MySQLi storage engine

In Wordfence 7.4.0, an alternate data storage engine has been added to the firewall, so that sites can store firewall data in the MySQL database instead of using files in "wp-content/wflogs/".

We only recommend using this option if your site is unable to read and write to the firewall files consistently, or if your host uses multiple web servers that do not share the same filesystem, since better performance and efficient resource usage are likely when using the default file-based storage on most hosts. Some examples where using the MySQLi storage engine may be useful include:

  • Multiple web servers behind a load balancer, without a shared filesystem
  • Servers where some paths are not always writable, including “wp-content/wflogs/”
  • Servers where file locking is not enforced on NFS filesystems
  • Auto-scaling servers without a shared filesystem

This change is automatic on hosting at the hosting provider “WP Engine” since the file-based method is not compatible with their configuration.

On other hosts, you will need to add this to your “wordfence-waf.php” file:

define('WFWAF_STORAGE_ENGINE', 'mysqli');

If you have not optimized the firewall, you could add the line to the WordPress “wp-config.php” file as described on our constants help page instead. A number of other constants are also explained, in case Wordfence cannot connect to your database automatically using the WordPress “wp-config.php” file, or if you need to change MySQL’s SSL/TLS settings.

For example, in the “wordfence-waf.php” file, the line should be added after the opening PHP tag, but before any other code:

<?php
// Before removing this file, please verify the PHP ini setting `auto_prepend_file` does not point to this.
define('WFWAF_STORAGE_ENGINE', 'mysqli');

if (file_exists(__DIR__ . '/wp-content/plugins/wordfence/waf/bootstrap.php')) {
define("WFWAF_LOG_PATH", __DIR__ . '/wp-content/wflogs/');
include_once __DIR__ . '/wp-content/plugins/wordfence/waf/bootstrap.php';
}

If either your “wordfence-waf.php” file or “wp-content” directory is not in the site’s document root directory, you may need to adjust the path to “wp-content” used in this example.

After this change is made, the firewall will start with fresh settings. You may need to switch from “Learning Mode” mode to “Enabled and Protecting” mode on the “Firewall Options” page if you want to skip Learning Mode. Otherwise, Learning Mode will run for one week as it does in a new installation.

You can also revert back to the file-based firewall data storage engine as follows.

You will need to remove the Wordfence “wflogs” directory located below:

~/wp-content/wflogs

Then you will need to remove the constant that was added to switch to the MySQLi firewall data storage engine.

Loading any page on your site will automatically create a new Wordfence “wflogs” directory. After these changes are made, the firewall will start with fresh settings. You may need to switch from “Learning Mode” mode to “Enabled and Protecting” mode on the “Firewall Options” page if you want to skip Learning Mode. Otherwise, Learning Mode will run for one week as it does in a new installation.

Using WP-CLI with the MySQLi storage engine

Using WP-CLI with the MySQLi storage engine can potentially cause the generation of PHP Warning errors. To prevent this you can add this line of code to your WordPress “wp-config.php” configuration file:

if( ! defined('WFWAF_STORAGE_ENGINE')) { define('WFWAF_STORAGE_ENGINE', 'mysqli'); }

Our line of code must be added above either one of the two comment lines listed below (based on the version of WordPress you have installed):

/* That's all, stop editing! Happy blogging. */

/* Custom Values must appear above this line. That's all, stop editing! Happy publishing. */

If you are hosted at WP Engine then they are known to use this custom comment line listed below and our line of code must be added above it:

# That's It. Pencils down