Wordfence is a popular security plugin for WordPress and one which Conetix uses and recommends as well. As part of the way it ensures files are scanned and secured for Plesk (and similar) based hosting environments, a hidden .user.ini file is created which ensures Wordfence is loaded before the core of WordPress (for security).

When creating a clone of the site (eg live site to staging or staging to production), the WordPress Toolkit is unaware of this custom file and therefore doesn’t update the contained information. In order to ensure both your website and Wordfence works as expected, this file needs to be manually edited.


  1. Use the Plesk One Click login to select the hosting environment for your website.
  2. Within the File Manager for your website, locate and edit the .user.ini file. It should look something like the following:
    ; Wordfence WAF
    autoprependfile = '/var/www/vhosts/<yourdomainname>/httpdocs/wordfence-waf.php'
    ; END Wordfence WAF
  3. Update the file path to correct location. For example, if you’ve created a staging site then this URL may be /var/www/vhosts/<yourdomainname>/staging.<yourdomainname>/wordfence-waf.php
  4. Load the website and ensure you’re able to login to the WordPress admin area as well.

Sometimes you may see a 500 error due to this file weeks or months later, which will show up as:
cloning a wordpress site with wordfence
This can be due to the file working while it was pointed at the staging copy of your site and the staging copy deleted. The steps above are therefore required to correct the issue.

Was this article helpful?

Related Articles