OviLiz

Thank you.

Are you using X-Frame-Options set on SAMEORIGIN in your .htaccess?

Thanks for your effort Thomas.

Ah I see, but that’s not parsing the video into the post so people would have to click on the link to get to the Video on YouTube. Thanks anyway.

Thank you @dailyverses. Good job!

Thank you @thomask777. Probably your example was formatted, and I can’t see the logic.

Typically I simply paste the YouTube link into the post and WP interprets that as a YouTube video that can be played from within the post page.

Should I wrap that in a DIV container? E.g.
<div class="nolink">https://www.youtube.com/watch?v=GA7MlL0h1go</div>

Same here:

Wordfence Live Activity: Warning: filesize(): stat failed for wp-content/uploads/wpcf7_captcha/1476345615.png in wp-content/plugins/wordfence/lib/wordfenceScanner.php on line 247

…

@buzztone instead answer randomly, please have a look at the entire discussion. The other people questioned about the same identical issue where the indicated “solution” is just ignoring the config validation. So we are worried why is this happening hoping the author would come back with more explanations or a proper fix.

I have disabled Wordfence and disabled and deleted NinjaFirewall. With Wordfence disabled, I have installed back NinjaFirewall and activated. Even after that the issue is still there so is not related with Wordfence.

Also using either PHP 7.0.1, 5.6.16 or even 5.4.45, doesn’t change anything.

I spoke too earlier, the “It seems the user session was not set by the firewall script or may have been destroyed by another plugin. You may get blocked by the firewall while working from the WordPress administration dashboard.” is back without any new action.

So, looks like using “Apache + CGI/FastCGI” and .user.ini is same as “Nginx + CGI/FastCGI” and .user.ini as doesn’t change anything related with my problem.

Thank you, actually using “Nginx + CGI/FastCGI” doesn’t show any alert.

Still can’t figure out why the clickjacking protection doesn’t appear to work (and that’s something simple to test – even by using https://www.lookout.net/test/clickjack.html ).

If I’m using the .htaccess it does the job, but not using NF setting. Any idea?

I’m not saying Ninja Firewall doesn’t work with PHP7, is just that in my case I cannot use Apache+PHP7 when installing NF.
The code is being added correctly to my .htaccess (Your configuration was saved.):

<IfModule mod_php7.c>
   php_value auto_prepend_file /srv/users/myuser/apps/myapp/public/wp-content/plugins/ninjafirewall/lib/firewall.php
</IfModule>

But when testing, Error: the firewall is not loaded. and I cannot find any log about what the issue may be.

But I guess is because appears like ServerPilot is not using mod_php when configuring the server, https://www.digitalocean.com/community/questions/wordpress-one-click-or-server-pilot
This is why I mentioned ServerPilot.io , they are applying a specific configuration that is working only on Ubuntu 14.04 LTS, where I can even switch with one click from PHP 5.4 to 5.5, 5.6 or 7 and downgrade as well.

The phpinfo says that my Server API is FPM/FastCGI which is not listed in the Ninja Firewall install options.

Hi nintechnet, thanks for your reply. I’m gonna to read it later.

Just forgot to mention that I’m using HTTPS and redirect HTTP to it.

I have set to DENY the X-Frame-Options to protect against clickjacking attempts but I’m still able to load the pages into an iframe from a different server.

If I’m just editing the .htaccess and adding Header append X-FRAME-OPTIONS DENY is working fine.

Where are the Firewall Policies rules supposed to be registered?