Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security » NinjaFirewall 3.6 and WordPress 4.9.2

  • Resolved tomdkat

    (@tomdkat)


    Hi! I’ve researched a problem I’m having where changes made to my theme’s PHP files can’t be saved in the theme editor. This is due to this error:

    Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.

    This is in turn caused by timeouts reported by cURL. The “Health Check” WordPress plugin (https://wordpress.org/plugins/health-check/) reports this:

    The loopback request to your site failed, this may prevent WP_Cron from working, along with theme and plugin editors.<br>Error encountered: (0) cURL error 28: Operation timed out after 10002 milliseconds with 0 bytes received
    
    Result from testing without any plugins active: The loopback request to your site failed, this may prevent WP_Cron from working, along with theme and plugin editors.
    Error encountered: (0) cURL error 28: Operation timed out after 10003 milliseconds with 0 bytes received

    So, I did some poking around and found if I disable the NinjaFirewall entry in my .user.ini PHP config file, I’m able to get these results from the “Health Check” plugin:

    The loopback request to your site failed, this may prevent WP_Cron from working, along with theme and plugin editors.<br>Error encountered: (0) cURL error 28: Operation timed out after 10000 milliseconds with 0 bytes received
    
    Result from testing without any plugins active: The loopback request to your site completed successfully.

    I’ve tried resetting the NinjaFirewall options, disabling it, and just about everything else I can think of outside of uninstalling it and the ONLY thing that appears to help is commenting out the entry from the .user.ini PHP configuration file.

    Any ideas on how NinjaFirewall could be interfering with the ability to save changes to theme files using the stock WordPress theme editor?

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    I can reproduce the issue, just by enabling it:
    1. Upload NF into the plugin folder.
    2. Activate it. No need to go through the install process (i.e., nothing is added to the php.ini file).
    3. The theme editor will timeout only when editing PHP scripts. CSS and JS files can be edited though.
    4. Disabling NF from the “Plugins” page solves the problem.

    This is due to the new code added to the theme & plugin editor from the latest WordPress 4.9.2 version.

    Maybe an issue with headers, cookies/session? I’ll have to check this.

    Great! I’m glad you were able to recreate the issue. Does NinjaFirewall 3.6.1 address this issue?

    Thanks!

    Plugin Author nintechnet

    (@nintechnet)

    No it doesn’t because it cannot: the issue comes from PHP session locking. The new changes in WordPress 4.9.2 use cURL to callback the blog main page and it hangs because of the exclusive lock.

    I would like to get rid of PHP session in the firewall, but that’s very tricky due to the way it works.

    In the meantime, your only solution is to edit a WordPress core file:
    1. Open the “/wp-admin/includes/file.php” script.
    2. Locate this line: if ( $is_active && 'php' === $extension ) {
    3. Right below, add this code: @session_write_close(); so that it will look like this:

    if ( $is_active && 'php' === $extension ) {
       @session_write_close();
       ...
    

    Next time you update WordPress, you may need to apply the change again.

    Thanks for the information!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘NinjaFirewall 3.6 and WordPress 4.9.2’ is closed to new replies.