Hi,
It is installed in the /wp-content/plugins/ninjafirewall/ folder.
If you cannot use a php.ini, you can try to select .user.ini instead. Unlike php.ini files, PHP does not reload them immediately. After clicking on the “Test NinjaFirewall” button, if you are sent back to the welcome screen, just wait max. 5 minutes to ensure PHP will load the new INI file.
This really depends on your PHP configuration. You can you download this script, upload it to your WP directory, call it from your browser and paste here the output.
I recommend to keep the instructions on top of the file (1st line).
Hi,
I had taken this matter to the technical team of the shared hosting company. This is their reply:
“The php.ini is set that way to stop the firewall plugin overwriting it. It overrides the system default session.save path which will make your system run slower because it’ll be using file based sessions instead of memcached.”
The .user.ini file, I was unable to find it. Regarding the script, is it applicable when using the .user.ini file?
Thanks
Ed
Hi
I don’t understand why your technician mentioned problems with “session.save” because NinjaFirewall does not modify this directive or any other “session.*” directive.
If you already had a php.ini before installing NijaFirewall, then you should use it. Can you manually edit it?
Hi,
The technician of the hosting replied as under:
“NinjaFirewall generates a php.ini which it places in the public_html. This overrides the system php.ini”
Regards
Ed
Hi,
I understand now, the file is not in your public_html folder but it is the main server PHP initialization file.
If you removed the “SetEnv PHPRC” instruction added to the .htaccess file by NinjaFirewall, wouldn’t it solve the problem?
You would need to ask your host if you have any possibility to use the “auto_prepend_file” directive at your level.
The host replied as under:
“Under suPHP the system will always ready in a php.ini in the same directory as the script is being executed from. We can give you a copy of the system php.ini, which you can then add the auto_prepend line to that.”
You can do that:
1. Get their copy of the system php.ini.
2. Open it, and remove any “auto_prepend_file” directives (even empty ones).
3. upload it into your public_html folder.
4. run NinjaFirewall installer and select the php.ini file.
That should work.
Hi
Ran the NinjaFirewall installer inside WordPress. How do I pick the php.ini file?
Hi,
If you put the php.ini into your WordPress directory, during the installation process (3rd page), it will be detected and chosen automatically and then the code will be added to it.
Hi,
Okay I’ll do that. If there is any issue I’ll let you know.
Thanks a lot for all your replies!
Ed
Hi,
The host ask the following question as they are trying to sort it out:
What was the exact requirement that the firewall plugin needed from the php.ini?
By the way, should the Ninja code be at the first line only for the .htaccess file or for the php file as well?
Kind regards
Ed
Hi,
All it needs is the “auto_prepend_file” directive. It uses it to load the firewall script before WordPress or any other PHP script. It will add it to the the PHP initialization file during the installation process.
It will add the directive itself, on top of the file (1st line).
Regarding .htaccess, you can ignore this part, because you are running suPHP, the code added to it by the firewall will be ignored.
Hi
You said before to remove any “auto_prepend_file” directives (even empty ones). But now you say that it needs “auto_prepend_file” directive.
The host responded saying:
I am not entirely 100% how the directive needs to be added to the php.ini file at the moment it is just “auto_prepend_file = “.
Kind regards
Ed
Hi,
You need to delete it (even the empty one) from the php.ini.
Then, simply upload the php.ini to you WordPress folder and run NinjaFirewall installer. It will add the correct directive to it during the setup.
Otherwise, if you host wants to do it, he needs to add the full path to the /ninjafirewall/lib/firewall.php script.
That will look like this:
; BEGIN NinjaFirewall (WP)
auto_prepend_file = /full/path/to/wp-content/plugins/ninjafirewall/lib/firewall.php
; END NinjaFirewall (WP)
But I stress on the fact that it would be better to let NinjaFirewall installer manage that part, because it will save a copy of the modification and, if one day you want to uninstall it, it will use it to remove the directive.
