This article is written in particular reference to Wordfence (a Wordpress security plugin), but the same principle applies for any requirement to add an auto_prepend_file.
In order to enable Extended Protection in the Wordfence firewall it is necessary to set the auto_prepend_file php option. Whilst Wordfence attempts to do this automatically you will need to perform these additional steps to complete the process.
1. In Wordpress, within Wordfence >> Firewall, click the blue 'Optimise the Wordfnce Firewall' button and copy the full path to the wordfence.waf file - it'll be between single quotes and look something like '/home/example/public_html/wordfence-waf.php'
2. Login to cPanel for the domain
3. Click 'Select PHP Version' from the Software section
4. Click 'Switch to PHP Options' at the top right
5. Locate the auto_prepend_file option and click to the right; by default this will say 'None', delete this and paste the path required here. It should look like the image below, but with the full path to your file.
6. Click 'Apply' and then click 'Save' at the bottom.
7. Return to Wordpress and refresh the Wordfence firewall page - it should now show 'Extended Protection'
