With allow_url_fopen directive enabled, anyone can write scripts to open remote files as if they are local files.

To enable allow_url_fopen use any text editor like notepad or Notepad++ and edit the php.ini file as below:

allow_url_fopen = on

In wordpress, if error log shows: “PHP Warning: fopen(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in ../wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/http.php on line 410” it means you need to enable allow_url_fopen in php.ini.

To disable allow_url_fopen edit as:

allow_url_fopen = off

Having it enabled it’s a security risk if server has exploits in scripts already. To be sure, if your site runs without issues, you can leave it disabled.