Title: Correct Settings to enable external code.
Last modified: October 20, 2023

---

# Correct Settings to enable external code.

 *  [wlengfelder](https://wordpress.org/support/users/wlengfelder/)
 * (@wlengfelder)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/)
 * What are the correct settings to be able to embed external code.
   When I insert
   code via codeblock in Oxygen, ninja prevents the codeblock from being saved.
 * What settings are needed to make this work?
   Regards Wolfgang

Viewing 14 replies - 1 through 14 (of 14 total)

 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17138568)
 * Could you check in the firewall’s log (NinjaFirewall > Logs) the line showing
   the blocked request and paste it here so that I could see the reason why you 
   were blocked?
   Note that if you are the admin, you shouldn’t be blocked at all.
 *  Thread Starter [wlengfelder](https://wordpress.org/support/users/wlengfelder/)
 * (@wlengfelder)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17138615)
 * There are some error like this:
 * 20/Oct/23 09:04:00 #8041948 UPLOAD – 89.246.97.219 POST /wp-admin/async-upload.
   php – File upload detected, no action taken – [template-background-15-min-termin.
   jpg (132,648 bytes)] – [http://www.xxxxxxxx.de](http://www.xxxxxxxx.de)
   20/Oct/
   23 09:06:16 #3322402 CRITICAL 115 89.246.97.219 POST /index.php – Cross-site 
   scripting – [RAW:POST = {“params”:{“classes”:{“c-bg-light”:{“key”:”c-bg-light”,”
   parent”:”core”,”media”:{“page-width”:{“original”:{“container-padding-right”:”
   50″}}},”original”:{“background-color”:”color(67)”,”aos-e…] – [http://www.xxxxxxxxxx.de](http://www.xxxxxxxxxx.de)
   and yes, i am admin.Regards
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17138963)
 * You shouldn’t be blocked. Maybe you have a plugin or theme that destroys the 
   PHP session. You can go to “NinjaFirewall > Dashboard” and check if there’s any
   error or warning about PHP session. If there’s one, you can try to debug the 
   problem by following that post: [https://blog.nintechnet.com/ninjafirewall-php-sessions-debugging/](https://blog.nintechnet.com/ninjafirewall-php-sessions-debugging/)
 * In the meantime, you can temporarily disable rule 115: go to “NinjaFirewall >
   Security Rules”, click the “Rules Editor” tab and disable the rule in the list.
 *  Thread Starter [wlengfelder](https://wordpress.org/support/users/wlengfelder/)
 * (@wlengfelder)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17138987)
 * i get this error in the dashboard:
 * FirewallEnabledModeNinjaFirewall is running in [Full WAF](https://blog.nintechnet.com/full_waf-vs-wordpress_waf/)
   mode.EditionWP Edition ~ [Need more security? Explore our supercharged premium version: NinjaFirewall (WP+ Edition)](https://www.wolfgang-lengfelder.de/wp-admin/admin.php?page=nfsubwplus)
   Version4.5.9 ~ Security rules: 2023-10-13.3PHP SAPIAPACHE2HANDLER ~ 8.2.10Admin
   user`xxxxxxxx`: You are whitelisted by the firewall.
   User sessionIt seems that
   the user session set by NinjaFirewall was not found by the firewall script.Help&
   configuration[Securing WordPress with NinjaFirewall (WP Edition)](https://blog.nintechnet.com/securing-wordpress-with-a-web-application-firewall-ninjafirewall/)
 *  Thread Starter [wlengfelder](https://wordpress.org/support/users/wlengfelder/)
 * (@wlengfelder)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17138993)
 * In the meantime, you can temporarily disable rule 115: go to “NinjaFirewall >
   Security Rules”, click the “Rules Editor” tab and disable the rule in the list.
   
   thanks. i did it. now i will check it againgreat: this works!
    -  This reply was modified 2 years, 7 months ago by [wlengfelder](https://wordpress.org/support/users/wlengfelder/).
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17140289)
 * >  User sessionIt seems that the user session set by NinjaFirewall was not found
   > by the firewall script.
 * That’s the problem. Either you have:
    - A plugin or a theme that destroyed the session: you can search in their code
      for `session_start` to find which one is using PHP sessions, in addition to
      NinjaFirewall.
    - An issue on the PHP side (e.g., you update/upgrade PHP but its sessions folder
      is not writable to the PHP interpreter): You can test your server configuration
      with this script: [https://nintechnet.com/share/wp-session.txt](https://nintechnet.com/share/wp-session.txt)
 *  Thread Starter [wlengfelder](https://wordpress.org/support/users/wlengfelder/)
 * (@wlengfelder)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17140642)
 *  i uploaded this script and opened the url … 
   all i get is:Starting a session..
   Writing 835944 to session Closing session. Session value: 835944everything seems
   to be ok?
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17143167)
 * It looks fine and doesn’t seem to be an issue with your PHP configuration.
   It
   seems more likely a problem with another plugin or the theme. Did you try to 
   search your /wp-content/plugins/* and /wp-content/themes/* folders for `session_start`
   in all PHP files?
 *  Thread Starter [wlengfelder](https://wordpress.org/support/users/wlengfelder/)
 * (@wlengfelder)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17144066)
 * thanks:
   here are the results:/themes:Starting a session.. Writing 324237 to session
   Closing session. Session value: 324237/plugins:Starting a session.. Writing 280212
   to session Closing session. Session value: 280212
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17145665)
 * You would need to search the code of all your themes and plugins files for the`
   session_start` string. You can do that with a plugin such as this one: [https://wordpress.org/plugins/string-locator/](https://wordpress.org/plugins/string-locator/)
 *  Thread Starter [wlengfelder](https://wordpress.org/support/users/wlengfelder/)
 * (@wlengfelder)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17146981)
 * ok. thanks. i have installed and run the plugin. I find with it a lot of entries
   that contain “session start”. But how do I find which one is responsible for 
   the problem?
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17149387)
 * Can you paste here the list of (active) plugins/themes that contain the string?
 *  Thread Starter [wlengfelder](https://wordpress.org/support/users/wlengfelder/)
 * (@wlengfelder)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17149475)
 * thanks for info. This plugins contains the string:
 * fluent-smtp/
 * /wccp-pro/
 * /flying-analytics/
 * /erropix-hydrogen-pack/
 * /recoda_ws/
 * /ninjafirewall/
 * /wpvivid-backuprestore/
   themes: i use oxygen builder. with oxygen there is no
   theme necessary. and the installed basic theme twenty-twenty to is without this
   string.
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17153343)
 * I could only check the following 3 free plugins: fluent-smtp, flying-analytics
   and wpvivid-backuprestore. None of them seems to be a problem.
 * Maybe the issue is among wccp-pro, erropix-hydrogen-pack or recoda_ws.
   If you
   can temporarily disable them one by one and check the firewall’s dashboard page
   to see if the session warning message disappear, that will help you to know which
   one it is.

Viewing 14 replies - 1 through 14 (of 14 total)

The topic ‘Correct Settings to enable external code.’ is closed to new replies.

 * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137)
 * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/)
 * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/)

## Tags

 * [calendar](https://wordpress.org/support/topic-tag/calendar/)
 * [settings](https://wordpress.org/support/topic-tag/settings/)

 * 14 replies
 * 2 participants
 * Last reply from: [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * Last activity: [2 years, 7 months ago](https://wordpress.org/support/topic/correct-settings-to-enable-external-code/#post-17153343)
 * Status: not a support question