Problem with file user.ini

  • Resolved Eli

    (@realact)


    1 year ago

    Hi,

    We have a WordFence installation, and we have this user.ini created, which has the below content:

    ; Wordfence WAF ;
    auto_prepend_file = ‘/xxx/yyy/zzz/wordfence-waf.php’
    ; END Wordfence WAF

    This file was created by WordFence itself

    The problem is, when doing the scan, it is being returned by WordFence as a critical issue, which says:

    • Publicly accessible config, backup, or log file found: .user.ini
      • Type: Publicly Accessible Config/Backup/Log

    How can a WordFence file be detected as an issue? When I try to use the option “Hide File” on the scan results, it says the following:

    You are using an Nginx web server and using a FastCGI processor like PHP5-FPM. You will need to manually delete or hide those files.

    How can I fix this then?

    Thanks in advance.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    1 year ago

    Hi @realact,

    It’s not a Wordfence file, Wordfence puts contents in the .user.ini file if your server’s configuration uses it for our firewall’s Extended Protection rather than .htaccess. You’re just being warned that it’s publicly visible if somebody were to try it in a browser as you or your host hasn’t yet configured it to be hidden.

    If you’re unable to use the “HIDE FILE” option offered to you in the scan results, which adds some code to make sure it isn’t visible or downloadable, we have some instructions here that includes NGINX: https://www.wordfence.com/help/scan/scan-results/#public-logs

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)

The topic ‘Problem with file user.ini’ is closed to new replies.

  • 1 reply
  • 2 participants
  • Last reply from: wfpeter
  • Last activity: 1 year ago
  • Status: resolved