With allow_url_fopen directive enabled, anyone can write scripts to open remote files as if they are local files.
To enable allow_url_fopen use any text editor like notepad or Notepad++ and edit the php.ini file as below:
allow_url_fopen = on
In wordpress, if error log shows: “PHP Warning: fopen(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in ../wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/http.php on line 410” it means you need to enable allow_url_fopen in php.ini.
To disable allow_url_fopen edit as:
allow_url_fopen = off
Having it enabled it’s a security risk if server has exploits in scripts already. To be sure, if your site runs without issues, you can leave it disabled.