Breaks WP-WebAuthn plugin | ww.wp.xz.cn

Resolved 2haas
(@2haas)

2 years, 9 months ago
The option “Protect admin-ajax.php against suspicious bots” appear to break Passkey-based login using the WP-WebAuthn plugin. The login form instantly shows “Auth failed”. In the browser’s Developer Tools I can see that this XHR request leads to a 404:
```
https://example.org/wp-admin/admin-ajax.php?action=wwa_auth_start&user=&type=auth
```
NinjaFirewall logs:
```
POST /wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - example.org
```
Is NinjaFirewall overblocking here or have I configured it incorrectly?

Viewing 1 replies (of 1 total)

Plugin Author nintechnet
(@nintechnet)

2 years, 9 months ago

If the application doesn’t send any proper HTTP headers (charset, encoding, language etc), it is detected as a bot/script and thus is blocked.
You will need to disable that policy, I’m afraid.

Viewing 1 replies (of 1 total)

The topic ‘Breaks WP-WebAuthn plugin’ is closed to new replies.

1 reply
2 participants
Last reply from: nintechnet
Last activity: 2 years, 9 months ago
Status: resolved