Title: Optimizing WordPress Firewall Last modified: April 21, 2025 --- # Optimizing WordPress Firewall * Resolved [indelg1](https://wordpress.org/support/users/indelg1/) * (@indelg1) * [1 year, 1 month ago](https://wordpress.org/support/topic/optimizing-wordpress-firewall/) * I am trying to optimize the WOrdpress firewall. I am not exactly sure of the procedure but I am trying to step through the process. When I am in WordPress I press the ‘OPTIMIZE WORDPRESS FIREWALL BUTTON’ and I get the following message. * To make your site as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP setting called `auto_prepend_file`, which ensures it runs before any potentially vulnerable code runs. This PHP setting is currently in use, and is including this file:/usr/home/scaiso/public_html/scanner/WP/malcare- waf.php * I am not familiar with the file mentioned above. But that may be ok as many things were installed before I actually started maintaining the site. We have JetPack installed and we use other features from that but not any firewall or security features. For security we use Wordfence. * How should I proceed in optimizing the firewall? * Greg Indelicato * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Foptimizing-wordpress-firewall%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Support [wfphil](https://wordpress.org/support/users/wfphil/) * (@wfphil) * [1 year, 1 month ago](https://wordpress.org/support/topic/optimizing-wordpress-firewall/#post-18427973) * Hi [@indelg1](https://wordpress.org/support/users/indelg1/) * If your site is hosted at Cloudways then you will need to disable the Bot Protection feature below on your hosting account: * [https://www.cloudways.com/blog/announcing-bot-protection/](https://www.cloudways.com/blog/announcing-bot-protection/) * Once it is disabled then you will be able to optimize the firewall in our plugin and it will stay optimized. * Thread Starter [indelg1](https://wordpress.org/support/users/indelg1/) * (@indelg1) * [1 year, 1 month ago](https://wordpress.org/support/topic/optimizing-wordpress-firewall/#post-18428117) * Our site is not hosted by Cloudways. Our host is PAIR Networks. Is there anything else it might be? I would like to optimize the firewall. * Greg * Plugin Support [wfphil](https://wordpress.org/support/users/wfphil/) * (@wfphil) * [1 year, 1 month ago](https://wordpress.org/support/topic/optimizing-wordpress-firewall/#post-18428156) * Hi [@indelg1](https://wordpress.org/support/users/indelg1/) * Thank you for the update. * Please send your Wordfence diagnostics report. * Update to the latest version of Wordfence if you haven’t already done so. * Please send your Wordfence diagnostics report. Go to the top of the “**_Diagnostics_**” tab on the Wordfence “**_Tools_**” page. There will be a “**_SEND REPORT BY EMAIL_**” button to send the diagnostics report. Enter **_wftest [at] wordfence [dot] com_** as the email and **_indelg1_** as the forum username please. Once you have emailed me the diagnostics report can you reply here to let me know that it has been sent. This is important in the unlikely event that your installation of WordPress is having an issue with sending mail. * Thread Starter [indelg1](https://wordpress.org/support/users/indelg1/) * (@indelg1) * [1 year, 1 month ago](https://wordpress.org/support/topic/optimizing-wordpress-firewall/#post-18428271) * I sent the diagnostics report and received the message “Diagnostic report has been sent successfully”. So you should receive it shortly. * Greg Indelicato * Plugin Support [wfphil](https://wordpress.org/support/users/wfphil/) * (@wfphil) * [1 year, 1 month ago](https://wordpress.org/support/topic/optimizing-wordpress-firewall/#post-18432462) * Hi [@indelg1](https://wordpress.org/support/users/indelg1/) * You might be able to optimize the firewall using the **INCLUDE **button. However, if after some time the firewall switches back to** Basic WordPress Protection** then you can ask your hosting provider if they can disable Malcare from permanently using the **auto_prepend_file** PHP directive and you will then be able to optimize the firewall again and it will stay optimized. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Optimizing WordPress Firewall’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 5 replies * 2 participants * Last reply from: [wfphil](https://wordpress.org/support/users/wfphil/) * Last activity: [1 year, 1 month ago](https://wordpress.org/support/topic/optimizing-wordpress-firewall/#post-18432462) * Status: resolved