Files created in wflogs before plugin activated

Hi @jamieburchell,

The even stranger occurrence is that wordfence-waf.php is being appended to requests. Even if you’d activated Wordfence after installation, it isn’t until you enable Extended Protection on the WAF that your server platform is even detected and auto_prepend_file (in most cases, from .htaccess) tells that file to run before content is served to the user’s browser. It’ll run in Basic Protection by default when that hasn’t been done yet.

I would suspect that Wordfence is already running on a site elsewhere on the server and this new installation is in a child folder, so is being affected by another .htaccess? Could you clarify the platform/host and whether this new site is entirely standalone?

Thanks,
Peter.

Ah, that explains it @jamieburchell.

Using auto_prepend_file to load the WAF’s bootstrap file allows the WAF code to run before WordPress starts, just like it does when setting it up through the UI. It will create its default files including those in wflogs if they don’t already exist.

When its configuration files don’t exist yet, the defaults will start it in Learning Mode just as it does when activating the plugin first time.

Thanks,
Peter.

Hi @jamieburchell.

As auto_prepend_file is a PHP directive, it’ll run whatever you put there. When optimizing the firewall rather than running in Basic Protection mode, Wordfence will usually add this as part of the process so would need to be activated at that time. However, if you add it manually yourself, it tells wordfence-waf.php to run after PHP loads, but before anything else including WordPress loads – so it can’t check for whether the plugin is active or not. This is how Wordfence in Extended Protection helps protect your site, as blocked IPs or malicious code will be stopped before anything is served to the browser.

Thanks again,
Peter.