rockstaremperor

Thanks for your advice. I deactivated all security plugins and it worked. Now, all pages are Cached. I will check later which plugin was blocking.

BTW, when testing my website on Google Pagespeed, the Desktop result says No Data (Core Web Vitals Assessment is Failed) – https://pagespeed.web.dev/analysis/https-www-workmoneyfun-com/b8wnsfl2jq?form_factor=desktop
However, when testing the cached link (from Fastpixel test website) of my website on Google Pagespeed, the Desktop result says “Core Web Vitals Assessment:?Passed” – https://pagespeed.web.dev/analysis/https-test-fastpixel-io-cached-www-workmoneyfun-com/aqmjcm5o8e?form_factor=desktop

Since, the plugin is working now and all the pages have Cached status, why the Pagespeed result for direct website URL is not showing passed CWV but the cached version of my website on Fastpixel test page is showing passed CWV? Please suggest if I need to tweak any other settings to get the passed CWV.

Yes, I am also experiencing sudden increase of spam comments. This plugin was working perfectly but since last few months, getting lots of spam comments. Updated to the latest version but still receiving spam comments.

Earlier, when I deactivated Jetpack, only then Customize page displayed. But it automatically worked now. Thanks!

Scanning displayed only 1 result for session_start string on Home only – https://imgur.com/a/cKKdUdI

I just did a thorough search in database and deleted all Wordfence leftovers and a few other old leftover entries from other plugins there and now the problem is solved, and I can edit the scripts.

Here is the list.

View post on imgur.com

I disabled other security plugins and tried but still same error.

#2340300  CRITICAL   115  POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com
#3866804  CRITICAL   115  POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com
#3942896  CRITICAL   115  POST /wp-admin/admin-ajax.php - Cross-site scripting - [POST:customize_changeset_data = {"genesis-settings[footer_text]":{"value":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"...] - www.workmoneyfun.com

I was using Wordfence earlier and have completely uninstalled it few days back. Just now I uninstalled Ninja too and reinstalled Ninja. Then following the article above, I added administrator user in wp-config and got green NF in WordPress dashboard admin bar. After this, tried again to edit Footer script but again same error. And here is the log:

22/Nov/22 07:50:16  #2159749  CRITICAL   115     POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com
22/Nov/22 07:50:22  #6348150  CRITICAL   115     POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com

I am the admin and I have set default settings in Ninja. I just tried again to edit Footer but still got the same block error. Following is logged in Ninja:

22/Nov/22 01:41:57  #1648678  INFO         -     POST /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://www.workmoneyfun.com/wp-admin/customize.php?return=%2Fwp-admin%2Fplugins.php%3Fplugin_status%3Dall%26paged%3D1%26s] - www.workmoneyfun.com
22/Nov/22 01:42:20  #6935309  CRITICAL   115     POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com
22/Nov/22 01:42:33  #2696762  CRITICAL   115     POST /wp-admin/admin-ajax.php - Cross-site scripting - [POST:customize_changeset_data = {"genesis-settings[footer_text]":{"value":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"...] - www.workmoneyfun.com
22/Nov/22 01:42:45  #5295015  CRITICAL   115     POST /wp-admin/admin-ajax.php - Cross-site scripting - [POST:customize_changeset_data = {"genesis-settings[footer_text]":{"value":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"...] - www.workmoneyfun.com

Site’s htaccess has following codes for security:

# Protect wp-config.php
<Files wp-config.php>
	Order Allow,Deny
	Deny from all
</Files>

</IfModule>
<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>

<IfModule LiteSpeed>
Options All -Indexes
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header append X-FRAME-OPTIONS "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Xss-Protection "1; mode=block"
Header set Content-Security-Policy "upgrade-insecure-requests"
Header set Referrer-Policy "same-origin"
Header always set Permissions-Policy "geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);"
Header set X-Permitted-Cross-Domain-Policies "none"
ForceSecureCookie httponly secure same_site_none
ServerSignature Off
ServerTokens Prod
Header always unset "X-Powered-By"
Header unset "X-Powered-By"
</IfModule>

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
	order deny,allow
	deny from all
</Files>

Ninja Firewall dashboard displays as:

Firewall Dashboard
Firewall	Enabled
Mode	NinjaFirewall is running in Full WAF mode.

Edition	WP Edition ~ Need more security? Explore our supercharged premium version: NinjaFirewall (WP+ Edition)
Version	4.5.4 ~ Security rules: 2022-11-21.2
PHP SAPI	LITESPEED ~ 8.1.12
Admin user	username : You are whitelisted by the firewall.
User session	It seems that the user session set by NinjaFirewall was not found by the firewall script.
Help & configuration	Securing WordPress with NinjaFirewall (WP Edition)

• This reply was modified 1 year, 11 months ago by rockstaremperor.

I replaced with the above code and I haven’t had the auto disabling code snippet occurring for the last 12 hours. So I guess it worked. Thanks for the help.

Thanks, it solved the cache plugin configuration. However, when editing Header/Footer scripts, I am getting the same error above. Now how do I solve this one?

Is there any easy preset for non-technical person to just install Ninja and does not have to face any above or other errors? Before Ninja, I was using Wordfence and I never faced any such errors.

This is the PHP error I am getting

PHP Warning: Undefined array key "blogger" in /home/lsudlknf/public_html/wp-content/plugins/insert-headers-and-footers/includes/class-wpcode-snippet-execute.php(260) : eval()'d code on line 10

Each time I activate the code snippet, it automatically deactivates the code snippet itself.

When I am using this code snippet in Code Snippets plugin, it too generates the same PHP error but the code snippet functions fine. Only in this plugin, code snippet is disabled automatically.

• This reply was modified 1 year, 11 months ago by rockstaremperor.

Well, ip problem is solved now after configuring a setting in Litespeed server. But I cannot still add header/footer script nor modify cache plugin settings in WordPress dashboard. Each time, I am getting the above error.

I did not understand. Where do I check?
Above is a Redirection code from Blogger to WordPress and the redirection is working fine without problem. Error is reported in Error Log only.

• This reply was modified 1 year, 11 months ago by rockstaremperor.

How?

Would it be possible to take a look at the PHP error log maybe that provides more info on the source of the error?

Where do I get this PHP error log?

I just filled the From field as
From: [NAME] <[EMAIL]>

Problem solved. Thanks!