We have noticed an issue with WordFence and the method in which it uses to deploy its web application firewall(WAF) on servers that do not support custom php.ini like our shared and reseller servers as they use CloudLinux. On top of that, for performance reasons we also run mod_lsapi which requires a special section in your .htaccess to work correctly with WordFence’s WAF.
You will need to modify the .htaccess file located within the root of your WordPress install, the same folder where wp-config.php resides.
Within that .htaccess file you will need to add the following:
php_value auto_prepend_file '/path/to/wordfence-waf.php'
If you are unsure of the exact path, it will show you within the Wordfence Web Application Firewall screen within WordPress, here is an example:
You can see the path towards the bottom, please make sure to change username with your cPanel username.
After adding that section to your .htaccess file, you can click Continue which will complete the setup process.