Bug leads to “deny from all” in wp-admin/.htaccess

  • Resolved Anonymous User 17880307

    (@anonymized-17880307)


    2 years, 1 month ago

    It seems the latest version contains some logic in classes/Helpers/class-logger.php which does the following on specific AJAX requests (for example when you import CSV data via Digimember):

    – creates wp-admin/wp-security-audit-log-debug-xxxxx.log
    – creates wp-admin/index.php and wp-admin/.htaccess
    – writes deny from all into wp-admin/.htaccess which blocks further access to wp-admin

    See also https://www.ads-software.com/support/topic/wp-admin-wp-security-audit-log-debug-xxxxx-log/. The content of the logfile, accesslog entries and some tests may help to fix this.

    Also I see that you have apply_filters(?WSAL_PREFIX?.?'logging_enabled',?true?); in the mentioned file. Not sure if this is correct. Also in this file I see no directory for all write_to_file calls.

Viewing 3 replies - 1 through 3 (of 3 total)

  • I can confirm this issue. I had the same issue last week by using the latest version.

    I got this error after deactivating the plugin via WordPress backend for a test.

    Plugin Support robertabela

    (@robert681)

    Hello @danielrufde

    We’ve looked into the code and indeed, there is an edge case bug here!

    The plugin writes logs to disc on 4 occasions: when there are problems with custom files inclusion, when the logger tries to commit an event with unregistered code, when an event is already registered, and when there is an exception and it tries to log something. Also, this only happen if the logging is enabled via a filter. In update 4.4.3 we have rewritten the class and due to a logical error the plugin is retrieving (and using) the wrong directory name.

    We have prepared an update of the plugin with a patch. Can you please download the support patch and confirm the fix?

    Thank you very much for reporting the issue. We look forward to hearing from you.

    • This reply was modified 2 years, 1 month ago by robertabela.
    Plugin Support robertabela

    (@robert681)

    Hello,

    We have just released update 4.5 of the plugin in which there is a fix for this issue. Please upgrade your install.

    Should you have any further questions please do not hesitate to ask.

    Have a good day.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Bug leads to “deny from all” in wp-admin/.htaccess’ is closed to new replies.