Title: Problems with MainWP. Base64-encoded POST Variable
Last modified: July 24, 2018

---

# Problems with MainWP. Base64-encoded POST Variable

 *  Resolved [idonteatmeat](https://wordpress.org/support/users/idonteatmeat/)
 * (@idonteatmeat)
 * [7 years, 10 months ago](https://wordpress.org/support/topic/problems-with-mainwp-base64-encoded-post-variable/)
 * Hi,
 * I am using MainWP for remotely managing the sites of my subscribed clients. Some
   functionality is blocked by NF interpreting it as an intrusion.
 * ’24/Jul/18 02:29:28 #2957922 CRITICAL – 46.252.27.245 POST /index.php – BASE64-
   encoded injection – [POST:settings = YTo2MTp7czoxNzoiY2hpbGRfcGx1Z2luX25hbWUiO3M6MDoiIjtzOjE3OiJjaGlsZF9wbHVnaW5fZGVzYyI7czowOiIiO3M6MTk6ImNoaWxkX3BsdWdpbl9hdXRob3IiO3M6MDoiIjtzOjIzOiJjaGlsZF9wbHVnaW5fYXV0aG9yX3VyaSI7czow…]’
   ’
   24/Jul/18 02:29:28 #8884613 CRITICAL – 46.252.27.245 POST /wp-admin/admin-ajax.
   php – BASE64-encoded injection – [POST:settings = YTo2MTp7czoxNzoiY2hpbGRfcGx1Z2luX25hbWUiO3M6MDoiIjtzOjE3OiJjaGlsZF9wbHVnaW5fZGVzYyI7czowOiIiO3M6MTk6ImNoaWxkX3BsdWdpbl9hdXRob3IiO3M6MDoiIjtzOjIzOiJjaGlsZF9wbHVnaW5fYXV0aG9yX3VyaSI7czow…]’
 * I really don’t want to disable that policy. So I tried to whitelist my servers
   IP via .htninja but that doesn’t work. The only way of not giving up on any of
   these softwares would be to disable that. Or would there be any safe way around
   this?
 * Second question. When testing I noticed one client site letting those requests
   through despite having this option enabled as well as “Block any access to the
   REST API” enabled. NF is running in FAW mode. Would that mean the firewall is
   broken on that site?
 * Btw. sorry for asking so much. But I have a lot of clients and pitching a new
   software to them I need to be really certain that everything works together nicely.
 * Thank you for your time!

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [7 years, 10 months ago](https://wordpress.org/support/topic/problems-with-mainwp-base64-encoded-post-variable/#post-10522435)
 * Hi,
 * Normally, adding this code to the .htninja should be all you need to whitelist
   the IP:
 *     ```
       <?php
       /*
        +====================================================================+
        | NinjaFirewall optional configuration file                          |
        |                                                                    |
        | See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
        +====================================================================+
       */
   
       if ( $_SERVER["REMOTE_ADDR"] == '46.252.27.245' ) {
          return 'ALLOW'; // whitelist
       }
       ```
   
 * Check in the “Overview” page to make sure the .htninja is detected and loaded
   by the firewall:
 * Regarding the REST API, you should receive a “403 Forbidden” HTTP code and the
   following content:
 *     ```
       {"code":"nfw_rest_api_access_restricted","message":"Forbidden access","data":{"status":403}}
       ```
   
 * You can test it easily, for instance: `http://some-site.com/wp-json/wp/v2/posts`.
   
   Make sure to log out of the dashboard first, so that you aren’t whitelisted by
   the firewall.
 *  Thread Starter [idonteatmeat](https://wordpress.org/support/users/idonteatmeat/)
 * (@idonteatmeat)
 * [7 years, 10 months ago](https://wordpress.org/support/topic/problems-with-mainwp-base64-encoded-post-variable/#post-10522945)
 * Thanks, .htninja was not working due to me stupid putting it in document root
   instead of one folder above like you mention in the docs.
 * Regarding the other issue I will open a new ticket because it seems NF is not
   working at all on this site despite it tells me running in FAW mode and everything
   should be ok.
 * Thank you.
 *  Thread Starter [idonteatmeat](https://wordpress.org/support/users/idonteatmeat/)
 * (@idonteatmeat)
 * [7 years, 10 months ago](https://wordpress.org/support/topic/problems-with-mainwp-base64-encoded-post-variable/#post-10522955)
 * Any way to mark those posts as private? Wasn’t my intention to spread that servers
   IP.
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [7 years, 10 months ago](https://wordpress.org/support/topic/problems-with-mainwp-base64-encoded-post-variable/#post-10523471)
 * All posts are public and no one can change that I’m afraid.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Problems with MainWP. Base64-encoded POST Variable’ is closed to new 
replies.

 * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137)
 * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/)
 * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * Last activity: [7 years, 10 months ago](https://wordpress.org/support/topic/problems-with-mainwp-base64-encoded-post-variable/#post-10523471)
 * Status: resolved