Hi,

It seems that instead of sending daily notification email on midnight (00:00) plugin counts 24 hours, not taking into account day light saving time.

See the function below on the file event_notifications.php:

// ---------------------------------------------------------------------
function nf_daily_report_log() {

	if ( date('j') == 1 ) {
		$cur_month_log = date('Y-m', strtotime( date('Y-m') .' -1 month') );
	} else {
		$cur_month_log = date('Y-m');
	}
	$previous_day	= strtotime( date('Y-m-d 00:00:01', strtotime('-1 day') ) );
	$logstats		= [ 0 => 0, 1 => 0, 2 => 0, 3 => 0, 5 => 0 ];

	$files = NinjaFirewall_helpers::nfw_glob(
		NFW_LOG_DIR .'/nfwlog', 'firewall_'. $cur_month_log, true, true
	);

	// Parse each log
	foreach( $files as $file ) {

		// Stat the file: if it's older than 24 hours, we skip it
		$log_stat = stat( $file );
		if ( $log_stat['mtime'] < $previous_day ) {
			continue;
		}

		$log_lines = file( $file, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES );
		foreach ( $log_lines as $line ) {
			if ( preg_match(
				'/^\[(\d{10})\]\s+\[.+?\]\s+\[.+?\]\s+\[#\d{7}\]\s+\[\d+\]\s+\[([1235])\]\s+\[/',
				$line, $match )
			) {
				// Fetch last 24 hours only
				if ( $match[1] > $previous_day && $match[1] < $previous_day + 86400 ) {
					++$logstats[ $match[2] ];
					if ( strpos( $line, 'Brute-force attack detected') !== FALSE ) {
						++$logstats[0];
					}
				}
			}
		}
	}
	return $logstats;
}

// ---------------------------------------------------------------------

Can you please fix this issue?

Hi,

On the website NinjaFirewall and Events Manager by Pixelite is installed and active. 

When creating a virtuel event in Events Manager (event-type = URL), the plugin automatically creates an empty physical venue, what is unexpected beahviour.

The bug only arises when NinjaFirewall is active.

 Is this a known issue or can you identify where exactly the conflict arises from?

Hi, I see the following message in the WordPress dashboard status when the plugin is activated. When I deactivate the plugin, the message disappears.

Message is:

Critical Issue: Critical issues involve elements that can have a significant impact on the performance or security of your website. Resolving these issues should be prioritised.

An active PHP session has been detected: Performance

A PHP session was created by a session_start() function call. This affects REST API and loopback requests. The session should be closed with session_write_close() before any HTTP requests are made.

Thank you for the advice on whether I should do something.

Hi there,

after the update of the plugin to Version 4.7 my WP shows “an active PHP session was detected” as a critical warning.

How can I solve this?

Best wishes

Silke K?nig

• This topic was modified 1 week, 2 days ago by fraukoenig.

Hello,

After upgrading the plugin to version 4.7, I noticed in the admin panel under “Tools -> Site Health” notifications about a critical issue (see screenshot). The problem in Site Health terminology is called “An active PHP session was detected”.

If you deactivate NinjaFirewall 4.7 the error disappears.
In the previous version of NinjaFirewall 4.6.1 – this problem does not exist.

What can this problem affect and how can it be fixed?

I will be grateful for your answer.
Thank you!

PHP 7.4.33
WordPress 6.6.2

Hello,

Your plugin works well, but now I started using Cloudflare for additional protection of my site and found some problems. Namely – when authorizing in the admin panel of the site, I get email notifications about logging into the panel with the wrong IP address.

Email notifications about login to the admin panel I have configured through your plugin in the “Event Notifications” section. It is important for me to know when and from which IP address on my site visitors are logged in. But when I started using Cloudflare, the wrong address is detected in the notifications.

This is most likely due to Cloudflare DNS proxying.

How can I solve this problem?

I will be grateful for your answer and help.
Thank you!

PHP 7.4.33
Apache
WordPress 6.6.2

Do I need to do anything if I use Cloudflare?

I didn’t fully understand what I had to do.

Here comes this message…

HTTP_CF_CONNECTING_IP detected: you seem to be using Cloudflare CDN services. Ensure that you have setup your HTTP server or PHP to forward the correct visitor IP, otherwise use the NinjaFirewall .htninja configuration file.

Because the preload from Flyingpress did not work, I contacted their support. it turned out that the plugin needs access to /wp-json/. as a working solution, they suggested that I deactivate the first checkbox (/wp-admin/*) in the firewall policies for “Block direct access to any PHP file located in one of these directories”.

the preload of flyingpress then works. is there any other possibility on the part of ninjafirewall besides giving access to all orders?

• This topic was modified 1 month, 2 weeks ago by aportmann.

NinjaFirewall keeps sending me warnings about how it blocked a user trying to edit or create a page for which she does not have the necessary rights.

The user in question has the Editor role, which includes all 12 post capabilities, and the post she’s trying to edit was created by herself.

I could turn off NFW > Firewall Policies > “Block attempts to publish, edit or delete a published post by users who do not have the right capabilities (recommended)”, but somewhow I feel that would be wrong, as I can’t see why an Editor is incapable of editing her own post.

Is there a way to read out of the ultra-long php backtrace where exactly things go wrong here?

Thanks!

Hello,

after moving my website from server A to B, I wanted to install the Ninja Firewall again. It gets installed but I get this error upon activating it:

Plugin could not be activated because it triggered a?fatal error.

I checked the PHP log files and I see these errors:

[28-Sep-2024 11:09:00 UTC] PHP Fatal error: Uncaught Error: Undefined constant "NFW_RULES" in /var/www/website/public_html/wp-content/plugins/ninjafirewall/lib/install_default.php:171
Stack trace: 0 /var/www/website/public_html/wp-content/plugins/ninjafirewall/ninjafirewall.php(161): nfw_load_default_conf() 1 /var/www/website/public_html/wp-includes/class-wp-hook.php(324): nfw_activate(false) 2 /var/www/website/public_html/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters('', Array) 3 /var/www/website/public_html/wp-includes/plugin.php(517): WP_Hook->do_action(Array) 4 /var/www/website/public_html/wp-admin/includes/plugin.php(703): do_action('activate_ninjaf…', false) 5 /var/www/website/public_html/wp-admin/plugins.php(60): activate_plugin('ninjafirewall/n…', 'https://ivansal…', false) 6 {main}
thrown in /var/www/website/public_html/wp-content/plugins/ninjafirewall/lib/install_default.php on line 171

What is the problem?

Hi. My server keeps flagging ninjafirewall as a malicious file. Ive tried redownloading and installing the plugin, but it keeps getting flagged. It seems to disable the firewall completely. Please help maybe get it whitelisted?

MALWARE DETAILS

Below are details of the affected files:

________________________________________

HOST:????? **

SCAN ID:?? 240926-0122.36827

STARTED:?? Sep 26 2024 01:22:04 +0000

COMPLETED: Sep 26 2024 04:44:03 +0000

ELAPSED:?? 12119s [find: 817s]

PATH:?????????

RANGE:???????? 1 days

TOTAL HITS:??? 1

FILE HIT LIST:

/*/**/***/****/*****/wp-content/plugins/ninjafirewall/lib/firewall.php

===============================================

Linux Malware Detect v1.6.5 < [email protected] >

NinjaFirewall generates a number of log file backups, which are continually flagged by Defender as suspicious.

Because the URL changes every time, setting them to “Ignore” doesn’t really achieve anything. We can disable logs entirely (or at least set them to purge daily) but I don’t believe that will solve it either, and obviously isn’t ideal to lose the logs. The issue is purely with that cached log folder.

Is there a way to disable those cache files, or change the folder to somewhere outside of the /public_html folder so they’re exempt from being scanned?

Has anyone managed to activate full WAF on Hetzner with PHP greater than 8? Under PHP 7, it still works with:

<IfModule mod_php7.c>
   php_value auto_prepend_file […]
</IfModule>

But with PHP 8 and:

<IfModule mod_php.c>
   php_value auto_prepend_file […]
</IfModule>

everything is ignored. It doesn’t matter if it’s through .htaccess, .user.ini, or php.ini.

Hi, i have two different WP installations, one in the root folder and another in a sub dir (the subdomain that i have created point to that folder), im in a shared hosting.

I firstly have installed the plugin on the second wp installation (the one in the sub dir), i have activated it and when i tried to activate Full WAF mode it said that can’t be activated: “Make sure your HTTP server support the php_value auto_prepend_file directive in .htaccess files. Maybe you need to restart your HTTP server to apply the change, or simply to wait a few seconds and reload this page?”

Then i disabled the plugin and installed the plugin in the first wp installation (the one in the root folder) with success and full WAF mode enabled. In the configuration i excluded the sub dir of the second wp installation.

Now when i try to enable the plugin in the second wp installation it gives me an error that the plugin can’t be activated because there is a fatal error.

I then disabled the plugin in the first wp installation and tried to activate it in the second wp installation but still gives me the fatal error message.

How can i activate the plugin also on second wp installation and make the full WAF mode working?

Thanks in advice.

Hello,

is there a good way to use the .htninja file from two or more different wordpress installations (public_html), located in one root. At the moment, I’ve created a folder in the root to place the wp-config.php of the first wp-installation in it. The path to it is set in the .htninja – it works correctly. Can I set up the same .htninja for a second or third wordpress installation, maybe with a condition? What is the best practice in a enviorment like this?

Thank you

“The log shows all threats that were blocked by the firewall, unless stated otherwise. It is rotated monthly.”

It would be great if the entries was sorted in the reverse order i.e. newest entries at the top.

Hello,

We are currently receiving an increasing amount of spam in our contact forms, e.g. from the USA. We therefore want to prevent certain countries, including the USA, from accessing the website by geoblocking.

However, this entails 2 problems:

1) Litespeed cache: as soon as the pages are in the cache, geoblocking no longer works and you can also access the website from the USA, for example. How can we ensure that the geoblocking is loaded before the cache or is excluded from the cache?

2) Google Insights: if we include the USA in the geoblocking, certain Google services that are stored in the USA will no longer work, e.g. Google Insights, which has a negative impact on the Search Console. Is it possible to exclude certain ASN numbers or incoming URLs from geoblocking?

Thank you very much

• This topic was modified 2 months, 2 weeks ago by alexqbox.

The dashboard shows:

Version 4.6.1 ~ Security rules: 2024-08-28.1
Admin user xxxx: You are whitelisted by the firewall.

The error displayed:

Sorry xxx.yy.zzz.154, your request cannot be processed.
For security reasons, it was blocked and logged.

If you believe this was an error, please contact the
webmaster and enclose the following incident ID:

[ #2462138 ]

• This topic was modified 2 months, 2 weeks ago by Dennis Bareis.

I’m getting a lot of these in the PHP log:

27-Aug-2024 08:14:30 Australia/Melbourne] PHP Warning: session_start(): open(/opt/alt/php83/var/lib/php/session/sess_41ua66kt3iga5pjl0ob8kltv0r, O_RDWR) failed: No such file or directory (2) in /home/wcipporg/public_html/wp-content/plugins/ninjafirewall/lib/utils.php on line 130
[27-Aug-2024 08:14:30 Australia/Melbourne] PHP Warning: session_start(): Failed to read session data: files (path: /opt/alt/php83/var/lib/php/session) in /home/wcipporg/public_html/wp-content/plugins/ninjafirewall/lib/utils.php on line 130

In the dashboard it says:

User session: It seems that the user session set by NinjaFirewall was not found by the firewall script.

Hi there, unfortunately there is a problem with the Ninjaforms-form on my site (protected by Google ReCaptcha V3) after I have enabled NinjaFirewall. There is an error message concerning Google ReCaptcha and the form is not been sent. It tells, I should try again later. I did not change any settings, I have not even enabled the full WAF mode. Do you have any suggestion? I guess an additional spam protection for NinjaForm is necessary even if I use the firewall, right?

Thanks a lot for any advice. Kind regards, Sylva

I’m using NinjaFirewall on about 90 sites. After Update to 4.6 I got Fatal Errors on a 5 sites with this message:
Fatal error: Cannot declare class NinjaFirewall_helpers, because the name is already in use in /xxx/xxx/xxx/aino.betapage.ch/wp-content/plugins/ninjafirewall/lib/class-helpers.php on line 14

Downgrade to 4.5.11 and everything works. There are no specific Plugins or Hosting-Provider on this sites. What is your recommendation to solve this?

Thanks
Gerd

Have you had any reports of a fatal error on update to v.4.6? The update has failed on one site with the following error logged:

[12-Aug-2024 07:24:47 UTC] Automatic updates starting...
[12-Aug-2024 07:24:47 UTC]   Automatic plugin updates starting...
[12-Aug-2024 07:24:47 UTC]     Upgrading plugin 'ninjafirewall'...
[12-Aug-2024 07:24:48 UTC]     Plugin 'ninjafirewall' has been upgraded.
[12-Aug-2024 07:24:50 UTC]     Scraping home page...
[12-Aug-2024 07:24:50 UTC] PHP Fatal error:  Cannot declare class NinjaFirewall_helpers, because the name is already in use in /home/xxxx/public_html/xxxx.xx/wp-content/plugins/ninjafirewall/lib/class-helpers.php on line 14
[12-Aug-2024 07:24:50 UTC] '###### wp_scraping_result_start:4078c5eca0f71757fdb579d39ceab152 ######
{"type":"64","message":"Cannot declare class NinjaFirewall_helpers, because the name is already in use","file":"wp-content\\/plugins\\/ninjafirewall\\/lib\\/class-helpers.php","line":"14"}
###### wp_scraping_result_end:4078c5eca0f71757fdb579d39ceab152 ######
'
[12-Aug-2024 07:24:51 UTC]     The update for 'ninjafirewall' contained a fatal error. The previously installed version has been restored.
[12-Aug-2024 07:24:51 UTC]   Automatic plugin updates complete.
[12-Aug-2024 07:24:51 UTC] Automatic updates complete.

I have tried disabling all other plugins and enabling a Twenty^ theme, but the update still fails with the same error. Another site on the same server has updated to v.4.6 without any issues. There are three issues in Site Health:

An active PHP session was detected
The REST API encountered an error
Your site could not complete a loopback request

But these appear to be browser-cache related, as when I open the back-end in a private browser window, they do not appear in Site Health. If I try to update NinjaFirewall in that same private browser session with no Site Health issues, I again get: “Plugin could not be activated because it triggered a fatal error“.

Hello,

I’ve noticed numerous entries in my log file indicating that Ninja Firewall is blocking access to?admin-ajax.php?due to bot detection being enabled. Interestingly, the blocked IP is actually the IP of the server hosting my website. Here is a sample entry that repeats about 100 times:

06/Aug/24 09:30:02 #3277172 MEDIUM - 85.90.244.229 POST /wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - ivansalloum.com

Does anyone have any insights into what might be causing this issue?

Thanks in advance!

Hi there,

I’m using MainWP to manage several websites. Usually I can just log in to child sites using a button on the MainWP Dashboard but with the Ninja Firewall active, that login is broken on most, however not on all sites. Nothing is written to logs, no indication as to why it’s not working or which rule is broken.

Do you have any idea what’s happening here? The MainWP Dashboard plugin can be had for here on the repo.

Kind Regards!

Edit:

I’ve tried just about any possible combination of settings (Login Protection on and off, Bot protection on and off, etc..) and only disabling the Firewall entirely solves the issue.

can I check whether your WAF interferes ie breaks end to end encryption between browser and server or not?

if yes, does it re-encrypt?

Hello Support Team,

I am experiencing an issue with my WordPress site that involves a conflict between NinjaFirewall and Easy Digital Downloads. Specifically, whenever NinjaFirewall is enabled, the Easy Digital Downloads cart appears empty after attempting to add a product.

Add to cart > Login > Redirect back to Cart > “Empty Cart Error”.

This issue is resolved only when NinjaFirewall is deactivated.

Here are the steps I’ve taken to diagnose the problem:

1. I checked the firewall logs but found no relevant entries related to this issue.
2. I tested for JavaScript conflicts using the browser’s developer tools but did not identify any specific errors.
3. I reviewed and adjusted the advanced settings in NinjaFirewall, particularly those related to session handling and cookies.
4. I disabled all other plugins and switched to a default WordPress theme to rule out other conflicts. The issue persisted under this minimal configuration.

Given these steps, it appears that the conflict is specifically between NinjaFirewall and Easy Digital Downloads.

Could you please assist me in resolving this issue? Any guidance or suggestions would be greatly appreciated.

Thank you for your support.

Hi,

Which setting in the firewall can we prevent showing the username in the page source of a Post?

Regards,

Ed

Hi there, I would like to know if Ninja Firewall protects both wp-login.php and custom login URL. I have websites that have All In One WP Security plugin or Solid Security plugin installed with custom login URL enabled.

Can I still install Ninja Firewall on top of the existing security plugins mentioned? Will there be an overlap??

I use REST API on my resources via JWT Authentication for WP-API plugin (Enrique Chavez). I followed all the instructions of the plugin, added a line in wp-config.php “define(‘JWT_AUTH_SECRET_KEY’, ‘your-top-secret-key’);”

I get the token without any problems!

For security settings, I’m using the NinjaFirewall (WP Edition) plugin (free).

When I send a content update request via RESTAPI (post,patch,put) I get the following error: 403

Log: 6558685 CRITICAL 115 my_IP PATCH /index.php – Cross-site scripting – [RAW:PATCH = {“content”: “<p style=\”font-size:18px…..

I work via token as admin if I enable Debugging mode (Firewall Options) the log:” 2947131 DEBUG_ON 115 my_IP PATCH /index.php – Cross-site scripting – [RAW:PATCH = {“content”: “<p style=\”font-size:18px\”

But the post is updated, the request passes. How can I fix it?

• This topic was modified 4 months, 3 weeks ago by adrews1.

Hi, when i try to log in, i just need to type charaters that appears. Once i do it, its just show another characters and nothing happend and it go multiple times