NinjaFirewall blocks cart actions
Fix NinjaFirewall blocking the WooCommerce add-to-cart request for customized products.
Updated April 29, 20265 min read
NinjaFirewall (WP Edition) is a web application firewall that inspects all HTTP requests. It can block the WooCommerce add-to-cart request for customized products because the POST data contains a large base64-encoded JSON payload that triggers the firewall's rules.
Symptoms
- Adding a customized product to the WooCommerce cart fails or does nothing.
- Non-customized products add to cart normally.
- The NinjaFirewall log shows blocked requests to the WooCommerce product page or AJAX endpoint.
- The issue appeared after installing or updating NinjaFirewall.
Fix
Option 1: Whitelist the WooCommerce AJAX endpoint
- Go to NinjaFirewall β Firewall Policies in the WordPress admin.
- Add the WooCommerce cart endpoint to the whitelist.
- The endpoint to whitelist is typically
/?wc-ajax=add_to_cartor the product page URL.
Option 2: Adjust the POST data size rule
- Go to NinjaFirewall β Firewall Policies β HTTP POST.
- Increase the maximum POST data size to allow the large customization payload.
- Chamevo sends the full product configuration as a JSON string in the cart form data. For complex products with multiple views and elements, this can be several hundred kilobytes.
Option 3: Disable base64-encoded data scanning
- Go to NinjaFirewall β Firewall Policies.
- Look for rules that scan or block base64-encoded content in POST data.
- Chamevo encodes product thumbnails as base64 data URLs in the cart payload. This can trigger NinjaFirewall's base64 detection rules.
- Adjust or disable these specific rules.
Verify the fix
- Clear any page caching.
- Open a product page and customize the product.
- Click Add to Cart and verify the product is added successfully.
- Check the NinjaFirewall log to confirm no new blocked requests.
Other security plugins
Similar issues can occur with other security plugins:
- Wordfence β check the firewall log for blocked POST requests and whitelist the endpoint.
- Sucuri β check the activity audit for blocked requests.
- iThemes Security β check the security log and adjust file upload or POST data rules.
The general approach is the same: find the blocked request in the security plugin's log and whitelist the specific endpoint or adjust the rule that triggered the block.
Related articles
Product customizer does not appear on the product pageDiagnose and fix issues where the Chamevo product customizer does not load or is invisible on the product page.Product not added to cartDiagnose and fix issues where customized products are not added to the WooCommerce cart.Custom product thumbnail missing in WooCommerce cartFix missing customized product thumbnails in the WooCommerce cart and order emails.Images are not loading in the product customizerFix issues where graphics, product images, or uploaded images do not display in the Chamevo product customizer.