I have approx 13 separate sites/domains installed on a single Bluehost shared hosting plan. I've been trying to make sure each installation is identical, including when I installed Wordfence and set the options within it.
I also have each Wordpress installation in its own subdirectory ("/blog"), with the "index.php" moved to the root level for each domain - per the official instructions on how to do this on Wordpress's own site.
Lastly, I have Cloudflare enabled on all of these domains/sites.
When I started looking at the .htaccess files at the root level for each domain, I noticed they weren't all the same. Some are very minimal as if the caching stuff from Wordfence didn't get put into them, while others are more verbose with a bunch of additional lines of code which look to be from Wordfence.
I am now trying to uninstall and reinstall Wordfence from the sites with the missing .htaccess markup, but I would like to know what could have caused this? Should Cloudflare be disabled when installing and configuring Wordfence?
Also, because of my particular setup with my Wordpress "index.php" file being at the root level of each domain, and the rest of the files being in a subfolder called "blog", is it sufficient to have my .htaccess file at the root level, or do I need to duplicate it in the "/blog" folder as well? Or should it only be in the "/blog" folder and not at the root level?