There is an issue with your configuration regarding PHP session.
When you log out, it is normal to see the NinjaFirewall login page if you enabled ‘Always ON’.
Do you know what the issue might be with the PHP session?
And will this issue affect the functionality of the NinjaFirewall to do what it is designed to do?
I have no idea where the problem comes from.
Sessions are used to whitelist the admin. That doesn’t affect the security, but you could be blocked by the firewall while working from the admin dashboard.
Can you try the “Live Log” feature and see whether it works or reports an error? It requires PHP sessions to work.
I successfully logged in today as admin without subsequent repetitive login.
However, the “Live Log” feature reports an error, where html code is below and CSS within it.
Are you sure your NinjaFirewall installation is not corrupted?
I am getting activity reports and security rules update regularly as below:
Daily activity report for: http://www.abc123.com/
Date Range Processed: Yesterday, August 13, 2016
Blocked hacking attempts: 2 (critical: 0, high: 0, medium: 2)
Blocked brute-force attacks: 0
This notification can be turned off from NinjaFirewall “Event Notifications” page.
NinjaFirewall (WP Edition) – http://ninjafirewall.com/
Support forum: http://wordpress.org/support/plugin/ninjafirewall
———————————————————————–
NinjaFirewall security rules have been updated:
Blog: http://www.abc123.com/
Rules version: 2016-08-13.1
Date: Aug 13, 2016 @ 23:04:24 +0000
NinjaFirewall (WP Edition) – http://ninjafirewall.com/
Support forum: http://wordpress.org/support/plugin/ninjafirewall
That looks fine, but according to the mess you get when you access the Live Log page, you could have one or more corrupted files.
Can you try to reinstall NinjaFirewall? You can first export your current configuration from the “Firewall Options” page, reinstall NinjaFirewall and re-import your settings.
I uninstalled the plugin twice but still the mess shows up. I have even deleted the nfwlog.
What I have noticed is that for both the fresh installs the email ID that was entered in the previous installation is showing.
So basically the old email ID should not be showing for a fresh install, as the field should be empty. Are there any other files that are not removed after the uninstallation?
The installer uses the admin email found in the WordPress “Settings > General > Email Address” menu.
Can you show a screenshot of the Live Log page?
It shows the “Error: Live Log did not receive the expected response from your server” message + the content received. That is still the issue with your PHP session.
You may have another plugin that is messing with session, or you log in from www.example.com and are redirected to example.com afterwards (or vice versa)?
It was the PHP session and is now fixed by the hosting provider.
