Hi,
NinjaFirewall does not make any changes to your files.
You may have another plugin that did it, or it could be your host who renamed it. In either case, it is scary to see that it was modified without informing you first.
Turning on FileCheck for all sites. On one site when trying to turn it on, clicking “Create Snapshop” brings be to page showing:
“Sorry [my IP here], your request cannot be proceeded. For security reason, it was blocked and logged. If you think that was a mistake, please contact the
webmaster and enclose the following incident ID: [ #4651335 ]”
Here is that error from log:
23/Oct/15 12:45:25 #4651335 high [my IP here] POST /wp-admin/admin.php – DOCUMENT_ROOT server variable in HTTP request – [POST:snapdir = /srv/www/dmain.com/public_html/]
It looks like you were not whitelisted by the firewall.
If you click on the “Overview” page, do you see a warning about that?
