500 errors after rules update

Hi @grahammazie, thanks for getting in touch with us about this.

cURL Error 7 often means that the website can’t make the connection to our servers at all. This often means that the host has a local DNS server that’s caching a long-expired noc1 server IP, and is the most commonly seen reason why this comes up.

It does seem odd that a successful rules update would then follow with this specific error number. The operating system log files and web server log files will likely show a specific error when trying to connect to the Wordfence servers and possibly point to a reason. Let me know what those are if you see them and it doesn’t point to a solution you can immediately take action on.

If you have a shell on the server (or the host are willing to check for you), you could try running curl -v https://noc1.wordfence.com/ and send us the output here. It’s not a perfect test since it’s not within PHP, but it may show if the server’s resolver is getting the wrong IP. Our IPs are available here: https://www.wordfence.com/help/advanced/#servers-and-ip-range

Let me know what you find out!
Peter.

Hi Peter,

Thank you for the response, that’s good information to have.

The error logs show lots of errors like this:

WordPress database error Commands out of sync; you can't run this command now for query SELECT *, CASE 
WHEN type = 3 THEN 0
WHEN type = 4 THEN 1
WHEN type = 7 THEN 2
WHEN type = 6 THEN 3
WHEN type = 5 THEN 4
WHEN type = 9 THEN 5
WHEN type = 8 THEN 6
WHEN type = 2 THEN 7
WHEN type = 1 THEN 8
ELSE 9999
END AS typeSort, CASE 
WHEN type = 3 THEN parameters
WHEN type = 4 THEN parameters
WHEN type = 1 THEN IP
WHEN type = 9 THEN IP
WHEN type = 5 THEN IP
WHEN type = 6 THEN IP
WHEN type = 7 THEN IP
WHEN type = 2 THEN IP
WHEN type = 8 THEN IP
ELSE 9999
END AS detailSort
 FROM dKP_wfblocks7 WHERE type IN (4) AND (expiration = 0 OR expiration > UNIX_TIMESTAMP()) ORDER BY typeSort ASC, id DESC made by wfShutdownRegistry->handleShutdown, wfShutdownFunction->invoke, wfWAFIPBlocksController::synchronizeConfigSettings, wfBlock::patternBlocks, wfBlock::allBlocks

There was also a Bluehost plugin error, but I’ve now deactivated it and I’m still getting the error in WordFence. I’ve also been alerted that we’re getting errors when running the site through PageSpeed Insights and sites like this one despite the site showing correctly when I visit it normally, which is making me think the firewall may not be working as intended?

I also ran that curl command on the server and this is its response:

* About to connect() to noc1.wordfence.com port 443 (#0)
*   Trying 44.239.130.172...
* Connected to noc1.wordfence.com (44.239.130.172) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=*.wordfence.com
*       start date: Feb 07 00:00:00 2023 GMT
*       expire date: Sep 27 23:59:59 2023 GMT
*       common name: *.wordfence.com
*       issuer: CN=Amazon RSA 2048 M01,O=Amazon,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: noc1.wordfence.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Fri, 26 May 2023 15:29:13 GMT
< Content-Type: application/octet-stream
< Content-Length: 108
< Connection: close
< Content-Type: text/plain
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Strict-Transport-Security: max-age=31536000; includeSubDomains
<
* Closing connection 0
{"errorMsg":"Wordfence API error: Your site did not send an API key when contacting the Wordfence servers."}

Thank you again for helping us get to the bottom of the issue

Hi @grahammazie, thanks for your detailed message.

For the first message regarding the database errors, when seeing a “Commands out of sync” database error in your logs, there are often other plugins getting the same error as well.?The issue happens because some plugins, including Wordfence, use PHP’s “shutdown handler” to run some code after the rest of a database request has finished. But if the database connection is lost during a request, this shutdown code still runs and triggers reconnecting to the database, but the database isn’t in a state where queries can be run, if the database is unavailable due to shutting down or if a query limitation set by the hosting provider is reached for example. The ‘commands out of sync’ errors are not the actual cause of a problem, but rather side-effects of the database getting disconnected. When this error is logged, it’s because something else already failed, but it isn’t visible in PHP’s error log.

If you have WP-CLI you can run a query like
wp db query ‘\s’
…which should show you the database server’s uptime. The same can be done on the mysql command line by just typing?\s. In a couple cases reported to us where users had the access to do this, they did find that the database server had recently restarted when they saw these errors. Generally, your hosting provider will need to look into the problem with the database, though with the few sites where we’ve seen this problem, we have not heard back about the host’s solution if they were able to fix it. If your host is willing to send us logs, including?mysql/mariadb logs?and the?syslog, we may be able to help determine the cause.

The IP your server is trying to contact is correct, and the error message about the API Key is actually the expected result for the test you ran, so communication to our servers and back appears to be working.

If you’ve not been able to find the cause of the issue, please send a diagnostic report to wftest @ wordfence . com from the affected site. The diagnostic can directly come from the plugin using the link at the top of the Wordfence > Tools > Diagnostics page.

Afterwards, click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks again,
Peter.