Posted a reply to Alerts of Security Risk w/ Yoast SEO, asking impossible update, on the site WordPress.org Forums:
No worries, it seems to be a false positive because the release was reverted. You…

Posted a reply to Google Recaptcha blocked, on the site WordPress.org Forums:
Open your browser's console and paste here the error message that explains what it is…

Posted a reply to HTTP response headers, on the site WordPress.org Forums:
Are you using a caching plugin or a CDN? If you are, flush the cache…

Posted a reply to Google Recaptcha blocked, on the site WordPress.org Forums:
If you need to allow *.google.com, you can try: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com *.youtu.be…

Posted a reply to Google Recaptcha blocked, on the site WordPress.org Forums:
According to the ReCaptcha FAQ: script-src https://www.google.com/recaptcha/, https://www.gstatic.com/recaptcha/ frame-src https://www.google.com/recaptcha/, https://recaptcha.google.com/recaptcha/

Posted a reply to Compatible with Wordfence?, on the site WordPress.org Forums:
I can't really say because I have never tried. I guess that in most cases…

Posted a reply to Fatal error on login after 4.5.4 update, on the site WordPress.org Forums:
It looks like the Better Notifications for WP plugin makes use of the str_contains function.…

Posted a reply to 7.2 Error, on the site WordPress.org Forums:
Thanks for reporting the issue. Version 4.5.4 (WP and WP+) was just released, please update.…

Posted a reply to Error: cannot find your wp-config.php file, on the site WordPress.org Forums:
You can give the full path (absolute path) to the wp-config.php by adding it to…

Posted a reply to HTTP response headers, on the site WordPress.org Forums:
That's odd. You can try to use a Unix terminal to check them. For instance,…

Posted a reply to Confirming .htaccess precedence over Full WAF mode, on the site WordPress.org Forums:
That's correct, the order is: HTTP server -> .htaccess -> PHP interpreter -> NinjaFirewall ->…

Posted a reply to custom header (CSP Report Only) not possible?, on the site WordPress.org Forums:
I forgot to add a call to the stripslashes function. WordPress always escapes quotes. The…

Posted a reply to Translation not working, on the site WordPress.org Forums:
Did you try to remove all HTML code from the whole string? In the next…

Posted a reply to Translation not working, on the site WordPress.org Forums:
I'm not familiar with Loco Translate, I'm afraid. There's some HTML code in that string,…

Posted a reply to Full WAF mode on, on the site WordPress.org Forums:
Did you check your error logs (PHP and HTTP)? Maybe you have an application or…

Posted a reply to Ninja Firewall blocks duplicator pro backup, on the site WordPress.org Forums:
That's correct, just create a .htninja file in your WordPress root folder and add this…

Posted a reply to Ninja Firewall blocks duplicator pro backup, on the site WordPress.org Forums:
This policy is used to block bots or scripts, hence it blocks your backup script.…

Posted a reply to What happens when activating FullWAF?, on the site WordPress.org Forums:
Yes, it does.

Posted a reply to What happens when activating FullWAF?, on the site WordPress.org Forums:
All options are kept (firewall, rules, login protection, email address(es)), except File Check options which…

Posted a reply to Does “DISALLOW_FILE_MODS” also auto-pdates?, on the site WordPress.org Forums:
Automatic updates will be disabled too. I'm not sure about WPML, maybe it downloads its…

Posted a reply to Force HTTPS for admin and logins – always disabled, on the site WordPress.org Forums:
The reason is because you are connected over HTTPS, WordPress set the FORCE_SSL_ADMIN to true,…

Posted a reply to Fatal error: the HTTP server returns a [500 Internal Server Error] HTTP code. Ab, on the site WordPress.org Forums:
Can you temporarily enable debugging in WordPress and see if there's anything written to the…

Posted a reply to Recurring error, on the site WordPress.org Forums:
Yes it is, because constants and variables are case-sensitive. Keys are secret, hence they must…

Posted a reply to Recurring error, on the site WordPress.org Forums:
AUTH_KEY is a constant defined in your wp-config.php. Can you check if you see it?…

Posted a reply to Giphy inclusion in bbpress forum posts causing critical error, on the site WordPress.org Forums:
In the free version of NinjaFirewall, you cannot ask the firewall to ignore the POST:bbp_media_gif…

Posted a reply to Lots of HTTP_USER_AGENT: Not A;Brand, on the site WordPress.org Forums:
It's just a notice. Someone's connecting to your site using a misconfigured script or application.…

Posted a reply to Giphy inclusion in bbpress forum posts causing critical error, on the site WordPress.org Forums:
It is blocked by rule #119, which is used to detect JS events (onmouseover, onclick…

Posted a reply to Can’t activate Full WAF mode on Litespeed server, on the site WordPress.org Forums:
You can delete them, they are backup files.

Posted a reply to Wrong from email for file guard notifications, on the site WordPress.org Forums:
The reason is because File Guard's emails are sent by the firewall before WordPress loads,…

Posted a reply to How to Block URL Path containing “.php”, on the site WordPress.org Forums:
If you block $_SERVER['REQUEST_URI'] in the .htninja, that won't block someone accessing / and GET…

Posted a reply to “Access” shown instead of “Permissions”, on the site WordPress.org Forums:
Thanks, I'll make the correction in the next version.

Posted a reply to Сканирование зависает на 2 шаге, on the site WordPress.org Forums:
Enable debugging in WordPress and check if there's anything written to the PHP error log:…

Posted a reply to [NSFW] Cannot retrieve user rules from database (#4), on the site WordPress.org Forums:
Download this script: https://nintechnet.com/share/wp-db.txt 1. Rename it to "wp-db.php". 2. Upload it into your WordPress…

Posted a reply to How to Block URL Path containing “.php”, on the site WordPress.org Forums:
If you use the "Access Control > URL address" blacklist, it will apply to $_SERVER['SCRIPT_NAME']…

Posted a reply to “Access” shown instead of “Permissions”, on the site WordPress.org Forums:
It should read "Access Mode", but "Permissions" would be fine too.

Posted a reply to Block requests that bypass cloudflare ?, on the site WordPress.org Forums:
I answered your question in a separate ticket.

Posted a reply to Cant edit site with oxygen builder, on the site WordPress.org Forums:
There must be a JavaScript onXXXXXX event (onClick etc) in the payload and the firewall…

Posted a reply to How to Block URL Path containing “.php”, on the site WordPress.org Forums:
This code would block '.php' in all URL: <?php if ( strpos( $_SERVER['REQUEST_URI'], '.php' )…

Posted a reply to NFW installed on TLD. Also required on subdomain?, on the site WordPress.org Forums:
You would need to install it on each running instance of WordPress, including subdomains, unless…

Posted a reply to [NSFW] Unblock users, on the site WordPress.org Forums:
Can you go to the "NinjaFirewall > Logs" page, search for the incident #2225131 in…

Posted a reply to Requested changes seemed to crash your blog, on the site WordPress.org Forums:
Did you check your error logs (PHP and HTTP)? Maybe you have an application or…

Posted a reply to Rate limit for search bars ?, on the site WordPress.org Forums:
There's no rate limit option for blog search bar and WooCommerce search in NinjaFirewall, I'm…