Version 1.1.3 introduces an optional NinjaFirewall configuration file that can be used to overwrite some of the firewall hard-coded variables, for instance, to tell NinjaFirewall where is located your WordPress configuration file,
wp-config.php, if you moved it to another directory, or add/modify server variables.
This file must be named
.htninja and must be located in the folder above your website document root : if your document root is
/home/user/plublic_html/, the location of the file will be
Because it is located outside the document root and its name starts with
.ht, the file is relatively safe and protected (by default, most HTTP servers will prevent anyone from accessing a
.ht* file). However, we recommend to change the file permissions to read-only, usually 0444 or 0400.
Also, you need to ensure that you do not have an open_basedir restriction, otherwise you will not be able to use that configuration file.
NinjaFirewall package contains a sample file, named
It is a regular PHP file. Note that it does not contain a PHP closing tag (
?>). We recommend to keep it that way, because if there was a space or new line character after a closing tag, it would trigger errors on your site (PHP would need to send HTTP headers in order to ouput those characters before your blog is loaded). This problem does not occur when the PHP closing tag is missing.
If you want NinjaFirewall to use a specific
wp-config.php file, add its full path to the
$wp_config variable as displayed in the above sample code.
You can check if the file was detected from your WordPress admin console, in the "NinjaFirewall > Overview" menu :
You can add/modify server variables in the
.htninja file. For instance, users of the CDN service Cloudflare can copy the visitor real IP (
HTTP_CF_CONNECTING_IP) into the
REMOTE_ADDR variable so that NinjaFirewall will use the correct IP :
Rev.: 1.00 2013-10-24
Rev.: 1.01 2014-02-12 : added Cloudflare example.