Support » Plugin: NinjaFirewall (WP Edition) » NinjaFirewall blocks the "Preview Changes" button

  • Resolved GermanKiwi


    Hi, I’ve just discovered that NinjaFirewall blocks the preview function when editing a post or page.

    When I’m editing a page in WordPress, there is a button on the right called “Preview Changes”, near the Publish button. The Preview Changes button will make a new browser window appear with a preview of the page, without saving the page.

    Normally the URL of the preview page looks something like this:

    However, when I clicked this button just now, it opened a new browser window and the URL changed to:
    …And it displayed the standard NinjaFirewall “403” error message (“your request cannot be proceeded”).

    I checked the firewall log, and it shows that it’s being blocked with rule #100, and it refers to “XSS (HTML tag)”. But I don’t understand why or what this means.

    I know that I can just disable rule 100, but I’d rather not disable any rules because that might allow a hacker to gain access through whatever feature is being protected by rule 100.

    Is there any way to fix this so that NinjaFirewall does not block the “Preview Changes” button from working? I would have thought, that NinjaFirewall would not block internal features which are part of WP core?


Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author nintechnet



    Normally you should not be blocked as long as you are the admin and that the “Do not block WordPress admin” is enabled.
    This looks like an expired PHP session.

    Can you try to log out, log in, then edit/preview your post again?

    Everything seems to be working fine now, thanks!

    Hello, I have the same problem, but I don’t use an admin account to edit posts. Is any workaround besides disabling rule 100?
    I’ve already disabled “Block direct access to any PHP file located in /wp-includes/*.php” because I could’t use TinyMCE.

    Plugin Author nintechnet



    Disabling that rule seems to be your best choice because you do not have admin privilege.
    Another option would be to whitelist your IP, but that would require that you have a static IP.

    Thank you, whitelist works well for me.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘NinjaFirewall blocks the "Preview Changes" button’ is closed to new replies.