Hi,
When you get the blank page, can you download the ninjacheck script, upload it to your WP directory, call it from your browser and paste here the output?
Also, you can check your log (Apache access/error logs, PHP error log) and enable ‘WP_DEBUG’ in your wp-config.php file.
I am having the same problem. Nothing seems to show up in the logs.
I uploaded the ninjacheck script as you outlined above, but that also just show a blank screen. When I comment out the auto_prepend_file line from php.ini, everything works again.
Here is the output from the ninjacheck script (with the auto_prepend_file line commented out so it will run at all):
NinjaFirewall (WP edition) troublershooter v1.01
========================== %< ============================
HTTP server: Apache
PHP version: 5.3.10
PHP SAPI: CGI-FCGI
Loaded INI file: /home/mydomain/public_html/php.ini
auto_prepend_file: none
user_ini.filename: .user.ini
user_ini.cache_ttl: 300
user INI: php.ini found
PHPRC: /home/mydomain/public_html/php.ini
DOCUMENT_ROOT: /home/mydomain/public_html
wp-config.php: found
Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent (output started at /home/mydomain/public_html/ninjacheck.php:25) in /home/mydomain/public_html/wp-content/plugins/ninjafirewall/ninjafirewall.php on line 45
ABSPATH: /home/mydomain/public_html/
WP version: 3.8.1
WP_CONTENT_DIR: /home/mydomain/public_html/wp-content
========================== %< ============================
It looks like the issue may come from the session save handler in your PHP configuration.
Can you upload a phpinfo file to your server and paste here the value of
session.save_handler and session.save_path ?
To create a phpinfo file, add the following lines to a file, and save it as phpinfo.php:
<?php
phpinfo();
?>
Here are those two values:
Directive Local Value Master Value
session.save_handler files files
session.save_path /tmp /tmp
Just in case, here are all of the values under “session”:
session
Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
Your session.save_handler is fine.
One strange thing is the reference to line 45 in the error message :
in /home/mydomain/public_html/wp-content/plugins/ninjafirewall/ninjafirewall.php on line 45
The code from lines 37 to 50 (see here) is used if there is a .htninja config file. Are you using this file ?
The version I have (downloaded from here: http://wordpress.org/plugins/ninjafirewall/) has a different line 45:
01 <?php
02 /*
03 Plugin Name: NinjaFirewall (WP edition)
04 Plugin URI: http://NinjaFirewall.com/
05 Description: A true Web Application Firewall.
06 Version: 1.1.8
07 Author: The Ninja Technologies Network
08 Author URI: http://NinTechNet.com/
09 License: GPLv2 or later
10 Network: true
11 */
12
13 /*
14 +---------------------------------------------------------------------+
15 | NinjaFirewall (WordPress edition) |
16 | |
17 | (c)2012-2013 NinTechNet |
18 | <wordpress@nintechnet.com> |
19 +---------------------------------------------------------------------+
20 | http://nintechnet.com/ |
21 +---------------------------------------------------------------------+
22 | REVISION: 2014-03-07 21:00:55 |
23 +---------------------------------------------------------------------+
24 */
25 define( 'NFW_ENGINE_VERSION', '1.1.8' );
26 define( 'NFW_RULES_VERSION', '20140309' );
27 /*
28 +---------------------------------------------------------------------+
29 | This program is free software: you can redistribute it and/or |
30 | modify it under the terms of the GNU General Public License as |
31 | published by the Free Software Foundation, either version 3 of |
32 | the License, or (at your option) any later version. |
33 | |
34 | This program is distributed in the hope that it will be useful, |
35 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
36 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
37 | GNU General Public License for more details. |
38 +---------------------------------------------------------------------+
39 */
40
41 if (! defined( 'ABSPATH' ) ) { die( 'Forbidden' ); }
42
43 add_action('init', 'nfw_sessionstart', 1);
44 function nfw_sessionstart() {
45 if (! session_id() ) { session_start(); }
46 }
47
48 /* ================================================================== */
That is fine, I made a mistake.
Can you check with a phpinfo file if output_buffering is on ?
You can also try to force PHP to ouput all error messages by adding those 2 lines to your php.ini file (do not forget to remove them when you don’t need them anymore):
error_reporting = E_ALL | E_STRICT
display_errors = On
output_buffering has 0 under both columns.
I inserted the error_reporting lines into the local php.ini, but nothing shows up. Still just gives a blank screen. Viewing the source shows no output.
Can you try to enable output_buffering by adding this line to your PHP INI file:
output_buffering = 4096
Then, use the phpinfo file to ensure that PHP is using that new value.
phpinfo() shows the new value. Unfortunately, there is no effect on the output of any php script. All of them end up with a blank page.
Guys,
It was happening to me and I manually whitelisted my internet IP to enable the firewall. Just don’t restart your router that often so your IP is not changing so much.
http://wordpress.org/support/topic/vps-cent-os-install-help
http://nintechnet.com/nfwp/1.1.3/
Rafaelmagic,
I tried this, but no luck.
I added the website’s IP address, the server’s external IP, and 127.0.0.1, but no change.
Just to see what would happen, I added my home IP and it worked. This is not a fix though, because that means no one else can see the website except people we explicitly whitelist.
Ninthechnet, it seems that everyone is blocked by default.
You are not blocked, but there is a PHP error. If you added your IP to the .htninja, that would simply stop the firewall.
We need to know what is the error. You need to force PHP to display and/or log it, see php.ini Error Settings
crazywhistlepig,
I don’t know if you already resolved this. If not, switch your PHP execution mode to fastcgi.
Ninja Firewall does not run under suPHP (most cPanel hosts default option)
Hope this helps somebody.
