Base64 Decode Error

  • I have base64 disabled on my server because of hacker activity. I have wordfence installed on multiple sites on this server, however I only have the problem with 1. On occasion this error shows at the top of the page.

    Warning: base64_decode() has been disabled for security reasons in /home/molloy6/public_html/familytireandautoservice.com/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 1353

    Warning: base64_decode() has been disabled for security reasons in /home/molloy6/public_html/familytireandautoservice.com/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 1390

    And this one when trying to update a post or setting

    Warning: Cannot modify header information – headers already sent by (output started at /home/molloy6/public_html/familytireandautoservice.com/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php:1353) in/home/molloy6/public_html/familytireandautoservice.com/wp-admin/post.php on line 197

    I have been through the plugin enable/disable routine and have reinstalled Wordfence, but since it only happens seemingly random that is not a viable process.

    Can you help please?

Viewing 3 replies - 1 through 3 (of 3 total)

  • Disabling base64_decode() is not a good idea. It’s a “throwing the baby out with the bath water” solution along the lines of “hackers can hack my computer, so I’ll just keep it completely disconnected from the internet at all times.”

    While it’s true that hackers use that function to obfuscate code, there are many legitimate reasons it is used for site functionality and even site security.

    Thread Starter cappuccinomedia

    (@cappuccinomedia)

    I appreciate that bluebear, but disabling the base64_decode has deterred many many attacks. At one point earlier this year I had 30k plus attacks per day and they were all placing base64 encoded crap. Once the door was open it was a free for all.

    I had ,what I thought was tight security before that first file was placed. I was using wordfence and BPS as well as an apache firewall with regular scans.

    Might be the baby with bathwater but the only issue so far after 6 months is this one site and with WAF.

    Hi cappuccinomedia,
    you may want to turn of display errors in PHP. I can’t guarantee how the plugin will work with base64_decode turned off but that will at least stop the warnings from displaying to users on your site. You could of course also choose to keep the Firewall off though that is not something I can recommend for obvious reasons.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Base64 Decode Error’ is closed to new replies.