How We Prevent WordFence Fatal Error After Migration

Why WordFence Throws a Fatal Error After Migration

Creating a staging site on another server or moving your entire website to another domain sometimes leads to a fatal error, and your migrated website does not work. This can happen if the WordFence plugin is installed and its Web Application Firewall (WAF wordfence-waf.php) has been activated.

The reason for this fatal error is that on activating the WordFence firewall, WordFence generates a .user.ini file at the root of your WordPress installation, and this ini file contains the absolute path to the PHP file wordfence-waf.php.

After cloning into a staging site or migrating your website to another host, the .user.ini still contains a link to the absolute path of the original web site’s wordfence-waf.php.

If the path to that file changes or the file is unavailable on the original website, WordFence will throw a fatal error, and your WordPress website will fail to load.

To avoid this error, newer versions of WP STAGING rename the .user.ini to .user.ini.bak on all cloned websites.

Due to the renaming of the user.ini, the WordFence application firewall no longer works correctly on the staging site. This is usually no problem. You can even push the staging site to live, and the firewall setting on the live site will not be affected.

How to Activate WordFence Web Application Firewall on the Staging Site

  1. Edit the file user.ini.bak and change the path to wordfence-waf.php according to the absolute root path of your website.
  2. Rename the file user.ini.bak to user.ini

What is WordFence?

Wordfence is a security plugin for WordPress websites. It provides a range of security features to help protect your website from various online threats, such as hacking attempts, malware, and other malicious attacks.

Some of the key features of Wordfence include:

  • Firewall protection: Wordfence includes a web application firewall (WAF) that helps block malicious traffic from reaching your website
  • Malware scanner: The plugin can scan your website for malware and other security threats and can alert you if it finds any issues
  • Login security: Wordfence can help you enforce stronger password requirements, limit login attempts, and add two-factor authentication to your login process.
  • Two-factor authentication: You can also add two-factor authentication to your login process, which requires users to provide a second form of identification in addition to their password.
  • Blocklist monitoring: Wordfence monitors several blocklists to ensure that search engines or other online services do not blacklist your website.

Overall, Wordfence is a powerful security plugin that can help you protect your website from various online threats.


Updated on February 20, 2023