edjeavons
commented
2 months ago nebula-tools comes with the necessary WAF loader as of version 1.2.0.
Nebula itself now includes a .user.ini.example file that can be used as a basis to load the new script when Wordfence has been installed.
Wordfence installs a "wordfence-waf.php" script into
/web/wp/wordfence-waf.phpbut that directory is rebuilt when Composer updates WordPress. If ".user.ini" has been told to autoload that script it will break the website.We need to include our own copy of wordfence-waf.php in a safe location so it does not go missing. We'll do that in nebula-tools to ensure the file can rolled out to existing websites via a package update, and that way it can also be updated in the future is necessary.