sure.

Question solved.

Hi there,

Have the same concern here as we use WP Engine and Wordfence. According to WP Engine Support, we should choose Apache + mod_php.
That’s what I’ve done so far…
Unfortunately, even if the .htaccess file has been modified accordingly it seems some problems are here based on the Diagnostics page.
Checking if web server can read from ~/wp-content/wflogs -> File “attack-data.php” does not exist, File “ips.php” does not exist, File “config.php” does not exist, File “rules.php” does not exist

And that’s true, these files do not exist in the wflogs folder.

I thought about permission issues but it seems that the web server user (wpe-user) is the same as the owner of the wflogs folder.

Running a WP CLI command generates a PHP Warning saying the rules.php file is missing, which is correct.

How can we get those files to be put in the wflogs folder as mine is empty apart from a “GeoLite2-Country.mmdb”.

I’ve also tried to delete this folder and every time it’s generated again, still none of the expected PHP files are present.

Any guidance is welcome to fix this and make sure the extended WAF is correctly working on WP Engine.

Regards,
Nico

I just talked to WP Engine support and I was told to use “apache + mod_php”.

I was able to get confirmation on what the setting needs to be. You’ll need to set it to “apache + mod_php” as this is what WordPress is running on here.

– Tom