Support » Plugin: NinjaFirewall (WP Edition) » getting blocked when editing a plugin

  • Resolved Ovidiu


    within the firewall options I allowed file editing and set the option to prevent the admin from being blocked although if your plugin is only checking for a user named admin that won’t work, since my admin username differs.

    Here is the log:

    28/Apr/13 10:28:33  #6242549  critical   155    POST /wp-admin/plugin-editor.php - Code Injection - [POST:newcontent = <?php%0d%0a/*%0d%0aPlugin Name: WP fail2ban%0d%0aPlugin URI:]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet


    The firewall relies on the user role (administrator), not on its name.

    Are you sure you have the correct permissions? That could also explain the wp_nonce_ays() error message you mentioned in that thread.

    If you want to see whether you are whitelisted or not while you are logged in, append a ?test=nullbyte%00 string to your WP index URL:


    Thanks for your support!

    1. These two errors (nonce and being blocked) appeared on 2 different blogs.
    2. Appending that string to blog a) where ninjafirewall is active I am being blocked despite being an admin.

    Any other info I can supply you with?

    This might be a caching problem but not sure where it occurs as I have just tried again to access mydomain.tld/wp-admin/index.php?test=nullbyte%00 and this time I wasn’t blocked.

    There is plenty of caching going on, first the DNS is going through Cloudflare which serves as a CDN and WAF too, then I’m running nginx + fastCGI and fastCGI_cache is being used as well as APC which has a system cache as well as user cache.

    SO I guess we can close this issue, I guess that this might have been a caching issue.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘getting blocked when editing a plugin’ is closed to new replies.