Replies: 0
Hi,
Wordfence version: 7.5.2 (1616621048)
Wordpress version: 5.7
PHP: 7.4.16
Server: Litespeed (shared hosting)
CDN: Quic.Cloud
So, Wordfence has been running happily for many months with the ‘Use the X-Forwarded-For HTTP header’ option for getting IPs.
Now, I’ve started getting messages saying that this is “misconfigured” and that I should use the ‘Use PHP’s built-in REMOTE_ADDR and don’t use anything else’ option instead.
In addition, I have now just received a message saying ‘Warning: escapeshellcmd() has been disabled for security reasons in /public_html/wp-includes/PHPMailer/PHPMailer.php’
If anyone can shed any light on this it would be much appreciated. Specifically:
1. I use the Quic.Cloud CDN. Therefore, is it appropriate that I continue to use the ‘X-Forwarded’ option.
2. If it is, how do I prevent the error message about misconfiguration?
3. If it isn’t, which option should I use (and why)?
4. What the heck has PHPMailer got to do with anything? And how do I re-enable it (assuming that is the right thing to do)?
Thanks,
Richie