Wordfence installs a "wordfence-waf.php" script into /web/wp/wordfence-waf.php but that directory is rebuilt when Composer updates WordPress. If ".user.ini" has been told to autoload that script it will break the website.
We need to include our own copy of wordfence-waf.php in a safe location so it does not go missing. We'll do that in nebula-tools to ensure the file can rolled out to existing websites via a package update, and that way it can also be updated in the future is necessary.
Wordfence installs a "wordfence-waf.php" script into
/web/wp/wordfence-waf.php
but that directory is rebuilt when Composer updates WordPress. If ".user.ini" has been told to autoload that script it will break the website.We need to include our own copy of wordfence-waf.php in a safe location so it does not go missing. We'll do that in nebula-tools to ensure the file can rolled out to existing websites via a package update, and that way it can also be updated in the future is necessary.