Integration with WP Engine

  • afjp

    (@afjp)


    1 month, 2 weeks ago

    I’m getting 0 blocks and nothing in log, a few days after enabling the plugin. I have firewall enabled with default settings on a WP Engine site. There is enough bot traffic on the site that I would have expected to accumulate something in logs by now.

    I get this alert next to CDN detection: HTTP_CF_CONNECTING_IP detected: you seem to be using Cloudflare CDN services. Ensure that you have setup your HTTP server or PHP to forward the correct visitor IP, otherwise use the NinjaFirewall .htninja configuration file.

    I create a .htninja file in the root directory (same as wp-config.php) and add the snippet as per the support docs:

    if (! empty($_SERVER["HTTP_CF_CONNECTING_IP"]) && 
        filter_var($_SERVER["HTTP_CF_CONNECTING_IP"], FILTER_VALIDATE_IP)) {
        $_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
    }

    My file does appear next to “Optional configuration file”. But I still get no blocks and nothing in log. The CDN detection error is still appearing.

    Any advice to make the plugin work on WP Engine?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Contributor bruandet

    (@bruandet)

    1 month, 1 week ago

    Can you run the troubleshooter script: https://nintechnet.com/share/wp-check.txt

    1. Rename the file to “wp-check.php”.
    2. Upload it into your WordPress root folder.
    3. Go to https://YOUR WEBSITE/wp-check.php
    4. Delete it afterwards.

    Thread Starter afjp

    (@afjp)

    1 month, 1 week ago

    @bruandet, here it is, thanks for checking:

    NinjaFirewall (WP edition) troubleshooter

    HTTP server : nginx

    PHP version : 8.2.29

    PHP SAPI : FPM-FCGI

    auto_prepend_file : /usr/local/share/auto_prepends/auto_prepends.php

    Loader's path to firewall : Cannot find the path!

    wp-config.php : found in /nas/content/live/[redacted]/wp-config.php

    NinjaFirewall detection : NinjaFirewall WP Edition is loaded (WordPress WAF mode)

    Loaded INI file : /etc/php/8.2-zend/fpm/php.ini

    user_ini.filename : none

    user_ini.cache_ttl : 300 seconds

    User PHP INI : .user.ini found -

    DOCUMENT_ROOT : /nas/content/live/[redacted]

    ABSPATH : /nas/content/live/[redacted]/

    WordPress version : 6.8.3

    WP_CONTENT_DIR : /nas/content/live/[redacted]/wp-content

    Plugins directory : /nas/content/live/[redacted]/wp-content/plugins

    User Role : Administrator

    User Capabilities : manage_options: OK - unfiltered_html: OK

    Log dir permissions : /nas/content/live/[redacted]/wp-content/nfwlog dir is writable

    Cache dir permissions : /nas/content/live/[redacted]/wp-content/nfwlog/cache dir is writable

    Configuration & Rules :

    * Options: found

    * Rules: found

    NinjaFirewall (WP edition) troubleshooter v1.10
    Plugin Contributor bruandet

    (@bruandet)

    1 month, 1 week ago

    It is loaded.
    Is /usr/local/share/auto_prepends/auto_prepends.php your own file or WP Engine’s?

    Can you try to trigger the firewall by accessing your site from another browser or a private tab (you must not be logged in as an admin) at this URL: https://your-site.com/?test=%00

    1. Do you see the firewall message that you are blocked?
    2. Is there anything in the firewall’s log?

    If there’s nothing in the log, can you try to enable WordPress debugging and try again:

    1. Edit your wp-config.php
    2. Search for:
      define('WP_DEBUG', false);
    3. Replace with:
      define('WP_DEBUG', true);
    4. Add this line below:
      define( 'WP_DEBUG_LOG', true );

    The log (if any) will be saved to /wp-content/debug.log.

    Thread Starter afjp

    (@afjp)

    1 month, 1 week ago

    1. auto_prepends.php is not my file, it must be coming from WP Engine.
    2. When visiting /?test=%00, I do see the firewall message, including incident number. The firewall log at NinjaFirewall > Logs > Firewall Log is still empty. I do see an alert now at the top of the page saying that I should change permission of firewall_2025-11.php and its parent directory to 0777. When I attempt to do so using an SFTP client, I get “permission denied”. The log file is currently set to 664, and the nfwlog directory is set currently set to 755. The content of the firewall_2025-11.php file is <?php exit; ?>, nothing else.
    3. I have enabled logging. The only log messages I see are some php deprecation warnings for some plugins. There isn’t anything that appears to relate to the firewall.
    Plugin Contributor bruandet

    (@bruandet)

    1 month, 1 week ago

    Could it be due to some WP Engine restrictions ?
    You can try to change the firewall log/cache folder to the wp-content/uploads/ directory by following those instructions: https://blog.nintechnet.com/ninjafirewall-wp-edition-the-htninja-configuration-file/ ( scroll down to Path to NinjaFirewall’s log and cache directory );

    Thread Starter afjp

    (@afjp)

    1 month, 1 week ago

    I added define('NFW_LOG_DIR', '/nas/content/live/[redacted]/wp-content/uploads/htninja/'); in addition to the HTTP_CF_CONNECTING_IP code in .htninja.

    I now see files in /wp-content/uploads/htninja/nfwlog. I took screenshots of the contents but can’t seem to upload images into the comment here, so they are in my dropbox: 1, 2, 3.

    I also notice now that the same structure exists in /wp-content/nfwlog, so perhaps that step wasn’t necessary.

    In the live log, I see a lot of doing_wp_cron and an admin_ajax. I don’t recall having anything showing up in live log last I checked, so this may be progress? The Firewall Log is still empty even after visiting /?test=%00. Blocked threats is still 0.

    Anything else I can try?

    Plugin Contributor bruandet

    (@bruandet)

    1 month, 1 week ago

    /wp-content/nfwlog was the default log/cache folder.
    The new folder shows all files, including session files. Live Log temporarily stores its data in that folder too and it seems to be working.
    If you log out and log in back again, do you see the event in the firewall log (something like ....POST /wp-login.php - Logged in user…)?

    Thread Starter afjp

    (@afjp)

    1 month, 1 week ago

    I’ve logged out and logged back in and still nothing appears at all in the log. > The selected log is empty.

    Plugin Contributor bruandet

    (@bruandet)

    1 month, 1 week ago

    Live Log is handled by the firewall, just like the firewall log. The login event is written to the log by the plugin.
    The fact that everything works except the log is weird. I can’t figure out what could be the problem.
    You checked the file permissions over SFTP, but could you check the file ownership too?

Viewing 9 replies - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.