auto_prepend_file

  • Resolved born2excite

    (@born2excite)


    3 years, 1 month ago

    Hello Support Superhero’s!

    I have 805 lines of security related rules in my htaccess file, including other optimisations etc.

    The Wordfence auto prepend file rule, meant to load Wordfence BEFORE WordPress, is on line 743 to 761, automatically placed there by Wordfence.

    Since the auto prepend file rule purpose is to load Wordfence before WordPress loads, should I move the Wordfence auto prepend file rule to the top of the htaccess file?

    Thank You!
    Julian

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • wfjoshc

    (@wfjoshc)

    3 years, 1 month ago

    Hi there,

    Great that you reached out!

    You only have to put the auto_prepend file initialization at the top of your .htaccess file if your server is using LSAPI.

    If its not, you can keep it where it is!

    I hope this helps to clarify

    Thanks,

    Joshua

    Thread Starter born2excite

    (@born2excite)

    3 years, 1 month ago

    Hey Joshua @wfjoshc

    Thanks for your help, I appreciate your time.

    Can you please confirm, by LSAPI, do you mean the Microsoft product, Licensing Service API?

    My hosting is on a Siteground shared server.

    Thanks,
    Julian

    wfjoshc

    (@wfjoshc)

    3 years, 1 month ago

    Hi there,

    Thanks for getting back to me!

    By LSAPI I meant LightSpeed SAPI

    I hope this helps!

    Best,

    Joshua

    Thread Starter born2excite

    (@born2excite)

    3 years, 1 month ago

    Hey Joshua @wfjoshc

    My server is using Apache and Nginx as a reverse proxy. So then , the Wordfence auto_prepend file initialization can be placed anywhere in the .htaccess file, even at the end. Is that right?

    Security Threat
    One other thing, does Wordfence protect against:
    Unauthenticated Blind SSRF via DNS Rebinding

    I’m asking because I see this warning in WordPress Admin >> Tools >Status

    And the warning says there is no known protection.

    Cheers,
    Julian

    حسین قاسمی

    (@alomizshop)

    3 years, 1 month ago

    wfjoshc

    (@wfjoshc)

    3 years, 1 month ago

    Hi there,

    Thanks for letting me know!

    You should be good to keep the initialization where it is currently.

    At this time, Wordfence does not protect against this type of vulnerability

    However, it’s recommended to block xmlrpc.php at the web server level, if not in use to prevent this from being exploited.

    I hope this helps!

    Best,

    Joshua

    Thread Starter born2excite

    (@born2excite)

    3 years, 1 month ago

    Hey Joshua @wfjoshc,

    Thanks for your help, I appreciate your time and effort.

    I run Jetpack on my site so I need to keep xmlrpc.php running.

    All the best,
    Julian

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘auto_prepend_file’ is closed to new replies.