WORDFENCE WAF optimization problem

Hi @mirko2511, thanks for reaching out to us.

The main step that might be different from your previous environment is that Litespeed noabort code needs to be added to stop communication stopping abruptly, usually during scans: https://www.wordfence.com/help/advanced/system-requirements/litespeed/

Wordfence firewall optimization should only want to modify your .htaccess/.user.ini files with an auto_prepend_file directive rather than your php.ini.

If none of that information seems to help, can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks,

Peter.

Hello, and thank you for your replay.
I dont have problems to scan, i just cant succesfully optimise firewall.
I have used this morning Wordfence utility, and completly deleted all data and reinstalled wordfence, now its in learning period, but optimisation is unfinished again.
I have send email diagnostic report. thank you..

Email Diagnostic Report
Diagnostic report has been sent successfully.

Hi @mirko2511, thanks for sending that over!

I don’t see any communication or file permission issues that would suggest something clearly wrong with your configuration. OpenLiteSpeed has a different configuration when optimizing the firewall but I can clearly see you’re on LiteSpeed V8.0.1 Cloudlinux 1.3

The ways to manually optimize at hosts where the Wizard can’t do it automatically are highlighted at: https://www.wordfence.com/help/firewall/optimizing-the-firewall/#alternative-hosting-provider-setups

Do any of those ways of manually added the code in .htaccess/.user.ini (which I see are present on your diagnostic) work for you?

If you have no control panel and your host are saying that php.ini can’t be edited on their platform, you may have to ask them whether there is any way to achieve this or if Wordfence is known to be incompatible with their platform.

Thanks,

Peter.

Hello and thanks again.
My host provider told me that they dont have any information of clients having issue with wordfence sofar.

I will tell you something that i forgot to mention, my site was earlire on PHP 7.4 after migration i have changed PHP version to 8.1 maybe it has something with my problem also.
We have added folowint to .htacess file at the bottom:

# Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file '/home/wizardrs/public_html/wordfence-waf.php'
</IfModule>
<IfModule lsapi_module>
php_value auto_prepend_file '/home/wizardrs/public_html/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>

# END Wordfence WAF

In same directory there is .user.ini file with following code:

; Wordfence WAF
auto_prepend_file = ‘/home/wizardrs/public_html/wordfence-waf.php’
; END Wordfence WAF

In same directory there is wordfence-waf.php file with following:

<?php
// Before removing this file, please verify the PHP ini setting <code>auto_prepend_file</code> does not point to this.

if (file_exists(__DIR__.'/wp-content/plugins/wordfence/waf/bootstrap.php')) {
	define("WFWAF_LOG_PATH", __DIR__.'/wp-content/wflogs/');
	include_once __DIR__.'/wp-content/plugins/wordfence/waf/bootstrap.php';

Is there something that we maybe didnt do correct?
As i can see, if we did everything correct, then for some reason, wordfence is not seeing this changes to .htaccess etc.
Thank you in advance

We have also tested wordfence on same host using PHP7.4 and it looks that it works.
So it could be problem with PHP8.1 compatibility.
Can we do anything about this?

Hi Support,

I’d like to chime in here to say that I have exactly the same problem with a cpanel server using Litespeed V8.01, same .htaccess, .user.ini and wordfence.waf contents, except I am using PHP 7.4 and the WAF refuses to optimize. I can even confirm that Diagnostics > Other Tests > System configuration reports the PHP local value option auto_prepend_file has the correct value of /home/extrem12/public_html/wordfence-waf.php. Any assistance would be well appreciated. Thanks.

So after finding a similar issue with the Plesk CP, I tracked down the corresponding Cpanel option and we’re in action!
= SOLUTION: Disable scripts concatenation in WordPress Toolkit
> Cpanel > WordPress Toolkit > Security > Check Security
> Site name > Details
– Disable Disable scripts concatenation for WordPress admin panel
~ It may be necessary to enable then disable this setting.`

OMG thank you a lot,i was alredy giving up.
You just saved my life… o/