Problem with file user.ini | WordPress.org

Resolved Eli
(@realact)

1 year ago
Hi,

We have a WordFence installation, and we have this user.ini created, which has the below content:

; Wordfence WAF ; auto_prepend_file = ‘/xxx/yyy/zzz/wordfence-waf.php’ ; END Wordfence WAF

This file was created by WordFence itself

The problem is, when doing the scan, it is being returned by WordFence as a critical issue, which says:
- Publicly accessible config, backup, or log file found: .user.ini
  - Type: Publicly Accessible Config/Backup/Log
How can a WordFence file be detected as an issue? When I try to use the option “Hide File” on the scan results, it says the following:

You are using an Nginx web server and using a FastCGI processor like PHP5-FPM. You will need to manually delete or hide those files.

How can I fix this then?

Thanks in advance.

Viewing 1 replies (of 1 total)

Plugin Support wfpeter
(@wfpeter)

1 year ago

Hi @realact,

It’s not a Wordfence file, Wordfence puts contents in the .user.ini file if your server’s configuration uses it for our firewall’s Extended Protection rather than .htaccess. You’re just being warned that it’s publicly visible if somebody were to try it in a browser as you or your host hasn’t yet configured it to be hidden.

If you’re unable to use the “HIDE FILE” option offered to you in the scan results, which adds some code to make sure it isn’t visible or downloadable, we have some instructions here that includes NGINX: https://www.wordfence.com/help/scan/scan-results/#public-logs

Thanks,
Peter.

Viewing 1 replies (of 1 total)

The topic ‘Problem with file user.ini’ is closed to new replies.

1 reply
2 participants
Last reply from: wfpeter
Last activity: 1 year ago
Status: resolved