Wordfence Integration with PHP-FPM inside RunCloud

Wordfence with PHP-FPM

Wordfence is one of the godsend plugins out there for WordPress security. It has been used by many WordPress sites because it works as advertised and a very popular security plugin out there for WordPress.

Since PHP can be run from multiple ways, it is hard for Wordfence to do this the automated way. Yes, they do tackle multiple ways of installation, but if you are running PHP-FPM (like RunCloud does) you need to add something to your config to make Wordfence work with your WordPress installation.

Web Application

For this tutorial, I will be using wordfence.runcloud.io as my Wordfence test site. I will not be going through Wordpress installation, but this is my Web Application info.

Configuring Wordfence

After you have successfully installed Wordfence plugin, you will be greeted with this message. Click “click here to configure” button to configure Wordfence.

At the bottom of the configure page (Alternate method), you will see a message to add the configuration to your php-fpm setting.

For my site, I need to add this line inside my php.ini:

auto_prepend_file = '/home/runcloud/webapps/wordfence/wordfence-waf.php'

Just leave it there, we are not going to add it inside our php.ini. But that is what we are going to use inside our php-fpm configuration.

Based on the Web Application summary that you can see above, our Web Application name is “wordfence”. What we are going to do is to locate extra php-fpm config for this Web Application. The extra configuration file will be /etc/php-extra/wordfence.conf. The config name is easy. If your Web Application name is “mywordpress”, the extra php-fpm config file will be /etc/php-extra/mywordpress.conf. If you didn’t have this file, just go to your Web Application section inside RunCloud Panel and click rebuild button to get your fpm extra configuration file.

Now open the /etc/php-extra/wordfence.conf with your preferred editor. You may use Vim, Nano or Pico, but my favorite is Nano. Once you are in there, just put the value like the line below

php_admin_value[auto_prepend_file] = /home/runcloud/webapps/wordfence/wordfence-waf.php

Don’t copy mine. Use your own value for php_admin_value[auto_prepend_file]. It should be same as what Wordfence had suggested earlier.

If your server is configured to run on OpenLiteSpeed – you’ll need to add the following code snippet to your configuration by navigating to your web application and the LiteSPeed Config tab in your RunCloud Dashboard:

phpIniOverride {
   php_admin_value auto_prepend_file "/home/yourwebappuser/webapps/yourwebappname/wordfence-waf.php"

Once you have added that, reload your php.

systemctl reload php71rc-fpm

Depending on which php version you are using (refer to the Web Application summary), reload that php version. If you are not sure what you are doing, refer to our PHP Cheat Sheet documentation. Once you have done that, your Wordfence will start to do its job. Now you may tweak your Wordfence config for your personalized settings.

Categories: Tutorials, WordPress

Simplifying Server Management

RunCloud is a cloud server management tool that allows you to maintain full control of your server and host multiple WordPress, WooCommerce, Laravel, and PHP applications with fast and easy configuration.

Start Your Free Trial

5 days free trial no credit card required cancel anytime

20 thoughts on “Wordfence Integration with PHP-FPM inside RunCloud

  1. Hi guys,
    thank you for the instructions, we’re using the Hybrid setup with Apache in front and NGINX behind – following your tutorial results in a HTTP Error 500.
    Do the exact steps in the tutorial also apply to the hybrid version?
    Thank you!

  2. Thanks for adding this for Wordfence. A business that actually delivers solutions and not empty promises. Brilliant!

  3. The last part was a bit confusing, didn’t know exactly what to replace. This worked:

    php_admin_value[auto_prepend_file = ‘/home/runcloud/webapps/MYWEBSITE/wordfence-waf.php’] = /home/runcloud/webapps/wordfence/wordfence-waf.php

    reloaded php and things seem to work fine.
    I agree that newbies such as myself could benefit from video tutorials.


      1. Well, I did follow the above tutorial but maybe I didn’t understood it correctly. Just wanted to be sure, that’s all.

  4. The instructions could be a little clearer.
    You should use this format:
    php_admin_value[auto_prepend_file] = ‘/home/runcloud/webapps/mywebapp/wordfence-waf.php’

    It will whitescreen your site if you don’t include single quotes

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.