Matt

I am running windows and adding the line works for me. If you actually read the thread they said, “This disables the firewall code, but it won’t change the status shown on the Firewall page.”

I haven’t tried this yet, but he said earlier–

In the meantime, adding this line to wp-config.php should still disable the firewall:
define(‘WFWAF_ENABLED’, false);

Sorry about that, PHP version: 5.5.24

Yes, I see this at the bottom of the page:

Warning: rename(D:\path_to\wp/wp-content/wflogs/config.php,D:\path_to\wp\wp-content\wflogs\con77D0.tmp): The process cannot access the file because it is being used by another process. (code: 32) in D:\path_to\wp\wp-content\plugins\wordfence\vendor\wordfence\wf-waf\src\lib\storage\file.php on line 41

Warning: rename(D:\path_to\wp\wp-content\wflogs\con77C0.tmp,D:\path_to\wp/wp-content/wflogs/config.php): Access is denied. (code: 5) in D:\path_to\wp\wp-content\plugins\wordfence\vendor\wordfence\wf-waf\src\lib\storage\file.php on line 42

I was able to delete the file and then just refresh a page to have it recreated. I then tried disabling it again and then even tried unchecking a rule, neither of which actually saved. I then deleted the new one and restored the old one. All without restarting IIS.

Same as Keanon. Gets recreated on deletion but otherwise the file time stamp does not change.

Ok, now we’re beginning to more into CAPS territory ??

… This is still not fixed with the update today (4/15). Still cannot disable the firewall.

Yup, no errors here either.

request:

wafStatus=disabled&learningModeGracePeriodEnabled=1&learningModeGracePeriod=04%2F20%2F2016+08%3A16am
+-0400&ruleEnabled=1&ruleEnabled=2&ruleEnabled=3&ruleEnabled=9&ruleEnabled=11&ruleEnabled=12&ruleEnabled
=13&ruleEnabled=14&ruleEnabled=15&ruleEnabled=16&ruleEnabled=17&ruleEnabled=18&wafConfigAction=config
&action=wordfence_saveWAFConfig&nonce=EDITEDoutBYmattFORpostingONwpFORUM

response:

{"success":true,"data":{"learningMode":false,"rules":{"18":{"ruleID":18,"type":null,"category":"priv-esc"
,"score":null,"description":"User Roles Manager Priviledge Escalation <= 4.24","action":"block"},"1"
:{"ruleID":1,"type":null,"category":"whitelist","score":null,"description":"Whitelisted URL","action"
:"allow"},"2":{"ruleID":2,"type":null,"category":"lfi","score":null,"description":"Slider Revolution
: Local File Inclusion","action":"block"},"15":{"ruleID":15,"type":null,"category":"xss","score":null
,"description":"dzs-videogallery 8.80 XSS HTML injection in inline JavaScript","action":"blockXSS"},"16"
:{"ruleID":16,"type":null,"category":"sqli","score":null,"description":"Simple Ads Manager <= 2.9.4.116
 - SQL Injection","action":"block"},"17":{"ruleID":17,"type":null,"category":"rfi","score":null,"description"
:"Gwolle Guestbook <= 1.5.3 - Remote File Inclusion","action":"block"},"3":{"ruleID":3,"type":null,"category"
:"sqli","score":"40","description":"SQL Injection","action":"failSQLi"},"9":{"ruleID":9,"type":null,"category"
:"xss","score":"100","description":"XSS: Cross Site Scripting","action":"failXSS"},"11":{"ruleID":11
,"type":null,"category":"file_upload","score":null,"description":"Malicous File Upload","action":"block"
},"12":{"ruleID":12,"type":null,"category":"lfi","score":null,"description":"Directory Traversal","action"
:"block"},"13":{"ruleID":13,"type":null,"category":"lfi","score":null,"description":"LFI: Local File
 Inclusion","action":"block"},"14":{"ruleID":14,"type":null,"category":"xxe","score":null,"description"
:"XXE: External Entity Expansion","action":"block"}},"whitelistedURLParams":[],"disabledRules":[],"isPaid"
:false},"nonce":"EDITEDoutBYmattFORpostingONwpFORUM"}

p.s. I don’t think it has been mentioned by anyone but I am running wordfence as network activated on my multisite, if it makes a difference.

I am having a similar problem.

I am able to disable the firewall, but the ALERT, to enable the application firewall, at the top of EVERY WordPress admin page is STILL visible. I don’t want this alert at the top of EVERY WP admin page – ESPECIALLY if I have DISABLED the application firewall.

PLEASE DISABLE.

I don’t think all the CAPS are particularly necessary.

On the wordfence options page I was able to turn on “Automatically updates Wordfence to the newest version within 24 hours of a new release” as a test. Write access is granted on that directory / files.

I’m running IIS and the settings within W3 total cache control everything. I was hoping for something like a “call set_expires_timesout(###)” function I could call or something along those line for just that blog.

Bump

bueller?

Yes, I suppose it would. Not going to be able to convince the powers-that-be to purchase though, unfortunately.

Did you install the latest update? Pretty sure I saw the fix in the release notes.

Edit: and is this a new problem or first time using it?