Hi,
Even if you don’t use it anymore, its auto_prepend_file directive is still present in the php.ini (or .user.ini) located in your WordPress root folder. Edit that file and remove the directive, then run NF installer.
Now, it doesn’t want to move past the system configuration page with:
Select your HTTP server and your PHP server API (SAPI) view PHPINFO
Select the PHP initialization file supported by your server
php.ini
Used by most shared hosting accounts.
.user.ini (recommended)
The default PHP INI file since PHP 5.3.0 (more info).
php5.ini
A few shared hosting accounts. Seldom used.
It still just refreshes and resends the email.
That’s odd.
* Do you have another plugin that could mess with the installation process? For example by throwing a PHP warning or notice (that you won’t see unless you look at the HTML source) that will prevent NF from using PHP session because the headers will be sent too early?
* A JS bug? Try to open your browser JS console (CTRL + Shift + J) and check for errors while submitting the form.
This is the error it gave:
[Violation] Forced reflow while executing JavaScript took 30ms
This error doesn’t seem related to your issue.
It looks to me that you’re having problem with cookies. NinjaFirewall uses PHP sessions, and it seems your PHP interpreter cannot find the session cookie and restart a new session, hence the loop.
Can you try to log out and delete all cookies? Or try to install NF from another browser?
That did the trick. Just to clarify, I was using Chrome before and tried Firefox and it went through. While I have you though, could I ask a couple quick questions:
I am getting this message: HTTP_CF_CONNECTING_IP detected: you seem to be using Cloudflare CDN services. Ensure that you have setup your HTTP server or PHP to forward the correct visitor IP, otherwise use the NinjaFirewall .htninja configuration file.
Should I be concerned, or how should I go about fixing?
Second:
I now have this, free Sucuri, and free Cloudflare. Is it ok to get rid of Sucuri? I don’t want to have anything redundant/fattening, but I don’t know if this will leave me vulnerable. Thanks!
If you are using Cloudflare, you need to create a “.htninja” file ( https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja ) and upload it to your WordPress root folder:
<?php
/*
+====================================================================+
| NinjaFirewall optional configuration file |
| |
| See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
+====================================================================+
*/
// Users of Cloudflare CDN:
if (! empty($_SERVER["HTTP_CF_CONNECTING_IP"]) &&
filter_var($_SERVER["HTTP_CF_CONNECTING_IP"],FILTER_VALIDATE_IP)) {
$_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
I don’t think the free Sucuri plugin includes a web application firewall and a real-time protection.
That worked. Thanks!
What kind of security setup would you recommend? Is my combo sufficient without Sucuri?
I recommend to check our Securing WordPress with NinjaFirewall article, because it contains all info you’ll ever need to tweak it. Unless you see a plugin that does things that NinjaFirewall doesn’t, I don’t really recommend to install any other security plugin.
