Create a “check-updates.php” file with the following code, upload it into your WordPress root folder and access it with your browser: https://your-site.tld/check-updates.php.
That will show you whether the option is really disabled in the DB.
<?php
header('Content-type: text/plain');
require 'wp-config.php';
$nfw_options = get_option('nfw_options');
if ( empty( $nfw_options['secupdates'] ) ) {
echo "Security updates notification is disabled.";
} else {
echo "Security updates notification is enabled.";
}
Thread Starter
hum2
(@hum2)
Thanks, I get this message on 4 websites (one website doesn’t show the php file for some reason): Security updates notification is disabled.
It is disabled.
Do you have a site in a parent folder where NF is installed ?
Thread Starter
hum2
(@hum2)
hmm… don’t really know for sure, what you mean.
Just installed the plugin in a regular way via wordpress. So the plugin is in wp-content/plugins.
The site itself has the following folder structure: sitename/wordpress/
Do you have another instance of the site like a dev or staging site on that server or another one, that could be the one sending the notification?
Thread Starter
hum2
(@hum2)
No, just installed wordpress with one site. The same behavior for 5 sites.
That’s very odd.
Did you check in the NinjaFirewall > Dashboard page if there was any warning or error?
Can you check the WordPress scheduled tasks:
1. Install and activate https://ww.wp.xz.cn/plugins/wp-crontrol/
2. Go to “Tools > Cron Events”.
3. Make sure there’s only one instance of “nfwgccron”. It should be running hourly.
You can try to go to the “Plugins” page, deactivate and reactivate NinjaFirewall. When you do that, it will check and fix any potential issue.
Thread Starter
hum2
(@hum2)
The logfile in the dashboard shows just one, several times repeaded error: [08/Feb/24:10:09:36 +0000] Error : /provider/XYZ/website/wordpress directory is not readable.
Cron events show just one nfwccron instance and it runs hourly.
I reactivated the NFW now and will make it on every website. So we’ll see if it helps. Very strange problem.
Thread Starter
hum2
(@hum2)
notifications keep coming.
Is there some setting outside of NinjaFirewall, which send notifications??
Nothing else sends those notifications.
Try to edit the code:
- Open wp-content/plugins/ninjafirewal/lib/event_updates.php
- Line 25, add this code :
return;
It will look like this:
26 function nfw_check_security_updates() {
27 return;
28 $nfw_checked = nfw_get_option( 'nfw_checked' );
If you still received notifications, that would mean another instance of NinjaFirewall is running.
Thread Starter
hum2
(@hum2)
ok, thanks, done so on every website.
Thread Starter
hum2
(@hum2)
it’s just weird, got first notifications!
But where can I look for another instance? I can not imagine, that I installed two of them.
Can you check the email headers? You could find some info like IP addresses etc that may help. Also, if your PHP interpreter has the “mail.add_x_header” directive enabled, you could see the “X-PHP-Originating-Script” field that will tell you which script sent the email.
Thread Starter
hum2
(@hum2)
I can not see any useful infos in the header. How can I send you a private message? So I could copypaste you the whole header.
