NinjaFirewall (WP edition)
[resolved] NinjaFirewall blocks the "Preview Changes" button (6 posts)

  1. GermanKiwi
    Posted 1 year ago #

    Hi, I've just discovered that NinjaFirewall blocks the preview function when editing a post or page.

    When I'm editing a page in WordPress, there is a button on the right called "Preview Changes", near the Publish button. The Preview Changes button will make a new browser window appear with a preview of the page, without saving the page.

    Normally the URL of the preview page looks something like this:

    However, when I clicked this button just now, it opened a new browser window and the URL changed to:
    ...And it displayed the standard NinjaFirewall "403" error message ("your request cannot be proceeded").

    I checked the firewall log, and it shows that it's being blocked with rule #100, and it refers to "XSS (HTML tag)". But I don't understand why or what this means.

    I know that I can just disable rule 100, but I'd rather not disable any rules because that might allow a hacker to gain access through whatever feature is being protected by rule 100.

    Is there any way to fix this so that NinjaFirewall does not block the "Preview Changes" button from working? I would have thought, that NinjaFirewall would not block internal features which are part of WP core?



  2. nintechnet
    Plugin Author

    Posted 1 year ago #


    Normally you should not be blocked as long as you are the admin and that the "Do not block WordPress admin" is enabled.
    This looks like an expired PHP session.

    Can you try to log out, log in, then edit/preview your post again?

  3. GermanKiwi
    Posted 1 year ago #

    Everything seems to be working fine now, thanks!

  4. scinews
    Posted 1 year ago #

    Hello, I have the same problem, but I don't use an admin account to edit posts. Is any workaround besides disabling rule 100?
    I've already disabled "Block direct access to any PHP file located in /wp-includes/*.php" because I could't use TinyMCE.

  5. nintechnet
    Plugin Author

    Posted 1 year ago #


    Disabling that rule seems to be your best choice because you do not have admin privilege.
    Another option would be to whitelist your IP, but that would require that you have a static IP.

  6. scinews
    Posted 1 year ago #

    Thank you, whitelist works well for me.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • NinjaFirewall (WP edition)
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.