No I haven't tried using per-directory php.ini files before, and I don't know if my host supports them - I will ask them about it.
In the meantime I've tried the .user.ini solution and I'm happy to say that it works! I can now access all of the NinjaFirewall pages in the WordPress admin area. :)
Maybe it would be a good idea to include some instructions about the .user.ini solution in the plugin's instructions, in case other users also need this. :)
I hope you'll still be able to update the plugin, to support the subdirectory installation that I'm using, in any case!
Now I have a couple of extra feedbacks for you:
1) Although I can now access all of the firewall setting pages in the WordPress admin, I am nevertheless getting this error at the very top of every page in the admin area:
"ERROR: NinjaFirewall cannot find WordPress configuration file."
Additionally, this same error also appears at the very top of the webpages too (which the public can see!!), which is a disaster! That means I will have to disable the plugin completely until this is fixed. I can't have the public seeing such an error on every webpage!
I would suggest that you change this error, so that it is only visible in the Admin pages and not on the actual website itself. The public don't need to see it! Only me (the admin) needs to see this.
2) On the "Firewall Policies" page there is a setting which says, "Block direct access to any PHP file located in one of these directories". And one of the directories mentioned there is this:
However, I have changed the name of my wp-content folder to something different. I've done this using the WP_CONTENT_URL and WP_CONTENT_DIR variables in my config.php file. Therefore I have no such folder as /wp-content anymore.
Can you fix the firewall so that it recognises a different path from the WP_CONTENT_URL and WP_CONTENT_DIR variables please?
3) On the "Email Alerts" page, there is an setting for "Send me an alert whenever XYZ logs in". Currently I can select for the admin only, or for any user, or for none. However I think it would also be nice, to have an extra option, for "a non-administrator". So that I can receive an email every time somebody logs in who is NOT an administrator. When I am the only administrator, I don't need to receive an email every time I myself log in!
Maybe the "Plugins" and "Themes" and "Core" email alerts should also have an option to exclude the administrator too, so that I don't receive emails about my own actions.
Lastly: where can I find some information and descriptions about the security rules? It only shows men "Rule ID 1" etc, which is meaningless to me. :)
Thanks again for your help so far!