Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security » Editors are locked out after last update

  • Resolved cebln

    (@cebln)


    The last update fixed a login problem (blank page) but might have created a new problem:

    Users with role of Admins have no problems (because whitelisted?)

    Users with lower roles see a grey box on a white page only when trying to edit a page in the backend. I guess this is another plug-in conflict and has something to do with user rights.

    NinjaFirewall: You are not allowed to perform this task.

    Option that makes problems:
    GENERAL – Block attempts to modify important WordPress settings (default)

    The log shows this:
    26/Mar/19 17:19:49 #6116748 CRITICAL … GET /wp-admin/post.php – Blocked attempt to modify WordPress settings … prefix123_user_roles …

    I will now dig further…


    NF WP Edition / Version 3.8.4 (it has worked in older versions)
    PHP 7.2
    WP 5.1.1

    • This topic was modified 2 months, 3 weeks ago by  cebln.
    • This topic was modified 2 months, 3 weeks ago by  cebln.
    • This topic was modified 2 months, 3 weeks ago by  cebln.
    • This topic was modified 2 months, 3 weeks ago by  cebln.
Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author nintechnet

    (@nintechnet)

    I’m wondering why your xx_user_roles, which contains user roles and capabilities, is being modified while an Editor is working. (I can edit any post or page as an Editor.)

    Users with role of Admins have no problems (because whitelisted?)

    Yes, only the admin should mess with it.
    It’s a bit scary, because last time someone posted a message similar to yours, here on our forum, it was due to that issue.

    When sending this alert, NinjaFirewall attaches a PHP backtrace to the email. Did you receive it? If you did, just confirm it and I’ll give you an email address so that you can forward it to me.

    I can confirm this. I have backtrace files.
    I will contact you over your forum now (we also run a licensed plus version)

    We do have similar problems since one of the last updates. All our users are locked out. “NinjaFirewall: You are not allowed to perform this task.”

    Simultaneously we receive emails with backtrace: “NinjaFirewall has blocked an attempt to modify some important WordPress settings by a user that does not have administrative privileges”.

    We did scan the whole site and had some research in order to recognize any obvious malignant changes. Before having a deeper look we would like to know if there are probably other explanations or known issues.

    Thank you for your great job and your help.

    Plugin Author nintechnet

    (@nintechnet)

    * Which option are modified? Is it xxxx_user_roles ? You can see that in the email notification sent by NinjaFirewall (Option: xxx).
    * Which users are blocked (editors etc) and what were they doing when they are blocked?

    Thank you for answering immediately.

    + Yes, xxx_user_roles are modified
    + all users are blocked
    + Nothing was done – we tried to enter the backend and got the message “NinjaFirewall: You are not allowed to perform this task.”

    Plugin Author nintechnet

    (@nintechnet)

    You can try the following:
    1. Open your wp-config.php, and search for this line (where XXXX is your DB table prefix.):
    $table_prefix = 'XXXXX_';

    2. Right below, add this line of code:
    define('NFW_OPTMON_EXCLUDE', "{$table_prefix}user_roles");

    That will disable the xxx_user_roles monitoring.

    Would you mind to send me a copy of the PHP backtrace sent by the firewall to contact [at] nintechnet (dot) com ? You can ZIP it, attach it to your email and simply add “webwiese wordpress forum” in the subject? I could check what is going on.

    Thank you very much for your support. We’ll send the backtrace file.

    🙂

    Plugin Author nintechnet

    (@nintechnet)

    @webwiese : I received the backtrace. The error is related to the quick-event-manager plugin.
    But when I’m testing it, I’m not blocked by the firewall.
    Could you clarify which version of NinjaFirewall and quick-event-manager you were running when you were blocked?

    Plugin Author nintechnet

    (@nintechnet)

    @webwiese : I have been able to reproduce the issue and the very same backtrace as yours, but only with the previous NinjaFirewall v3.8.4 or lower, not the latest 3.9.1.
    That happened when a non-admin user logged in to the admin dashboard.
    Version 3.9.1 has been improved to prevent this kind of issue.

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.