To further optimize the Astra Website Protection installation on your server, the PHP variable auto_prepend_file value has to be configured. This ensures that the protection is extended to application files outside the CMS as-well.

Depending on the server configuration the auto_prepend_file variable can be configured in one of the following files:

How to add auto_prepend_file on your server

Step 1 - Find the path to the autoload.php file

Open the File Manger in your Hosting Panel, or connect to the server via SSH or (s)FTP
Navigate to the path of your website files, and locate the Astra autoload.php file as per the table below

CMSFile Path (relative to site root)
PHP Applicationgetastra-premium/autoload.php
Magento 2getastra-premium/autoload.php
Magento 1getastra-premium/autoload.php
OpenCart 3catalog/controller/extension/astra/autoload.php
OpenCart 2catalog/controller/extension/astra/autoload.php
OpenCart 1getastra-premium/autoload.php

Get the full (absolute) path of the file. For eg: /home/example/public_html/getastra-premium/autoload.php

Keep this path handy as we'll be using it in the next step

Step 2 - Set the auto_prepend_file variable & verify it

Let's start by adding the variable in the .htaccess file as shown below, AFTER updating the path to the autoload.php file as identified in the earlier step
php_value auto_prepend_file /path/to/getastra-premium/autoload.php

Create a phpinfo file to check the PHP variables
Open the phpinfo page, and search for the string auto_prepend_file in it

If the variable is not set on adding the code to the .htaccess, let us try to set it in the .user.ini and/or the php.ini file as show below (same code snippet):
auto_prepend_file = /path/to/getastra-premium/autoload.php;
If you’re using an Nginx server, the above methods may not work. Instead, you can modify the nginx.conf file as shown below:
location ~ \.php$ {
        fastcgi_param  PHP_VALUE   "auto_prepend_file=/path/to/getastra-premium/autoload.php";

Depending on your server configuration, you may have to restart Apache/Nginx/LiteSpeed for the changes to take effect

How to remove auto_prepend_file on your server

Open the File Manger in your Hosting Panel, or connect to it via SSH or (s)FTP
Create a phpinfo page on your server
Search for the string auto_prepend_file in the phpinfo page contents

If the value in this field is empty, or does not have a path which contains getastra-premium/autoload.php then it means that Astra Website Protection is not installed on your site and you can skip the following steps
[Important] Now we need to remove the auto_prepend_file configuration, before deleting the getastra-premium folder
The auto_prepend_file configuration can be present in any one or many of the following files. Please make a copy of the file before removing the auto_prepend_file value. The actual path to the autoload.php file will vary server to server.

FileCode Snippet to RemoveNotes
.htaccessphp_value auto_prepend_file /var/www/html/getastra-premium/autoload.phpComment it out by changing php_value to #php_value
.user.iniauto_prepend_file = /var/www/html/getastra-premium/autoload.phpComment it out by changing auto_prepend_file to ;auto_prepend_file
php.iniauto_prepend_file = /var/www/html/getastra-premium/autoload.phpComment it out by changing auto_prepend_file to ;auto_prepend_file

After you've removed the code, or commented it out - refresh the phpinfo page and check the auto_prepend_file value. You may have to restart your Apache/Nginx for the changes to take effect.
Once the value becomes empty in the phpinfo file it means that the variable is unset
Was this article helpful?
Thank you!