Hey @11whyohwhy15,
This file should be blocked from viewing in your htaccess file, and there should be a link to fix the issue in the notice to fix it. Are you able to share the contents of your htaccess file?
Thanks,
Gerroald
Hi,
There is no link to fix just hide/ignore/details
In details it just gives options to delete/mark as fixed
I then have 3 x htaccess files in my public_html folder:
.htaccess
.htaccess-
.htaccess-off
In .htaccess – I have ifmodule rewrite
In .htaccess- I have the ifmodule rewrite &
# Wordfence WAF
<Files “.user.ini”>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
In .htaccess-off I have all of the above plus cache, hotlinking, ifmodule & deflate etc.
Thanks
Hey @11whyohwhy15,
This looks correct. What type of server environment are you using?
Can you send me a Diagnostics report so I can get a better overview of your environment? Please navigate to Wordfence > Tools > Diagnostics. Here you can select SEND REPORT BY EMAIL. Please include your ww.wp.xz.cn username and update this thread after you’ve sent it.
Thanks,
Gerroald
Hey @11whyohwhy15,
One more thought to rule out a false positive. Are you able to access the file in a browser following the YourSite/wordfence-waf.php path?
Thanks,
Gerroald
okay I have fixed the problem it seems my .htaccess that was live didn’t have the waf details in it so I reconfigured it then did a new scan and the critical warning has disappeared.
Thanks
