• Resolved beefi1123

    (@beefi1123)


    Hi, on installation, I am getting this message: NinjaFirewall detected that the PHP auto_prepend_file directive seems to be used by another application: /home/volleyra/public_html/wordfence-waf.php. Because NinjaFirewall needs to use that directive, it will override it.

    From there, it doesn’t let me move forward and just refreshes and resends the installation email. Problem is, I haven’t had wordfence installed for a long time. If I delete that file, the whole site goes down. How do I correct this so that I can safely install NF?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    Even if you don’t use it anymore, its auto_prepend_file directive is still present in the php.ini (or .user.ini) located in your WordPress root folder. Edit that file and remove the directive, then run NF installer.

    beefi1123

    (@beefi1123)

    Now, it doesn’t want to move past the system configuration page with:

    Select your HTTP server and your PHP server API (SAPI) view PHPINFO
    Select the PHP initialization file supported by your server
    php.ini
    Used by most shared hosting accounts.

    .user.ini (recommended)
    The default PHP INI file since PHP 5.3.0 (more info).

    php5.ini
    A few shared hosting accounts. Seldom used.

    It still just refreshes and resends the email.

    Plugin Author nintechnet

    (@nintechnet)

    That’s odd.
    * Do you have another plugin that could mess with the installation process? For example by throwing a PHP warning or notice (that you won’t see unless you look at the HTML source) that will prevent NF from using PHP session because the headers will be sent too early?
    * A JS bug? Try to open your browser JS console (CTRL + Shift + J) and check for errors while submitting the form.

    This is the error it gave:
    [Violation] Forced reflow while executing JavaScript took 30ms

    Plugin Author nintechnet

    (@nintechnet)

    This error doesn’t seem related to your issue.
    It looks to me that you’re having problem with cookies. NinjaFirewall uses PHP sessions, and it seems your PHP interpreter cannot find the session cookie and restart a new session, hence the loop.
    Can you try to log out and delete all cookies? Or try to install NF from another browser?

    That did the trick. Just to clarify, I was using Chrome before and tried Firefox and it went through. While I have you though, could I ask a couple quick questions:

    I am getting this message: HTTP_CF_CONNECTING_IP detected: you seem to be using Cloudflare CDN services. Ensure that you have setup your HTTP server or PHP to forward the correct visitor IP, otherwise use the NinjaFirewall .htninja configuration file.

    Should I be concerned, or how should I go about fixing?

    Second:
    I now have this, free Sucuri, and free Cloudflare. Is it ok to get rid of Sucuri? I don’t want to have anything redundant/fattening, but I don’t know if this will leave me vulnerable. Thanks!

    Plugin Author nintechnet

    (@nintechnet)

    If you are using Cloudflare, you need to create a “.htninja” file ( https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja ) and upload it to your WordPress root folder:

    <?php
    /*
     +====================================================================+
     | NinjaFirewall optional configuration file                          |
     |                                                                    |
     | See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
     +====================================================================+
    */
    
    // Users of Cloudflare CDN:
    if (! empty($_SERVER["HTTP_CF_CONNECTING_IP"]) &&
     filter_var($_SERVER["HTTP_CF_CONNECTING_IP"],FILTER_VALIDATE_IP)) {
       $_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
    }
    

    I don’t think the free Sucuri plugin includes a web application firewall and a real-time protection.

    That worked. Thanks!

    What kind of security setup would you recommend? Is my combo sufficient without Sucuri?

    Plugin Author nintechnet

    (@nintechnet)

    I recommend to check our Securing WordPress with NinjaFirewall article, because it contains all info you’ll ever need to tweak it. Unless you see a plugin that does things that NinjaFirewall doesn’t, I don’t really recommend to install any other security plugin.

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.