Title: Hardcoded absolute path Last modified: November 21, 2017 --- # Hardcoded absolute path * [123lb](https://wordpress.org/support/users/123lb/) * (@123lb) * [8 years, 6 months ago](https://wordpress.org/support/topic/hardcoded-absolute-path/) * Hi, * We’re evaluating Wordfence to become premium user, however there is one issue that concern us. * Our deployment model allows us to have partition style multiple paths to WordPress where at any given time only one PATH is active (live) We deploy new code in another path, and then can switch to it with minimal downtime. * As we took a closer look at Wordfence, we realized that there are some hard-coded absoulte paths in some of files / configurations of Wordfence which would pose problems to our deployment. * For example: The following was added to .user.ini * ``` ; Wordfence WAF auto_prepend_file = '/partition1/public/wordfence-waf.php' ; END Wordfence WAF ``` * Then there’s of course * ``` auto_prepend_file does not point to this. if (file_exists('/partition1/public/wp-content/plugins/wordfence/waf/bootstrap.php')) { define("WFWAF_LOG_PATH", '/partition1/public/wp-content/wflogs/'); include_once '/partition1/public/wp-content/plugins/wordfence/waf/bootstrap.php'; } ``` * Also **wp-content/wflogs/config.php** seems to have references to this path as well in some encoded form. * Any way to have the paths replaced with relative path and not be hardcoded to absolute paths which would break when we switch to partition2 or other. * Thanks - This topic was modified 8 years, 6 months ago by [123lb](https://wordpress.org/support/users/123lb/). Viewing 5 replies - 1 through 5 (of 5 total) * [wfalaa](https://wordpress.org/support/users/wfalaa/) * (@wfalaa) * [8 years, 6 months ago](https://wordpress.org/support/topic/hardcoded-absolute-path/#post-9711887) * Hi, I know it’s quite impossible to use relative paths in .htaccess/.user.ini files and make it working as it should on all different server environments out there. * Regarding the paths in “wordfence-waf.php” file, we have a ticket opened (internal reference number: #FB6182) that should address this issue, but I’m not sure if it will make it to a new version or not, besides its ETA since some features might need further investigation and testing before implementing them in the plugin. * For now, you might consider disabling the firewall during deployment then [configure](https://docs.wordfence.com/en/Web_Application_Firewall_Setup) it later on the live version of your website. * Thanks. * Thread Starter [123lb](https://wordpress.org/support/users/123lb/) * (@123lb) * [8 years, 6 months ago](https://wordpress.org/support/topic/hardcoded-absolute-path/#post-9719485) * Thanks [@wfalaa](https://wordpress.org/support/users/wfalaa/) for the information, much appreciated. * > For now, you might consider disabling the firewall during deployment then configure > it later on the live version of your website. * Can the configuration be automated? or does that have to be manual? If manual only then it would be an issue. * Would disabling the firewall get rid of those entries? Even the one in **wp- content/wflogs/config.php**? * It would be easy to script updating **.user.ini** and **wordfence-waf.php** contents, I’m not too sure about **wp-content/wflogs/config.php**. * Lastly are there any hard-coded absolute paths stored in the DB? * Thanks * [wfalaa](https://wordpress.org/support/users/wfalaa/) * (@wfalaa) * [8 years, 4 months ago](https://wordpress.org/support/topic/hardcoded-absolute-path/#post-9891562) * Hi [@123lb](https://wordpress.org/support/users/123lb/) Sorry for replying here too late, I was going through all threads replied by me and I noticed I missed this one by mistake, I apologize for that. * – After checking the [web application firewall constants](https://docs.wordfence.com/en/Wordfence_constants_for_advanced_configuration#Web_Application_Firewall_.28WAF.29) we have, I think you might find the constant `define('WFWAF_ENABLED', false);` helpful in your case as you showed interest in writing custom scripts that would handle that for you! * – Yes, first I recommend clicking on “[Remove Extended Protection](https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#How_can_I_remove_the_firewall_setup_manually.3F)” button at the bottom of the Firewall page, then you can disable the firewall to minimize the read/write rate from/to the configuration files at “wflogs” directory. * – No, the plugin doesn’t save hard-coded paths in the database. * Thanks. * [bretweinraub](https://wordpress.org/support/users/bretweinraub/) * (@bretweinraub) * [8 years, 4 months ago](https://wordpress.org/support/topic/hardcoded-absolute-path/#post-9917969) * I hit this bug today. * [danicholls](https://wordpress.org/support/users/danicholls/) * (@danicholls) * [7 years, 11 months ago](https://wordpress.org/support/topic/hardcoded-absolute-path/#post-10489292) * Same here. Is there any movement on the internal ticket? Will using __DIR__ cause problems? Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Hardcoded absolute path’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 5 replies * 4 participants * Last reply from: [danicholls](https://wordpress.org/support/users/danicholls/) * Last activity: [7 years, 11 months ago](https://wordpress.org/support/topic/hardcoded-absolute-path/#post-10489292) * Status: not resolved