NinjaFirewall (WP Edition)
[resolved] getting blocked when editing a plugin (4 posts)

  1. Ovidiu
    Posted 3 years ago #

    within the firewall options I allowed file editing and set the option to prevent the admin from being blocked although if your plugin is only checking for a user named admin that won't work, since my admin username differs.

    Here is the log:

    28/Apr/13 10:28:33  #6242549  critical   155    POST /wp-admin/plugin-editor.php - Code Injection - [POST:newcontent = <?php%0d%0a/*%0d%0aPlugin Name: WP fail2ban%0d%0aPlugin URI: https://charles.lecklider.org/wor...]


  2. nintechnet
    Plugin Author

    Posted 3 years ago #

    The firewall relies on the user role (administrator), not on its name.

    Are you sure you have the correct permissions? That could also explain the wp_nonce_ays() error message you mentioned in that thread.

    If you want to see whether you are whitelisted or not while you are logged in, append a ?test=nullbyte%00 string to your WP index URL:


  3. Ovidiu
    Posted 3 years ago #

    Thanks for your support!

    1. These two errors (nonce and being blocked) appeared on 2 different blogs.
    2. Appending that string to blog a) where ninjafirewall is active I am being blocked despite being an admin.

    Any other info I can supply you with?

  4. Ovidiu
    Posted 3 years ago #

    This might be a caching problem but not sure where it occurs as I have just tried again to access mydomain.tld/wp-admin/index.php?test=nullbyte%00 and this time I wasn't blocked.

    There is plenty of caching going on, first the DNS is going through Cloudflare which serves as a CDN and WAF too, then I'm running nginx + fastCGI and fastCGI_cache is being used as well as APC which has a system cache as well as user cache.

    SO I guess we can close this issue, I guess that this might have been a caching issue.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • NinjaFirewall (WP Edition)
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.