Hi @davidproject123, thanks for getting in touch!
If you check our documentation for optimizing the firewall and the NGINX-specific instructions for hiding your .user.ini that should be the only custom setup required on this platform under normal circumstances: https://www.wordfence.com/help/firewall/optimizing-the-firewall/#hide-userini-nginx
Wordfence includes robust XSS protection in our free and Premium versions which will prevent exploitation of these vulnerabilities. However, if you are trying something custom-built that you feel shouldn’t have bypassed our checks you could let us know and one of our threat intelligence team could take a look into it.
Could you check (tick) the box at Wordfence > Debugging Options > Enable Debugging Mode, run a scan, and send us the scan log to wftest @ wordfence . com? If you can email a copy of your modified files to that address too, that may help us out. Please reference your forum username in the subject line to help us find it.
Thanks,
Peter.
previously i had apache now i have nginx do i have to reconfigure the waf full protection?
hello i have nginx what configuration do you recommend me to consume less system resources i have 2gb ram and it consumes all of it help me
Hi @davidproject123,
I haven’t received a site diagnostic or scan log containing your username “davidproject123” to our address above so I can’t see the specific error, however you could try:
- Stop the existing scan if it is still running (The “Start New Scan” button turns in to a “Stop” button while the scan is running).
- Go to your Wordfence > Scan > Manage Scan and locate the “Performance Options” section. Set “Maximum execution time for each scan stage” to 20.
- Click to “Save Changes”.
You could also set max_execution_time = 60 in php.ini, Wordfence’s scan only attempts to use half of this value by default.
Your WP_MEMORY_LIMIT should be set to 128M or 256M in wp-config.php. WooCommerce (as a common example) recommend 64M minimum, so if you have many hits on the site at once especially during a scan, a lower limit could be reached fairly easily. Your PHP memory_limit value should be set to 128M or 256M also to accommodate this change otherwise there won’t be enough room for WordPress to use the higher value it is requesting.
Thanks,
Peter.
