Skip to content

WordFence blocking 3rd party PHP scripts

Ok so this was a mind bender.

Installed WordFence in the main website. Works great.

Went to use a completely different PHP script that was hosted on a different subdomain.

Nope! WordFence firewall popped up blocking the action (I was submitting a form with some URLs in it)

What the hell? How does a WordPress plugin on a separate subdomain block access to my non-WordPress PHP script?

Mind bender:

wordfence-blocked

After much .htaccess and folder renaming, a grep through the code led me to the php_value “auto_prepend_file”

Yep WordFence created a file .user.ini in my root folder with this content in it:

; Wordfence WAF
auto_prepend_file = '/web/site.net/public/wordfence-waf.php'
; END Wordfence WAF

So now all my non-WordPress PHP scripts are loading the WordFence firewall.

Kinda cool that it still works, but also kinda annoying.

 

The fix was to remove the .user.ini file and set this php_value via .htaccess so it only applies to my WordPress installation.

Published inWordPress

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

© dtbaker.net