• Resolved Raúl González

    (@ragose)


    Hello,

    I have a problem with your plugin and themes.

    Very much themes have the option to add custom css or custom code to insert in the head or footer, for example, javascript of Analitycs.

    When i insert the code and save, i received an message, because is blocked by NF.

    In the NF log say:

    high POST /wp-admin/options.php – XSS (document object)

    Can you help me please?
    Can i enable this option in any way?

    Congratulations for Ninja Firewall.

    Regards.

    https://www.ads-software.com/plugins/ninjafirewall/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    There are two possibilities:

    1. Your are the admin: ensure that you are whitelisted. Check in the Overview page to see if there is any warning. Also, in the Firewall Policies page, scroll down to the bottom of the page and ensure that the “Do not block WordPress administrator (must be logged in)” option is set to “Yes”.

    2. You are not the admin: the free edition of NinjaFirewall does not offer the option to whitelist users based on their role. In that case, you can disable the rule that blocks you. Log in to the WP dashboard as an admin, go to “NinjaFirewall > Rules Editor”, select rule #105 and click “Disable it”.

    Thread Starter Raúl González

    (@ragose)

    Hello,

    Thanks for your quick response.
    About the plugin version, this week I’ll buy the Pro versión for the spam function.
    In my case, I have installed in a multisite with some sites.
    I want the other sites administrators (not the super administrator for the network) can insert this type of codes.

    I realized a test and I can’t be inserted in text widgets. I think is the same problem.

    Regards.

    Plugin Author nintechnet

    (@nintechnet)

    Disable the rule 105, that will allow anyone (including administrators) to insert that HTML code.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Problem with theme’ is closed to new replies.