What goes in my .gitignore file for Wordfence?

Hi Henry,
This file -along with other files in “wflogs” directory- contains the firewall data that must be written to the file system because the firewall runs before everything else on your website (including the database) so there is no option to write these configurations into the database.

Answering to your questions:
Since your website is being developed locally (and I bet the staging server has a limited access also) I understand that you might need to disable the Firewall for now or untrack the “wflogs” files, but I don’t recommend that, instead I recommend keeping the firewall activated and running with “Enabled and Protecting” status, as some requests might be blocked as false positive (especially if you are running a theme with a page builder for example) so you have to experience this behavior and whitelist these requests manually.

One thing to recommend here is to follow “Migrating Wordfence” guide before moving your website from staging to live environment. “Disabling the Firewall before migrating is highly recommended”.

Thanks.

Thanks for your reply @wfalaa. The options are a lot more complicated than I thought they would be! ??

People like me who are developing locally will be doing regular daily deploys to both staging and production sites and it seems like quite a few manual steps are required (no matter which strategy I adopt), or for me to develop a Bash script that I have to integrate and call from my Capistrano deploy script.

So here are my further questions, and an alternate migration strategy I propose at the end of the message:

.gitignore question

Does your answer mean that I can leave all files in the wflogs directory outside source control (ie in my .gitignore file)?

I understand that what you are saying is that they will be recreated on website startup if they do not exist? So if I migrate an empty directory to my Staging or Production servers, the wflogs files will be recreated on startup..?

Migration strategy

I have looked at the Migrating WordFence guide you sent, and for my situation, the easiest option seems to be the “Deactivate and reactivate” strategy as described here:

https://docs.wordfence.com/en/Migrating_wordfence#Migrate_Wordfence_by_Disabling_and_Resetting_the_Wordfence_Plugin

Would this strategy be compatible with leaving the wflogs directory outside source control as I described above?

As my Local, Staging and Production .htaccess files are not under source control, if I re-activate Wordfence on Production and the .htaccess file there already has the modifications required for Wordfence, will Wordfence cope with that?

Alternate strategy

What if I left Wordfence deactivated on my Local development Macbook, and only activated it when I did a deploy to Staging or Production? That way I could leave the wflogs directory out of source control as it would always be empty on my Local machine? What do you think?

———-

Sorry for my confusion and mess of options, but I hope that if we get a workable strategy it will help others in my situation to use your essential plugin.

Thanks

• This reply was modified 7 years, 2 months ago by Henry Scullion.

First, “wflogs” will be created automatically if it was missing when you reload the firewall settings page for example.

Deactivating and re-activating the plugin with “Delete Wordfence tables and data on deactivation” option enabled should have no problem at all regarding the firewall setup and .htaccess file, since you will have to setup the firewall again on staging/live server.

Finally, you are good to go with your last approach.

Thanks.

Thanks @wfalaa, I will add wflogs directory to my .gitignore, and go with my last approach – developing on my laptop with Wordfence deactivated, then activate it after I deploy my site to Staging or Production servers.

Thank you @henscu and @wfalaa for the discussion.

I had the same query. Answered.