Title: Admin blocked
Last modified: June 12, 2018

---

# Admin blocked

 *  Resolved [miksbl](https://wordpress.org/support/users/miksbl/)
 * (@miksbl)
 * [8 years ago](https://wordpress.org/support/topic/admin-blocked-3/)
 * Hi. Since today I am blocked from the wordpress admin dashboard. If I try to 
   login I get the message “Sorry ….., your request cannot be processed. For security
   reasons, it was blocked and logged. If you believe this was an error please contact
   the
    webmaster and enclose the following incident ID: [ #20….. ].
 * What can I do? If I deactivate the plugin, I can login. But as soon as I activate
   it again, I’m blocked.

Viewing 8 replies - 1 through 8 (of 8 total)

 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [8 years ago](https://wordpress.org/support/topic/admin-blocked-3/#post-10392174)
 * Hi,
 * Create a file named “.htninja”, add this content to it:
 *     ```
       <?php
       // Temporarily disable the firewall:
       return 'ALLOW';
       ```
   
 * Upload it over FTP to your WordPress root folder.
    Log in to the admin dashboard,
   go to “NinjaFirewall > Firewall Log”, search for the incident ID which was displayed
   to you when you were blocked in the log, and paste here the corresponding line.
 * Note that as long as you have the “.htninja” enabled on your site, the firewall
   will not block anyone or any threats.
 *  Thread Starter [miksbl](https://wordpress.org/support/users/miksbl/)
 * (@miksbl)
 * [8 years ago](https://wordpress.org/support/topic/admin-blocked-3/#post-10394128)
 * Thank you. With your code I am able to login. Here are some lines of the Log 
   with my IP yesterday.
 *     ```
       12/Jun/18 17:11:11  #31031xx  CRITICAL     -  178.xxx.70.xxx   GET /wp-admin/index.php - WordPress: Blocked privilege escalation attempt - [Username: Admin User, ID: 5] - domain.de
       12/Jun/18 17:11:20  #23778xx  CRITICAL     -  178.xxx.70.xxx   POST /wp-admin/admin-ajax.php - WordPress: Blocked privilege escalation attempt - [Username: Admin User, ID: 5] - domain.de
       12/Jun/18 17:11:22  #31718xx  HIGH       105  178.xxx.70.xxx   GET /wp-admin/index.php - Cross-site scripting - [COOKIE:ct_checkjs = <script>if(document.body===null||document.body===undefined){document.write('NinjaFirewall: [NinjaFirewall] Blocked privilege escalation attempt.')] - domain.de
       12/Jun/18 17:11:23  #56390xx  HIGH       105  178.xxx.70.xxx   GET /index.php - Cross-site scripting - [COOKIE:ct_checkjs = <script>if(document.body===null||document.body===undefined){document.write('NinjaFirewall: [NinjaFirewall] Blocked privilege escalation attempt.')] - domain.de
       ```
   
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [8 years ago](https://wordpress.org/support/topic/admin-blocked-3/#post-10394677)
 * Can you make sure you are whitelisted by the firewall? Go to “NinjaFirewall >
   Firewall Policies > Basic Policies”, scroll down to the bottom of the page and
   make sure “Add the Administrator to the whitelist (default)” is enabled.
 *  Thread Starter [miksbl](https://wordpress.org/support/users/miksbl/)
 * (@miksbl)
 * [8 years ago](https://wordpress.org/support/topic/admin-blocked-3/#post-10394704)
 * Yes, the option “Add the Administrator to the whitelist (default)” is enabled.
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [8 years ago](https://wordpress.org/support/topic/admin-blocked-3/#post-10394806)
 * The firewall log shows entries with “COOKIE:ct_checkjs” and a quick search on
   the WordPress repo seems to point to this plugin:
    [https://wordpress.org/plugins/cleantalk-spam-protect/](https://wordpress.org/plugins/cleantalk-spam-protect/)
   Is it installed on your blog?
 *  Thread Starter [miksbl](https://wordpress.org/support/users/miksbl/)
 * (@miksbl)
 * [8 years ago](https://wordpress.org/support/topic/admin-blocked-3/#post-10394809)
 * Yes. Cleantalk is installed.
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [8 years ago](https://wordpress.org/support/topic/admin-blocked-3/#post-10394838)
 * The plugin triggers the alert.
    Try to disable the firewall’s privilege escalation
   attempt protection: open your “wp-config.php” file and add this line of code:
 * `define( 'NFW_DISABLE_PRVESC2', true );`
 * Remove the “.htninja” file and try again to log in to see if the issue is solved.
 *  Thread Starter [miksbl](https://wordpress.org/support/users/miksbl/)
 * (@miksbl)
 * [8 years ago](https://wordpress.org/support/topic/admin-blocked-3/#post-10394892)
 * Thank you. That works fine.

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Admin blocked’ is closed to new replies.

 * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137)
 * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/)
 * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/)

 * 8 replies
 * 2 participants
 * Last reply from: [miksbl](https://wordpress.org/support/users/miksbl/)
 * Last activity: [8 years ago](https://wordpress.org/support/topic/admin-blocked-3/#post-10394892)
 * Status: resolved