Hi,
Could you download this file http://nintechnet.com/ninjacheck_php.txt, rename it to ninjacheck.php, upload it to your WordPress folder, call it from your browser and paste the results here ?
If your domain name is mentioned in the output, you can replace it with ‘xxxxxxx’ instead.
Then, delete ninjacheck.php from your server.
Hi Nintechnet & thx for fast answer !
here are the results, i replaced name of root folder & domain name as suggested :
================== %< ====================
HTTP server: Apache
PHP version: 5.4.30
PHP SAPI: FPM-FCGI
Loaded INI file: /usr/local/php5.4/etc/php.ini
auto_prepend_file: none
user_ini.filename: .user.ini
user_ini.cache_ttl: 300
user INI: php5.ini found
PHPRC: unknown
DOCUMENT_ROOT: /home/rootfolder/domain
wp-config.php: found
ABSPATH: /home/rootfolder/domain/
WP version: 467
WP_CONTENT_DIR: /home/rootfolder/domain/wp-content
================== %< ====================
It seems that my php5.ini is not loaded.
My web hosting is OVH, and i use for hosting my websites an option called “multidom” that is described on this page.
With this option, the domain site folder is not in the usual “www” but at the root folder of the hosting (/).
I’m afraid OVH does not the use of another php.ini, as i just red a support page explaining how to modify php config on mutualized servers by ovh: it can be done by editing a file “.ovhconfig” and modifying it. It is mentionned : the .ovhconfig file must be at the root folder and it is not possible to use several .ovhconfig files and to have different configurations of php active on the same hosting.
So, you think the use of Ninja firewall is possible although?
Sorry if my english is sometimes approximative & thanks for support !
Did you try with “.user.ini” instead pf php5.ini/php.ini ?
I am not sure at all it will work, because OVH seems to add a lot of restrictions to their shared hosting accounts.
If you cannot use NinjaFirewall, you could try to protect your site(s) with modsecurity because I saw that there is a “http.firewall” instruction in their “.ovhconfig” file.
Hi nintechnet
i just tried .user.ini but i got the same issue 🙁
i think you’re right, with ovh restrictions of shared hosting i think i cannot use ninja firewall
i will check modsecurity and i thank you a lot for help
Regards
YESS !
i was about to uninstall ninja firewall and wanted to check the good procedure and -surprise!!- the firewall is active !!!
So with OVH i have to use .user.ini instead of php.ini or php5.ini !
Thanks a lot 🙂
Perfect !
Sometimes it may take a few minutes before PHP reloads the INI file configuration. That is fine, except one small issue: if one day you want to uninstall NinjaFirewall, you will need to delete the INI file first, wait a couple of minutes until PHP reload its INI configuration and then, uninstall NF from the WordPress plugins page.
Otherwise, after the installation, the site would crash until PHP reload the new INI configuration.
Yep thanks for priceless precisions !
Hope this discussion will help s.o in the future.
Congrats for this firewall: i already had 7 alerts about hacks. 6 was not dangerous (actually, it was some cromp tasks i had previously programmed) and it allowed me to ajust the rules, but one was a real try to hack.
I looked for a reinforced protection because i had php injections on one of my wordpress website, with “eval(base64_decode($_POST[xxxxx])) codes everywhere on 2 websites. I spent lot of time to clean it but now it seems to be ok.
Wait & See, and thanks again !