HELP! Wordfence keeps changing PHP version in .htaccess file

  • Resolved Imageblu3t0rtuga

    (@blu3t0rtuga)


    4 months ago

    A few weeks ago, I got a PHP Update recommendation on a site that PHP 7.4.33 was no longer receiving updates and and needs updated. I updated it to 8.2 in the host. The notice went away. A week later, it was back. I asked our host’s tech support, and they sent me a screenshot that Wordfence was overwriting the PHP version in the .htaccess file. Specifically:

    # Wordfence WAF
    #<files "php.ini">
    #<IfModule mod_authz_core.c>
    # Require all denied
    #</IfModule>
    #<IfModule !mod_authz_core.c>
    # Order deny,allow
    #Deny from all
    #</IfModule>
    #</files>

    They removed the code and updated the PHP back to 8.2. Both times, Wordfence showed this in the PHP Environment Settings:

    PHP version>+ PHP 7.0.0 (WordPress Requirements) Version: ✔ 8.2.28

    They said if it happened again, I would need to contact Wordfence. It has happened again.

    Why is this happening and how do I resolve this?

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Imagepineapplepalm

    (@pineapplepalm)

    4 months ago

    Hi i dont have a dog in this race but something similar happened to us. What might help is ask your host to ensure your PHP version is in your htaccess at the bottom. the very last thing. then save there and refresh PHP FML if it drops there its a host issue not wordfence issue. Once you are sure it saved and your php has been restarted, and it remains in your htaccess. run a WF scan and then check your htaccess again after. Good luck. (I wont see replies as mentioned i dont have a dog in this just spotted your question before I write my own)

    Plugin Support Imagewfpeter

    (@wfpeter)

    4 months ago

    Hi @blu3t0rtuga, thanks for getting in touch.

    The example above is Wordfence’s code added to .htaccess when there’s a publicly visible file found during a scan. In this case, it’s detected a php.ini that somebody could be able to see if the correct path was typed into their browser. The code protects you from anybody being able to do that. The Wordfence plugin itself cannot change your PHP version at all.

    The “PHP version>+ PHP 7.0.0 (WordPress Requirements) Version: ✔ 8.2.28” text is showing your site correctly has a version greater than the minimum requirement of PHP 7.0.0, confirming 8.2.28 is running.

    Thanks,
    Peter.

    Thread Starter Imageblu3t0rtuga

    (@blu3t0rtuga)

    4 months ago

    I sent both of your messages to our host and they dug deeper. They believe they have it sorted. I appreciate the insight and help!

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Tags