NFW blocking all CSS and JS in admin every other page load

Hi

Did you check the firewall log (“NinjaFirewall > Firewall Log”)?

If there is nothing in the firewall log, did you enable or modify some of the “NinjaFirewall > Firewall Policies > HTTP response headers” options?

Nothing in the firewall log seems seems to be responsible:

09/Mar/17 23:07:47  #3726096  info         -  [redacted IP]  POST /wp-login.php - Logged in user - [TheMeerkat (administrator)] - monochromaticrp.com
09/Mar/17 23:13:12  #3983253  info         -  [redacted IP]  GET /wp-admin/plugins.php - Plugin deactivated by TheMeerkat - [Name: login-security-solution/login-security-solution.php] - monochromaticrp.com
09/Mar/17 23:13:30  #8933896  info         -  [redacted IP]  GET /wp-admin/plugins.php - Plugin deactivated by TheMeerkat - [Name: login-security-solution/login-security-solution.php] - monochromaticrp.com
10/Mar/17 02:46:23  #8010085  info         -  [redacted IP]  GET /wp-admin/plugins.php - Plugin deactivated by TheMeerkat - [Name: php-compatibility-checker/wpengine-phpcompat.php] - monochromaticrp.com
10/Mar/17 03:45:27  #8742236  info         -  [redacted IP]    GET /wp-admin/plugins.php - Plugin deactivated by TheMeerkat - [Name: bbp-style-pack/bbp-style-pack.php] - monochromaticrp.com
10/Mar/17 03:52:34  #2664687  info         -  [redacted IP]    GET /wp-admin/plugins.php - Plugin deactivated by TheMeerkat - [Name: bbp-toolkit/bbp-toolkit.php] - monochromaticrp.com
10/Mar/17 07:49:07  #2147020  medium     306  [redacted IP] GET /index.php - Bogus user-agent signature - [SERVER:HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.5;Windows NT)] - monochromaticrp.com
10/Mar/17 12:31:25  #4886215  info         -  [redacted IP]  POST /wp-login.php - Logged in user - [TheMeerkat (administrator)] - monochromaticrp.com

And it still happens resetting everything under “HTTP response headers” to the default, aside from Strict‐Transport‐Security.

It could be due to a PHP error, which could force HTTP headers to be sent earlier and could mess with the layout of the page.

Try to enable WP_DEBUG in your wp-config.php file and check for any error message: https://codex.www.ads-software.com/Debugging_in_WordPress#WP_DEBUG

The only PHP error on broken admin pages is:
Notice: ob_end_flush(): failed to send buffer of zlib output compression (0) in /home/public/wp-includes/functions.php on line 3719
… but it appears on the homepage and non‐broken admin pages as well.

Can you solve that issue? Here are some links:
https://www.ads-software.com/support/topic/notice-ob_end_flush-failed-to-send-buffer-of-zlib-output-compression/
https://wordpress.stackexchange.com/questions/70594/ob-end-flush-error-when-using-wpdb-in-plugin

Afterwards, we’ll know if that is the reason why your pages are all messed up.

I added the following to my theme’s functions.php:

remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 );

This removed that error, and no others are being produced anywhere on the site, whether backend or frontend (as far as I can tell). The problem in my original post remains.

Can you try to disable your plugins one by one to see if one of them could conflict with NinjaFirewall?
You may try also to switch your current theme to see if there’s any conflict with it.

Theme has already been changed many times, and no plugin deactivation helped the issue. Sorry. ??

I saw you asking others to post wp-check.php results here, so here’s mine:
https://i.imgur.com/zQcodkj.png

Is this your server or a shared account? The PHP $SERVER[“DOCUMENT_ROOT”] variable is not defined. You would need to fix that or to ask your host about it.

DOCUMENT_ROOT on my host is always set: https://php71.nfshost.com/
There shouldn’t really be anything my simple WordPress site is doing to intentionally un‐set it.

It is returned by the Superglobal, but not the PHP getenv() function.

Could you send me the dashboard HTML page so that I could check its code for error?
You would need to:
-Click on ‘View Source’.
-Select ‘Save’ and, preferably, select “Webpage Complete” if possible.
-Zip those files and send them to contact () nintechnet () com.

Make sure to select a WordPress dashboard page that does no contain confidential info, such as “Tools > Available Tools”.

Add the URL of this discussion to the body of you email.

Sent.

I didn’t find anything wrong (no differences between the broken and working dashboard) .

Do you face that problem when you are logged in as an admin only, or as a subscriber (or another role) as well?

• This reply was modified 7 years, 11 months ago by nintechnet.

I asked a user to refresh a couple of times, and it is not occurring for them.

Can you try to uninstall and reinstall NinjaFirewall? You can first export your configuration from the “Firewall Options” menu, then reimport it afterwards (except “File Check”, you will need to reconfigure as it cannot be exporte/imported).