All my 300+ websites are showing Error 500, after automatic update.

Update:

When I ping several of my domains, they say “Host not found”. As far as I know, PHP can’t have that affect. On a website running PHP 7, I get more detailed error logs. That being said, those websites that are resolving correctly, show an error 500.

[21-Jan-2017 23:38:37 UTC] PHP Fatal error:  Uncaught Error: Class 'WPSS_Utils' not found in /srv/users/mysite/apps/mysite/public/wp-content/plugins/wp-spamshield/wp-spamshield.php:7323
Stack trace:
#0 /srv/users/mysite/apps/mysite/public/wp-content/plugins/wp-spamshield/wp-spamshield.php(217): WP_SpamShield::sanitize_ip('127.0.0.1')
#1 /srv/users/mysite/apps/mysite/public/wp-content/plugins/wp-spamshield/wp-spamshield.php(48): rs_wpss_getenv()
#2 /srv/users/mysite/apps/mysite/public/wp-settings.php(273): include_once('/srv/users/aeda...')
#3 /srv/users/mysite/apps/mysite/public/wp-config.php(37): require_once('/srv/users/aeda...')
#4 /srv/users/mysite/apps/mysite/public/wp-load.php(39): require_once('/srv/users/aeda...')
#5 /srv/users/mysite/apps/mysite/public/wp-blog-header.php(13): require_once('/srv/users/aeda...')
#6 /srv/users/mysite/apps/mysite/public/index.php(17): require('/srv/users/aeda...')
#7 {main}
  thrown in /srv/users/mysite/apps/mysite/public/wp-content/plugins/wp-spamshield/wp-spamshield.php on line 7323

So I wonder, is this a complete coincidence that dozens of my domains don’t resolve their IP correctly at the same moment where all my websites automatically update to new WP Spam Shield version? Is there a worldwide DNS issue? (GoDaddy seems okay), or is this an issue with my sever admin software (serverpilot)?

I am very confused.

I can confirm that this happened to all my sites today as well with WP-Spam Shield on. I didn’t update the plugin. Once the plugin the disabled (rename) with FTP, sites are back online.

I think it’s just the plugin because another site on the same droplet without this plugin is fine. Hopefully, the plugin’s developers can find the cause soon.

Error 500

Hi @liddika and @tierten,

I’m sorry to hear about the issue you’re having on your site.

We do test everything out on a variety of test servers, PHP versions, and hosts, but there are certain configurations that may trigger something that another does not.

Right now this issue does not seem to be affecting a large percentage of users, but that doesn’t mean we aren’t looking into it. We have been, and will continue until the issue is resolved. We do take each report seriously, no matter how many users it affects. Please know that.

There’s a bit more to resolving an issue than the providing a line with the error message. It only occurs for a limited subset of users, so we have to run backtraces on which function is called in which order, and under what conditions. If we don’t get all that locked down, then even if we change the line with the error, it may not fix the actual issue. We also have to make sure that the fix does not create a new issue.

You can help us solve it quickly if you can follow a few steps.

Some of this may seem unnecessary or redundant, but we ask users to do the following:

1. Work through the Troubleshooting Guide and FAQs. Even if you can just skim through and run a mental checklist, this is important.
2. Check for known conflicts. This will help rule out any known issues.
3. Submit a support request at the WP-SpamShield Support Page. In your support request, if you can provide any error logs, please include those (it’s best not to post them on forums). It’s even better if you can provide data from RS System Diagnostic Data plugin in your support request, it will expedite things. (The form is secure and encrypted, so that’s another reason why this is a better process.)

I realize this can be annoying or frustrating, but we just ask our plugin users to keep in mind there are far more plugin users than there are of us, so if each user can take a few minutes to work through these guides before submitting a support request, it allows us to solve support issues much more quickly. The process works, and we always get to the bottom of the issue, it’s just a matter of how quickly. The more info you can provide as a plugin user, the quicker we can solve things. Thank you!

– Scott

• This reply was modified 7 years, 10 months ago by redsand.
• This reply was modified 7 years, 10 months ago by redsand.

Thanks @redsand, you guys rock! I just want to point out that v1.9.9.8.5 doesn’t cause the error 500 in my case.

I’ll wait for the next version, cheers.

This has happened on 2 of our sites as well. It looks like its a widespread problem. I’m seeing it on php 5.5 sites:

[22-Jan-2017 01:17:21 UTC] PHP Fatal error: Class ‘WPSS_Utils’ not found in /dom18874/wp-content/plugins/wp-spamshield/wp-spamshield.php on line 7323

The bug is pretty obvious reading the code.

wp-spamshield.php line 48 you call:
rs_wpss_getenv

which calls WP_SpamShield::sanitize_ip on line 217

In any case where sanitize_ip has a problem, you attempt to log that data but the util class hasn’t been required yet.

My suggestion would be to pull the include block on line 138 up above the first function call. Its super easy to hit this problem otherwise.

• This reply was modified 7 years, 10 months ago by jeichorn.
• This reply was modified 7 years, 10 months ago by jeichorn.

@tierten,

Thanks for the support! ??

@ everyone here:

I’ve posted this in a couple other threads:

If you would like immediate relief, you can comment out the following line in the wp-spamshield.php file that have WPSS_Utils::append_log_data. Lines 2642, 7323, 7393 are the only ones you would need to edit. Just add “//” to the beginning of the line. This is a debugging function, so it’s safe to comment it out. (If anyone isn’t familiar with editing PHP files, just make sure you’re using a text editor like Notepad or Notepad++, and don’t use any Microsoft, Office, or word-processor-type apps. Also, always back up the original file first.)

Hi @jeichorn,

We’re not denying an issue, it’s just that we’re trying to identify why only certain servers are having issues. It’s not specific to any one version of PHP, Apache, WordPress or anything else. It has to do with firing order. We have to suss out a pattern in order to make sure future updates don’t cause issues with those servers.

I hope you can see though, that to solve an issue at the root level, it’s a bit more complex.

We’re moving the append_log_data() function into the main file in the next update. It’s an upgraded version of the function that was previously in the main file. It was initially moved to the WPSS_Utils class, but that’s been an issue on some servers due to the firing order. Unfortunately including the WPSS_Utils class before rs_wpss_getenv() runs creates other bigger issues. That’s part of the rub.

We’re actively working on the issue. If folks will submit support requests at the WP-SpamShield Support Page, it will help us solve this faster as we will be able to identify a pattern of which server types and configs are having issues.

At the very least, if you don’t want to submit a support request there, if you can run a report with the RS System Diagnostic Data plugin, and post the temporary URL here, that would be helpful. The most secure option is to use the support page though, as it’s a secure form, data transmission is encrypted, and you’re not giving any details out publicly about your server. Your choice.

• This reply was modified 7 years, 10 months ago by redsand.

Thanks, commenting the lines fixed the issue for me.

Considering this plugin is so extensively installed by many, i think its prudent that an update is rolled out with these lines commented, immediately. The dev team can then test the logic and try investigating the cause.

Please do not expect all the sites in production to make such php edits. Its not practical.

You may argue the issue is not extensive, but considering the update was rolled out a few hours ago, we cannot be certain whether the issue can be extensive or not.

I was just contacted by several people who are using GoDaddy Linux Web hosting with cPanel, and all their websites are down as well. I contacted GoDaddy technical support, and I was told they are getting a lot of calls because of this.

They asked me to turn of all auto updates for WordPress and delete the wp-spamshield folder.

I think this is the nightmare of any plugin developer, as well as website owners running WordPress, when by default automatic update is on, and a faulty version is distributed automatically across 100,000s of websites.

Since this affects GoDaddy linux hosting, serverpilot.io/digitalocean hosting, and people here are reporting it happens on a fresh WP installation, I would really consider pulling the emergency break and pull this release, otherwise websites keep automatically update and break.

Commenting it out seems to have fixed a bunch of sites.

However, practically it is extremely difficult to keep commenting those debug functions for over 1k websites.

I agree with @csine where it’s just been a few hours and already a whole lota sites have crashed so we cannot judge if it’s extensive or not.

Hi folks,

Just an update. We’re putting the finishing touches on a fix.

– Scott

Same issue for me !!!!!! I have to refresh my website to be able to view it. Why don’t you guys make correct tests before publishing updates ? It ruins our business!

It also affected all of my sites.
Do I have to remove plugin’s directory to gry my sites worki again?

I am considering removing this plugin forever and search for another one. This is not the first time things like that happen with this plugin. It really ruined my business for 2 whole days, which is enormous for me.

• This reply was modified 7 years, 10 months ago by spespam.

UPDATE: Version 1.9.9.8.7 has been released. All issues should be resolved.

If anyone needs further tech support, please visit the following:

1. WP-SpamShield Support Page
2. Troubleshooting Guide
3. Frequently Asked Questions (FAQs)

For those who are interested, you can use the plugin Akismet, which is more reliable and won’t make your site crash after every update. Plus, it’s the official wordpress plugin against spam.