Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall » ASCII character block for password field

  • Resolved noplanman



    We’ve had an instance where a user registration has been blocked by rule #2.
    CRITICAL 2 <IP> POST /wp-login.php - ASCII character 0x00 (NULL byte) - [POST:pwd = bla%00bla]

    On closer inspection, the defined password had %00 within it, which is why the block happened.

    I’ve tried to disable the security rule but can’t see #2 in the list.

    How can I disable this check? A password really should allow anything.


    • This topic was modified 4 months, 1 week ago by noplanman.
Viewing 1 replies (of 1 total)
  • Plugin Author nintechnet


    If there’s no corresponding rule, it’s a firewall policy:
    Go to the “NinjaFirewall > Firewall Policies > Advanced Policies” tab, and scroll down to “Various > Block ASCII character 0x00 (NULL byte)”.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.