How to resolve issues with the Wordfence Web Application Firewall.
Problems reading Wordfence Firewall config data
The Wordfence Firewall stores some of it’s information in the file system. The files are located in wp-content/wflogs. If there are issues with file writing or disk space on the server, the configuration file config.php could become corrupt. If this happens, you will receive an administrative notice on all Wordfence pages, prompting you to rebuild the configuration file automatically. If restoration completes successfully, no further action is required on your part. Your Firewall is now in perfect shape again.
Firewall Optimization Troubleshooting
If you are experiencing issues during Firewall Optimization, please see our documentation on Firewall Optimization Troubleshooting.
Frequently Asked Questions
- ‘How does Wordfence get IPs’ setting is misconfigured
When Wordfence detects that your site is behind a “reverse proxy”, you may need to adjust the option How does Wordfence get IPs on the Dashboard > Global Options page in the “General Wordfence Options” section, or by clicking the link in the admin notice that warns you about the issue. This includes the following message, followed by a recommendation:
Your 'How does Wordfence get IPs' setting is misconfigured
Solution: You can click the link in the message to apply the recommended setting, or you can adjust the setting manually.
If you do not want this scan to run, this can be disabled on the options page at Scan for misconfigured How does Wordfence get IPs. Wordfence also runs this check upon activation, to ensure that your settings are correct.
For advanced users, there are two constants that can be set to control this feature. (See Wordfence constants for advanced configuration: WORDFENCE_DISABLE_MISCONFIGURED_HOWGETIPS and WORDFENCE_CHECKHOWGETIPS_TIMEOUT.)
If you have dismissed the admin notice about this option being misconfigured, it can reappear when a new version of Wordfence is installed, to be sure you are aware of the issue. If you do not want the admin notice to reappear, you can use the constant above to disable the notice permanently.
- What does “The changes have not yet taken effect” mean?
If you get this message after Optimizing the Firewall, first check your PHP version on the Diagnostics tab on the Tools page, on the Wordfence menu. PHP 5.2 cannot load the .user.ini required for automated setup on CGI/FastCGI configurations. Some hosts let you choose a newer PHP version in your control panel. For other hosts, you may have to submit a support request to the host.
In most cases, this means that your host caches certain PHP settings files. If you see this message for more than 5 minutes or continue to see the setup button at the top of your admin pages more than 5 minutes after completing the setup process, see the “Optimizing the Firewall” page.
- What is Firewall Read-Only mode?
In rare cases, a logged-in admin may see a notice saying: “The Wordfence Web Application Firewall is in read-only mode. PHP is currently running as a command line user and to avoid file permission issues, the WAF is running in read-only mode. It will automatically resume normal operation when run normally by a web server.”
Read-only mode means that the firewall will not write its config file or other files, mainly to avoid issues with file permissions or other issues when PHP is not being run via the web server.
This notice should only appear when PHP is being run from the command line, and it should not appear when you are logged in as an admin on a site with a normal PHP installation. If you see this notice during normal use of your site, you can set the constant WFWAF_ALWAYS_ALLOW_FILE_WRITING in wp-config.php as a temporary fix. See Wordfence constants for advanced configuration. Please also notify us so we can determine how your server has been set up.