wfchar

Hi @pidho1,

Do you have access to your error logs? It looks as though you may be running out of memory when Wordfence is enabled. Another way to test would be to disable all plugins and only enable Wordfence and see if the layout is still failing to load.

Hi @ufosolutions,

You may need to enable another option when you disable mysqli. Do you see an option to enable either mysqlnd or nd_mysqli?

If neither is available, you may need to contact your hosting company’s support to ask about available alternatives for mysqli.

Hi @ufosolutions,

We’ve determined that there is a bug with MariaDB on Cloudlinux. A temporary fix would be to disable the “mysqli” PHP extension. If you don’t have a control panel that lets you choose PHP extensions, your host will have to help.

Apologies for the delay in getting a response to you!

Hi @gt750j,

Is your host using MariaDB 10.2.15 on Cloudlinux? If so, a temporary fix would be to disable the “mysqli” PHP extension. If you don’t have a control panel that lets you choose PHP extensions, your host will have to help.

Hi Michael,

Thanks for the update!

You’ll need to speak to your host or server administrator about curl_exec() being disabled, as that functionality is used by the firewall and is likely behind the rules not being generated. Once that has been re-enabled, you should be able to go through the regeneration routine and have wafRules.rules generate correctly.

Please let me know how it goes with re-enabling and regenerating!

• This reply was modified 6 years, 4 months ago by wfchar.

Hi Michael,

Since it looks like everything is correct permissions-wise and we’re not seeing issues with communicating with our servers, we’re going to need to do the recreation process again with debugging enabled to try and better see what’s happening on your end. Before following these steps, please make sure that your server has PHP error logging enabled and that you have access to those logs, as I’ll need you to send them to me after.

Here’s what I’d like you to do:

1. Go to Tools > Diagnostics, scroll all the way down to Debugging Options, then check “Enable debugging mode”
2. Make sure WordPress’s error logging is enabled. There is an example of how to do this under “Example wp-config.php for debugging” here
3. Delete the wflogs folder
4. Let wflogs be recreated by visiting any page as admin
5. Check if wflogs was recreated properly (at this point we’re expecting .rules to still be missing/blank)
6. Send the debug log generated by WordPress and the PHP error log from your server to [email protected]

Thanks in advance, and I appreciate your patience with this process!

Hi @cotswoldphoto,

Table locking is a mechanism that is used to keep data from being corrupted by simultaneous edits to a database table, but can prevent backups from running due to the table being in use while the backup process is trying to take a snapshot. The backup then fails because it was unable to read the table.

Can you have Cloudways provide more detailed information on the tables that are locking and any messages that are being generated?

Also, could you please go to Tools > Diagnostics, click “Send Report by Email”, and send the report to [email protected]? Please include your forum username in the Forum Username field.

Thanks!

Hi Michael,

Thanks for sending in the additional information. Can you confirm that the owner for the wflogs folder and the files in it are owned by the same user that’s in your WordPress path?

Thanks!

Hi Mike,

We’re seeing some unusual responses from the server. First, there’s a 403 error that’s occurring when either browsing the site or testing one of the URLs:

$ curl -IL https://[redacted]/?wordfence_lh=1&hid=38C0A4DF8C7B028EC7512FF653E4858D
[1] 35194
HTTP/1.1 403 Forbidden
Date: Tue, 10 Jul 2018 00:21:37 GMT
[redacted]

Is there some block or rule in place that is returning a 403 under these conditions? You may need to reach out to your hosting to determine why these URLs are not being processed by WordPress.

We also noticed when we were checking for a Wordfence install that wp-content/plugins/wordfence/readme.txt is triggering a 404; did you remove this file?

Thanks!

• This reply was modified 6 years, 4 months ago by wfchar.

Hi @ufosolutions,

Thank you for providing the additional information! We’re looking over the issue now.

Hi @seanbanksbliss,

Could you please go to Tools > Diagnostics, click “Send Report by Email”, and send the report to [email protected]? Please include your forum username in the Forum Username field.

Can you tell us a little more about your hosting setup? Your DNS records shouldn’t be changing this often, which is why the alert is being triggered.

Thanks!

Hi @synchro,

Wordfence does need to have the ability to write to the filesystem in order to maintain configuration and definition files. However, you can change the WAF log file location by defining WFWAF_LOG_PATH in wordfence-waf.php if the WAF will be optimized, or it can be defined in wp-config.php if you are only running it in WordPress. If your site can’t write to the web root, you’ll also need to set up wordfence-waf.php manually.

A typical wordfence-waf.php looks like this (WFWAF_LOG_PATH defined here can be changed to any writable location):

<?php
// Before removing this file, please verify the PHP ini setting 'auto_prepend_file' does not point to this.

if (file_exists('/var/www/html/wp-content/plugins/wordfence/waf/bootstrap.php')) {
        define("WFWAF_LOG_PATH", '/var/www/html/wp-content/wflogs/');
        include_once '/var/www/html/wp-content/plugins/wordfence/waf/bootstrap.php';
}

Let me know if you have any further questions or concerns!

Hi @mtkalich,

Could you please try removing /wp-content/wflogs again? After you do, instead of recreating the rules file, please go to Tools > Diagnostics, click on “Send Report by Email”, and send it to [email protected]. Please include your forum username in the Forum Username field.

Once the report is sent, please copy any error messages you see or notices here as well.

Thanks!

Hi @ufosolutions,

Could you please go to Tools > Diagnostics, click “Send Report by Email” and send it to [email protected] (please include your forum username in the Forum Username field)?

Also, are you running on CloudLinux?

Thanks, and I’ll let you know as soon as I receive the report from you!

Hi Alex,

It looks like you’ve got some PHP session files left in there, too, which points toward PHP not being configured to handle cleanup in /tmp. There are two ways to tackle this moving forward:

1. See if Siteground can help you set up PHP to clean up the directory, and determine why your Wordfence updates are being interrupted. They’re completing at some point, but the temporary files aren’t being removed automatically.

2. Set up a cron task to automatically clean files in that directory. You can use something like this: find /[path to your tmp directory] -type f -maxdepth 1 -atime +0 | xargs rm -f

Let me know if you have any further questions or concerns!