How to optimize Astra Website Protection Installation
To further optimize the Astra Website Protection installation on your server, the PHP variable auto_prepend_file value has to be configured. This ensures that the protection is extended to application files outside the CMS as-well.
Depending on the server configuration the auto_prepend_file variable can be configured in one of the following files:
.htaccess
.user.ini
php.ini
nginx.conf
Open the File Manger in your Hosting Panel, or connect to the server via SSH or (s)FTP
Navigate to the path of your website files, and locate the Astra autoload.php file as per the table below
Get the full (absolute) path of the file. For eg: /home/example/public_html/getastra-premium/autoload.php
Keep this path handy as we'll be using it in the next step
Let's start by adding the variable in the .htaccess file as shown below, AFTER updating the path to the autoload.php file as identified in the earlier step
php_value auto_prepend_file /path/to/getastra-premium/autoload.php
Create a phpinfo file to check the PHP variables
Open the phpinfo page, and search for the string auto_prepend_file in it
If the variable is not set on adding the code to the .htaccess, let us try to set it in the .user.ini and/or the php.ini file as show below (same code snippet):
auto_prepend_file = /path/to/getastra-premium/autoload.php;
If you’re using an Nginx server, the above methods may not work. Instead, you can modify the nginx.conf file as shown below:
Depending on your server configuration, you may have to restart Apache/Nginx/LiteSpeed for the changes to take effect
Open the File Manger in your Hosting Panel, or connect to it via SSH or (s)FTP
Create a phpinfo page on your server
Search for the string auto_prepend_file in the phpinfo page contents
If the value in this field is empty, or does not have a path which contains getastra-premium/autoload.php then it means that Astra Website Protection is not installed on your site and you can skip the following steps
[Important] Now we need to remove the auto_prepend_file configuration, before deleting the getastra-premium folder
The auto_prepend_file configuration can be present in any one or many of the following files. Please make a copy of the file before removing the auto_prepend_file value. The actual path to the autoload.php file will vary server to server.
After you've removed the code, or commented it out - refresh the phpinfo page and check the auto_prepend_file value. You may have to restart your Apache/Nginx for the changes to take effect.
Once the value becomes empty in the phpinfo file it means that the variable is unset
Depending on the server configuration the auto_prepend_file variable can be configured in one of the following files:
.htaccess
.user.ini
php.ini
nginx.conf
How to add auto_prepend_file on your server
Step 1 - Find the path to the autoload.php file
Open the File Manger in your Hosting Panel, or connect to the server via SSH or (s)FTP
Navigate to the path of your website files, and locate the Astra autoload.php file as per the table below
| CMS | File Path (relative to site root) |
|---|---|
| PHP Application | getastra-premium/autoload.php |
| WordPress | wp-content/plugins/getastra-premium/autoload.php |
| Magento 2 | getastra-premium/autoload.php |
| Magento 1 | getastra-premium/autoload.php |
| OpenCart 3 | catalog/controller/extension/astra/autoload.php |
| OpenCart 2 | catalog/controller/extension/astra/autoload.php |
| OpenCart 1 | getastra-premium/autoload.php |
| Prestashop | getastra-premium/autoload.php |
| Drupal | getastra-premium/autoload.php |
Get the full (absolute) path of the file. For eg: /home/example/public_html/getastra-premium/autoload.php
Keep this path handy as we'll be using it in the next step
Step 2 - Set the auto_prepend_file variable & verify it
Let's start by adding the variable in the .htaccess file as shown below, AFTER updating the path to the autoload.php file as identified in the earlier step
php_value auto_prepend_file /path/to/getastra-premium/autoload.php
Create a phpinfo file to check the PHP variables
Open the phpinfo page, and search for the string auto_prepend_file in it
If the variable is not set on adding the code to the .htaccess, let us try to set it in the .user.ini and/or the php.ini file as show below (same code snippet):
auto_prepend_file = /path/to/getastra-premium/autoload.php;
If you’re using an Nginx server, the above methods may not work. Instead, you can modify the nginx.conf file as shown below:
location ~ \.php$ {
fastcgi_param PHP_VALUE "auto_prepend_file=/path/to/getastra-premium/autoload.php";
}Depending on your server configuration, you may have to restart Apache/Nginx/LiteSpeed for the changes to take effect
How to remove auto_prepend_file on your server
Open the File Manger in your Hosting Panel, or connect to it via SSH or (s)FTP
Create a phpinfo page on your server
Search for the string auto_prepend_file in the phpinfo page contents
If the value in this field is empty, or does not have a path which contains getastra-premium/autoload.php then it means that Astra Website Protection is not installed on your site and you can skip the following steps
[Important] Now we need to remove the auto_prepend_file configuration, before deleting the getastra-premium folder
The auto_prepend_file configuration can be present in any one or many of the following files. Please make a copy of the file before removing the auto_prepend_file value. The actual path to the autoload.php file will vary server to server.
| File | Code Snippet to Remove | Notes |
|---|---|---|
| .htaccess | php_value auto_prepend_file /var/www/html/getastra-premium/autoload.php | Comment it out by changing php_value to #php_value |
| .user.ini | auto_prepend_file = /var/www/html/getastra-premium/autoload.php | Comment it out by changing auto_prepend_file to ;auto_prepend_file |
| php.ini | auto_prepend_file = /var/www/html/getastra-premium/autoload.php | Comment it out by changing auto_prepend_file to ;auto_prepend_file |
After you've removed the code, or commented it out - refresh the phpinfo page and check the auto_prepend_file value. You may have to restart your Apache/Nginx for the changes to take effect.
Once the value becomes empty in the phpinfo file it means that the variable is unset
Updated on: 30/05/2022
Thank you!