nintechnet

Click on the “Logs” tab, and scroll to the HTTP response log: what do you see?

Can you download the log and open it with your text editor to check its content? It should have 12 similar fields per line, each enclosed in [ and ]:

[10 digits] [1 or more digits] [domain.com] [#+7 digits] [1 digit] [1 digit] [IP address] [3 digits] [GET/POST] [URI] [threat info] [threat detail (hex-encoded)]

Not yet because it crashes some sites, and some users reported some odd issues that I can’t reproduce. I hope we can release a new version soon.

It looks like your log is corrupted.
Can you try to rename the current log file over FTP, then log out and log in back to WordPress, go back to NinjaFirewall > Logs and check if you see the log content (it should display that you have logged in)?

The problem is not the website certificate, but the firewall’s.
Here are its 3 chained certificates:

depth=1 CN = WatchGuard Certificate Authority, O = Parr Lumber
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=1 CN = WatchGuard Certificate Authority, O = Parr Lumber
verify return:1
depth=0 CN = 38.142.109.178, O = Parr Lumber
verify return:1

As you can see, the first one is self-signed and that’s the reason why cURL stops processing the request.

We are aware of the issue and that’s the reason why we rolled back to version 4.7 last week. Keep that version, we’ll push an update in the next few days.

The file name is .htninja , not .htaccess. The .htaccess.ninja1731118484 you see is a backup of your original .htaccess . If your site works as expected, you can delete that backup file.
The .htninja file is a PHP file. Just paste the above code into it.

Yes it is: the firewall returns a message, but because its SSL certificate is self-signed, it is not displayed. Instead, cURL (or even a browser) stops immediately because of the invalid certificate.
Code Profiler must access the wp-admin/admin-ajax.php endpoint, so make sure your firewall allows your server to connect to itself.
You can go to “Tools > Site Health” to make sure there’s no other error on your WordPress installation too.
Also, check with your admin if they can install a valid certificate for the firewall so that users will know why there are blocked.

You can use the .htninja optional script: https://blog.nintechnet.com/ninjafirewall-wp-edition-the-htninja-configuration-file/

<?php
/*
 +===========================================================================================+
 | NinjaFirewall optional configuration file                                                 |
 |                                                                                           |
 | See: https://blog.nintechnet.com/ninjafirewall-wp-edition-the-htninja-configuration-file/ |
 +===========================================================================================+
*/

$ip_array = ['23.88.6.90' , '136.243.103.55' , '176.9.77.187', '5.161.48.189'];
if ( in_array( $_SERVER["REMOTE_ADDR"], $ip_array ) ) {
   define('NFW_UWL', true);
   return 'ALLOW'; // whitelist
}

When the profiler tries to connect to admin-ajax.php, the connection is refused.
Your site is not secure. Here’s the error I receive when connecting to it:

curl: (60) SSL certificate problem: self-signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Even my browser refuses to access it:

net::ERR_CERT_AUTHORITY_INVALID
its security certificate is not trusted by your computer’s operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.

You need to use a valid SSL certificate and removed the self-signed one.

You had too many connections to your site and the DB couldn’t handle them. Check your DB configuration and tweak it to allow more traffic or, if that traffic was malicious (bot), try to block it.

• This reply was modified 3 months, 1 week ago by nintechnet.

Thanks for reporting the issue. I can reproduce it.
I downgraded it to 4.7, you can download it here: https://downloads.www.ads-software.com/plugin/ninjafirewall.4.7.zip

Update to version 4.7.1, which was released today.

We are aware of that, we’ll fix it in the next release. In the meantime, there’s no need to worry about it because it’s just a notice, not a warning or error.

That’s how WordPress scheduler works: every N day/hour/minute from the activation day/hour/minute. It’s all based on UTC timestamp and intervals. You can’t change that, and that’s probably a good thing because if you could, you would likely lose one hour of data during the DST change.