MainWP Login broken by Ninja Firewall

  • Resolved SVT

    (@magictrashcan)


    4 months ago

    Hi there,

    I’m using MainWP to manage several websites. Usually I can just log in to child sites using a button on the MainWP Dashboard but with the Ninja Firewall active, that login is broken on most, however not on all sites. Nothing is written to logs, no indication as to why it’s not working or which rule is broken.

    Do you have any idea what’s happening here? The MainWP Dashboard plugin can be had for here on the repo.

    Kind Regards!

    Edit:

    I’ve tried just about any possible combination of settings (Login Protection on and off, Bot protection on and off, etc..) and only disabling the Firewall entirely solves the issue.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Did you enable one or more policies in the “Firewall Policies > Advanced Policies > HTTP response headers” section? By default, all of them are disabled.
    Did you enabled the “Firewall Policies > Basic Policies > WordPress AJAX > Protect admin-ajax.php against bots” policy? If it is enabled and MainWP needs to access it, it could be blocked.

    Thread Starter SVT

    (@magictrashcan)

    Hi there,

    thanks for the hint, it was indeed one of the headers!

    Force SameSite flag on all cookies to mitigate CSRF attacks

    Was: SameSite=Strict
    Works with: SameSite=Lax

    Thanks again!

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.