Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall » How to uninstall NinjaFirewall (WP Edition)

  • Hello,

    I can’t get it right.

    The following files are in the root directory:


    If I delete these files, there’ll be a 500-point error.

    How can I completely uninstall NinjaFirewall (WP Edition)?

    Best regards


Viewing 15 replies - 1 through 15 (of 20 total)
  • Plugin Author nintechnet


    Deleting the .user.ini shouldn’t crash your site as it would unload the firewall.
    Deleting the .htninja shouldn’t crash it either unless there’s some weird code in it. Did you check its code?

    -Did you uninstall NinjaFirewall from the WordPress dashboard, first?
    -Do you have another instance of the firewall installed (e.g., in a parent or sub folder)?
    -Can you post here the PHP error log message?

    Thread Starter Torsten Bulk


    Hello again,

    thanks for the answer.

    I could .user.ini delete. Just not .htninja?

    Here comes a 500 Error.

    | NinjaFirewall optional configuration file                          |
    |                                                                    |
    | See: |
    // Users of Cloudflare CDN:
    if (! empty($_SERVER["HTTP_CF_CONNECTING_IP"]) &&
    Plugin Author nintechnet


    Make sure you uninstalled it from the WordPress “Plugins” page, that the best way to do it.
    You can remove the .user.ini file, because it has the firewall directive (if you uninstall from the WordPress dashboard, it will remove them for you automatically).

    Thread Starter Torsten Bulk


    Thank you.

    The plugin and the .user.ini file are removed.

    But I can’t delete the .htninja file (with the cloudflare statement) without getting a 500 error! How do I get the file deleted. Is there still data somewhere else?

    Plugin Author nintechnet


    Do you have another website installed on this document root? It looks like there’s another installation on NinjaFirewall.

    Can you check the HTTP error log? You will see the error message and that will help us to understand the problem.

    You can also run the troubleshooter script:
    1. Rename this file to “wp-check.php”.
    2. Upload it into your WordPress root folder.
    3. Go to http://YOUR WEBSITE/wp-check.php
    4. Delete it afterwards.
    Paste the results here.

    Thread Starter Torsten Bulk


    This is the result:

    NinjaFirewall (WP edition) troubleshooter
    HTTP server	:	nginx/1.16.1
    PHP version	:	7.4.9
    auto_prepend_file	:	/var/www/vhosts/
    Loader's path to firewall	:	Cannot find the path!
    wp-config.php	:	found in /var/www/vhosts/
    NinjaFirewall detection	:	NinjaFirewall is not loaded
    Loaded INI file	:	/opt/plesk/php/7.4/etc/php.ini
    user_ini.filename	:	.user.ini
    user_ini.cache_ttl	:	300 seconds
    User PHP INI	:	none found
    DOCUMENT_ROOT	:	/var/www/vhosts/
    ABSPATH	:	/var/www/vhosts/
    WordPress version	:	5.5.1
    WP_CONTENT_DIR	:	/var/www/vhosts/
    Plugins directory	:	/var/www/vhosts/
    User Role	:	Unknown role (or user not logged in)
    User Capabilities	:	Error: missing manage_options capability - Error: missing unfiltered_html capability
    Make sure you are logged in to WordPress before running this script.
    Log dir permissions	:	/var/www/vhosts/ dir is writable
    Cache dir permissions	:	/var/www/vhosts/ dir is writable
    Plugin Author nintechnet


    It looks fine.
    You need to check the HTTP and PHP error logs, there will be the reason why your server (or PHP) throws a 500 error. When you find the line in your log, post it here.

    Thread Starter Torsten Bulk



    2020/09/07 19:43:14 [error] 32228#0: *5839493 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: failed to open stream: No such file or directory in Unknown on line 0PHP message: PHP Fatal error:  Unknown: Failed opening required '/var/www/vhosts/' (include_path='.:/opt/plesk/php/7.4/share/pear') in Unknown on line 0" while reading response header from upstream, client:, server: xxxnet, request: "GET /de/merkmal/fussbodenheizung/page/5 HTTP/1.1", upstream: "fastcgi://unix:///var/www/vhosts/system/xxx/php-fpm.sock:", host: „"

] AH01630: client denied by server configuration: /var/www/vhosts/
    [Mon Sep 07 18:51:43.459992 2020] [authz_core:error] [pid 3089] [client] AH01630: client denied by server configuration: /var/www/vhosts/

    proxy_access_ssl_log - - [07/Sep/2020:13:37:45 +0200] "GET /bphome/.htninja HTTP/1.1" 404 36035 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"


    2020-09-07 19:42:43	Warning		32228#0: *5839452 FastCGI sent in stderr: "PHP message: PHP Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0PHP message: PHP Fatal error: Unknown: Failed opening required '/var/www/vhosts/' (include_path='.:/opt/plesk/php/7.4/share/pear') in Unknown on line 0" while reading response header from upstream				nginx-Fehler
    Plugin Author nintechnet


    As you can see, you have a file that is loading the .htninja.
    But the log reads “in Unknown on line 0” which isn’t very helpful.
    Nevermind, you should be able to find it by adding this code to the .htninja:

    $foo = debug_backtrace();
    file_put_contents( 'ninjadebug.txt', print_r( $foo[0], true) );

    Visit the site, and check the content of the “ninjadebug.txt” filecreated in the same folder: it should display the full path and line number of the script that loads the .htninja.

    Don’t forget to remove the above code from the .htninja.

    Thread Starter Torsten Bulk


    The file ninjadebug.txt is created. But it remains empty.

    Plugin Author nintechnet


    Then, that means the .htninja is not loaded from a PHP script.
    That’s really weird.
    Maybe you have a proxy or HTTP cache that still caches and loads it?

    Thread Starter Torsten Bulk


    All very strange. I can’t find anything that causes this.

    The site runs on a nginx server, via Cloudflare, as caching plugin runs WP Fastest Cache.

    But even if everything is deactivated nothing changes.

    • This reply was modified 1 year, 8 months ago by Torsten Bulk.
    Plugin Author nintechnet


    Maybe an opcode cache? Can you try to reload your PHP-FPM process?

    Thread Starter Torsten Bulk


    I deactivated the opcode and also deleted it. I changed PHP-FPM to 7.2 and 7.3.

    All without any change. I am at a loss.

    Plugin Author nintechnet


    Search for ‘.htninja’ in your document root:

    $ grep -r '.htninja' /full/path/to/your/blog/ --color=always

    If you have root access, try your luck with the Linux kernel’s audit system. Unlike inotify, auditd will give you information about the process that accessed the file. But I’ve no idea if that will work in your case.
    You must install it. In Debian:

    apt install auditd audispd-plugins

    Start the service:

    service auditd start

    Set up a watch:

    auditctl -w /full/path/to/.htninja -p war -k foobar

    Restart your HTTP server, your PHP server, access your blog etc.
    Then check if it caught something:

    ausearch -f /full/path/to/.htninja

    The audit log is in /var/log/audit/audit.log.

    To remove the watch:

    auditctl -W /full/path/to/.htninja -p war -k foobar
Viewing 15 replies - 1 through 15 (of 20 total)
  • The topic ‘How to uninstall NinjaFirewall (WP Edition)’ is closed to new replies.