Message with warning although I am logged in as administrator

Can you check in the “NinjaFirewall > Dashboard” page that you are whitelisted by the firewall and that there’s no error related to that and to PHP sessions?

Thanks for answer.
yes, I had indeed already checked that:

I just logged into the website on another browser to rule out that there is an issue with the cookies. Also there I got a corresponding mail after changing a post.

Under “View error log” I see the following entry for each day:
[11/Dec/21:14:55:19 +0000] Error : directory is not readable.
But I see this entry in the error log also on another website, where the issue does not occur.

Addendum: I just logged in with a different account as administrator. There I get the same issue.

• This reply was modified 2 years, 11 months ago by Hans-Gerd Gerhards.

Did you check the firewall’s log to see which request was caught by the firewall? You can also see that request (with all params) in the PHP backtrace that was attached to the email message you received.

Which editor are you using?

The error log message is not related to your issue.

I use the block editor.
Very interesting: I just changed another much shorter post. There this message did not come by mail. So it seems to be related to specific posts that are particularly long and frequently updated.
Entry in firewall’s log:
12/Dec/21 08:52:33 #3039554 CRITICAL – 185.30.32.xxx POST /wp-cron.php – WordPress: Blocked post/page edition attempt – [post_content: <!– wp:heading –>%0a<h2 id=\”htoc-impfungen\”>Impfungen und Impfstellen in der St%c3%a4dteregion xxx</…] – xxx.de
[Highlighting (bold and italic) in the entry by me]
We use the Heroic Table of Contents plugin in this post. Could it perhaps be that special characters (german ?) in the table of contents that is automatically generated is causing the issue?

I just tested this on a development environment. It is indeed due to the plugin Heroic Table of Contents.
If the HTOC block provided by the plugin is used, then this mail ([NinjaFirewall] Blocked post/page edition attempt) is sent even though the change is made.
It obviously has nothing to do with German special characters

• This reply was modified 2 years, 11 months ago by Hans-Gerd Gerhards.

Apparently, NinjaFirewall is correct: you have an application that makes change to a post, but it is not authenticated as the author of that post, thus it triggered the protection. The modification is done by a scheduled task (WP Cron).
The simplest thing to do would be to whitelist your server IP (185.30.32.xxx) with the .htninja script:

<?php
/*
 +===========================================================================================+
 | NinjaFirewall optional configuration file                                                 |
 |                                                                                           |
 | See: https://blog.nintechnet.com/ninjafirewall-wp-edition-the-htninja-configuration-file/ |
 +===========================================================================================+
*/
if ( isset( $_SERVER['REMOTE_ADDR'] ) && $_SERVER['REMOTE_ADDR'] == '1.2.3.4' ) {
   define('NFW_UWL', true);
   return 'ALLOW';
}

Replace 1.2.3.4 with your server’s IP address.

many thanks. I will check this and get back to you if necessary.