Database full of transient data from Captcha (All In One WP Security plug-in)

Hi, I was able to download the Transient Manger WP Plug-in, and cleared out a TON of transients (and then optimize the DB). Now I see that about 1000 new transients are still being create per hour. Is this a problem anyone else is dealing with, or is there a simple solution? Thanks

Hi, what plugin version are you currently running?

Yes the AIOWPS plugin has code which will automatically clean up the old transient entries created by captcha feature. The code is triggered once daily via a wp cron event.
You can try a simple test if you wish to confirm whether cleanup code is working.

Firstly login to your DB via PHPMyAdmin and observe roughly how many transient entries you have in the wp options table with the following “aiowps_captcha” in the option name.
Next, from your wp admin panel deactivate and reactivate the AIOWPS plugin (this will trigger the daily cron job which will run the transient cleanup code)

Then check your DB again to see if the old captcha transients were deleted.
(I performed several tests and the code worked as expected for me)

Also I recommend that you hide your login page via one of the brute force features. This should limit the amount of transient entries produced by the captcha feature.

• This reply was modified 8 years, 4 months ago by wpsolutions.
• This reply was modified 8 years, 4 months ago by wpsolutions.

Hi, thank you for responding.

We are using the Version 4.1.9, the latest I believe.

Since yesterday 10,000 transient files were created, according to the Transient Manger WP Plug-in.

Using that, I deleted the expired transient, and there were still 350+ left.

Will test if the clean-up code is working later this evening.

Please let us know if you have other thoughts/ideas – or if this is normal.

Thanks

Hi,

We also have a table wp_options that is being filled (currently -> 136,758 rows) with the following lines.
_transient_aiowps_captcha_string_info_****
_transient_timeout_aiowps_captcha_string_info_***

We updated the plugin to the latest version (Version 4.1.9) and disabled and enabled it again but nothing was cleaned up.

How can we resolve this?

Create a re-occuring SQL event in your phpmyadmin…

Change the database names in the example below to your database…

DELETE FROMwp_xxxxxxx_sitemetaWHEREmeta_keyLIKE "%_site_transient_timeout_aiowps_captcha%";

DELETE FROMwp_xxxxxxx_sitemetaWHEREmeta_keyLIKE "%_site_transient_aiowps_captcha_string_info%";

These are 2 separate rules that I have running every 30 minutes of every day.

• This reply was modified 7 years, 10 months ago by Dave-the-GlitchTech.

Yes, we have this problem, too. We’re using multisite, so the transients are stored in sitemeta table.
@digipointdave: great advice, but unfortunately we don’t have root privileges and event_scheduler ist off. So we cannot create re-ocurring SQL events.
@wpsolutions: please set the cron command of your plugin to cleanup the transients to at least every hour or better 30 minutes, not only once per day.
thanks

@wdfee, try the following plugin WP Control. This might allow you to edit the cron job from once a day to every hour. Let me know if this helps you.

Regards

@mbrsolution sorry, but best practice is to keep the number of plugins as low as possible. This cannot be a real solution for WordPress users, who all have their database blown up by YOUR plugin.

It would be so easy for you to just change the code lines for cleaning transients, that are set only by your plugin.

Let me take a look into your code:

You only need to take out the do_action('aiowps_perform_db_cleanup_tasks'); from function aiowps_daily_cron_event_handler() in /classes/wp-security-cronjob-handler.php line 28, and put it into function aiowps_hourly_cron_event_handler() after line 19.

If there’s a reason for the other database cleanup commands in function aiowps_scheduled_db_cleanup_handler() to run daily instead of hourly, split up this function in two different functions and call them by two different hooks.

btw. the use of call-time pass-by-reference &$this is deprecated in newer php versions, in /classes/wp-security-cronjob-handler.php line 6-7:

add_action ('aiowps_hourly_cron_event', array(&$this, 'aiowps_hourly_cron_event_handler'));
add_action ('aiowps_daily_cron_event', array(&$this, 'aiowps_daily_cron_event_handler'));

and in /classes/wp-security-backup.php line 9-10:

add_action('aiowps_perform_scheduled_backup_tasks', array(&$this, 'aiowps_scheduled_backup_handler'));
add_action('aiowps_perform_db_cleanup_tasks', array(&$this, 'aiowps_scheduled_db_cleanup_handler'));

I guess there are plenty more call-time pass-by-references in your plugin. This should be fixed.

@wdfee, yes you are correct about keeping the number of plugins to a minimum.

I understand what you mean. I just thought of providing a temp solution to allow you to change the time in the cron job until the developers investigate further this issue.

I have submitted a message to the developers to investigate this problem further.

Kind regards

Hi @wdfee,
Thanks for your feedback.
Yeah fair enough you made some good points. I’ll try and address these by next release.