Critical issue – A plugin has prevented updates

Hiya,

I totally get that, identifying individual causes for a problem can be troublesome, and it may be incorrect if you also have a warning relating to the website loopbacks (if loopbacks are not working, then the check for this particular feature will also fail, so resolving the loopback issue should then be the first step).

The recommended approach for any such scenario is still to disable plugins and enable them one by one until a problem reappears. Of course we understand this isn’t always a possible approach, so you can use the Health Check plugin to extend the new Site Health feature in WordPress, and introduces a Troubleshooting alternativee to the page which lets you simulate having no plugins (or the plugins you’d like) enabled only for your user.

It should be noted that some hosts may also handle the updates for you, in which case the result WordPress displays may not apply as you are getting the updates form their platform instead, you would have to check that with your hosts documentation if it’s the case.

Your reply is very much appreciated, Marius. I do have the loopback warning so I’m guessing that is what is causing the issue.

This error may or may not be due to WPInvoicing plugin. We need to troubleshoot for that. First of all, can you let me know if your site is directly accessible to users or you have some HTTP authentication enabled? If the HTTP authentication is enabled on your site then this error will come as loopback request from health check plugin will fail.

Please let me know admin details and FTP details in private reply to troubleshoot more for your site.

Source link:
https://wpinvoicing.com/support/topic/a-plugin-has-prevented-updates-by-disabling-wp_version_check/
https://www.icrowdresearch.com
https://www.abrightclearweb.com/the-wordpress-site-health-check-help-or-hindrance/

I am currently having this problem and can’t find anyone who will help me. The Site Health error messages I see are:
1. A plugin has prevented updates by disabling wp_version_check().
Passed No version control systems were detected.
Passed Your installation of WordPress doesn’t require FTP credentials to perform updates.
Passed All of your WordPress files are writable.
2. The scheduled event, action_scheduler_run_queue (this varies, but the error message is always there), is late to run. Your site still works, but this may indicate that scheduling posts or automated updates may not work as intended.
3. Loopback requests are used to run scheduled events, and are also used by the built-in editors for themes and plugins to verify code stability. The loopback request returned an unexpected http status code, 403, it was not possible to determine if this will prevent features from working as expected.

This is occurring on two client websites with nearly identical plugin profiles, hosted on the same GreenGeeks account. I do not have managed WordPress hosting, nor do I have any auto-updates set with Jetpack or the host server. I have repeatedly tried disabling all the plugins to identify which might be causing this, but the errors remain even with all plugins disabled. I have never encountered this on any of the 70+ other WordPress sites I manage, most of which use the same theme and similar plugin profiles and (most of which) are hosted with the same company.

This is causing problems with backing up the sites and uploading those backup files to Google Drive as well as other nuisances. I looked at the other entries about this but they were all closed and none of them made the solution to the issue clear.

@clorith, would it be possible for you to help me since you’ve dealt with this one before on both wordpress.com and www.ads-software.com?

• This reply was modified 5 years, 1 month ago by Hannah West Design. Reason: needed to add that the site with this issue does not have managed WordPress hosting and that disabling all plugins does not cause the error to disappear

I am having the same problem and have also tried everything I can find to fix this. On or about the same time, I also lost the ability to add or delete plugins, and I do not know if the two issues are related but did occur about the same timeline. I would appreciate any help possible.

It would be very helpful if the new (is it new) Site Heath panel with this warning

“The loopback request returned an unexpected http status code, 403, it was not possible to determine if this will prevent features from working as expected.”

Gave some kind of an indication what this is..I have it and do not know where to start.

having same problem, but WITH zero plugins installed and active — set up a test site just for testing one plugin or environment. went to test site after seeing error on live site, saw same “A plugin has prevented updates by disabling wp_version_check()“, and under “Recommended improvements”, another consistent error is shown:

Your site could not complete a loopback request.

The loopback request returned an unexpected http status code, 403, it was not possible to determine if this will prevent features from working as expected.

however, ZERO plugins installed/active on test site.

this could mean, given none of us have same server environment, yet are experiencing same problem, that it’s an IP or service site that is being blocked remotely, away from your site.

I’ve been reporting brute force login attempts for years on various sites. but in the past 2 months alone, brute force login attempts have ramped up via Digital Ocean, OVH, New Dream Host, GoDaddy, Vultr/Choopa and hetzner. with each brute force login attempt, IPs are getting self-blocked by other networks after suspicious/malicious activity, such as persistent brute force login attacks. this may be affecting usability, if www.ads-software.com is hosting any content on any of those networks.

how I discovered this problem: posts could not be scheduled within a plugin on a live site.

• This reply was modified 4 years, 10 months ago by tamramc.

my problem was fixed by changing .htaccess containers and directives. some options which worked before, no longer “compatible” with Site Health. and my public_html and wp-admin .htaccess files were set up a certain way to stop brute force login attackers from accessing directories they were persistently trying to access, or making remote calls to exploit.

by using a new install/test site w/ zero plugins or 3rd party add-ons, able to see right away, the “A plugin has prevented updates by disabling wp_version_check().” error should be reworded to send persons onto the right path — towards their server’s security options first, instead of wasting time looking at plugin after plugin. it was easier to just isolate WordPress by itself to see the problem, then go from there.

this Site Health feature is going to be a problem, because not everyone has the same server setup, and many sites require extremely strict security and data protection.

if “allow localhost” isn’t added for certain directives now, Site Health will fail. if Site Health doesn’t like the valid container <name></name>, Site Health will fail. Password protected directories may also fail, esp. wp-admin directory depending upon how it’s password protected.

anyway, I hope this helps someone.

and be safe guys, esp. given hackers are now running scripts to obtain info 24/7. we’ve had over 200,000 attempts to login in one month alone. blocking IPs has become a joke and limits functionality because companies such as Amazon, Facebook are in same server bed as brute force login attackers.

What fixed problem — but check your server for correct Apache name containers: <Limit> is 2.2, <Require> is 2.4

// works //
<Files .htaccess>
Require all denied
</Files>

Require ip xxx.xxx.xxx.xxx
Require ip xxx.xxx.xxx.xxx # continue for any other ips/CIDRs or an entire range
Require local # THIS is the most important thing — WordPress PLUGIN needs to not be blocked

ErrorDocument 400 /file
ErrorDocument 401 /file
ErrorDocument 403 /file
ErrorDocument 413 /file
ErrorDocument 404 /file
ErrorDocument 500 /file

/// end works /// AND I LOVE THIS, SO MUCH EASIER, and simple with same security.

This results in 403 error for unauthorized access, as expected. And after this site health actually reported GOOD JOB! with 0 issues found. What existed before (below) resulted consistently in wp_version_check() and loopback failures, including on FRESH install w/ zero 3rd party plugins, just WordPress and server.

<Files .htaccess>
order deny,allow
deny from all
</Files>

<Limit GET POST> # now deprecated, may cause server errors. Require is the new Limit — see link below
order deny,allow
allow from xxx.xxx.xxx.xxx
allow from localhost # THIS didn’t satisfy WordPress, because see link below
# allow from xxx.xxx.xxx.xxx/xx
deny from all
</Limit>

<Limit PUT DELETE>
order allow,deny
deny from all
# allow localhost here could fix the problem on some servers, but find out your server version software and see link below if 2.4 as ours is.
</Limit>

https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireany

So, what WordPress developers need to do, hardcode comment for require localhost or info to allow calls from host to update as needed. Because of so many brute force login hackers, most all wp-admin directories are password protected and include a variety of security options. But w/o “Require local” some functionality will fail: scheduling and other tasks.

• This reply was modified 4 years, 10 months ago by t-p.
• This reply was modified 4 years, 10 months ago by tamramc.
• This reply was modified 4 years, 10 months ago by tamramc. Reason: clarity and formatting

I could use some guidance as to what ip addresses to include in the .htaccess code.

Should the ip addresses be public IPv4 or IPv6?

Is the local # my laptop address?

Is the # actually part of the code or just a marker for me to insert numbers?

It would help to see an example of how the following section should look in the actual file. I am a newbie. I do not want to include more than necessary.

Require ip xxx.xxx.xxx.xxx
Require ip xxx.xxx.xxx.xxx # continue for any other ips/CIDRs or an entire range
Require local # THIS is the most important thing — WordPress PLUGIN needs to not be blocked

Thanks in advance! This has been helpful.

Hallo, i have the same issue (with all plugins deactivated, wordpress version 5.52, apache 2.4). I have edited the htaccess file in my wp-admnin folder like i have read here but it does not solve my problem. I have added the following:

Require all denied
Require ip xxx.xxx.xxx.xxx
Require local

Where has this htaccess file to be? In the wp-admin folder? In the plugins folder?

What can i do else?

Hi, there!
I have the same issue. With no plug-ins activated, Site Health reports that there is a critical issue: a plugin has prevented updates turning off wp_version_check().
Is there anyone that can give a clear and possibly easy solution to this issue?
Thank you so much.
Regards

Alessandro

Hello friends i am new at wordpress, i have the same issue exactly with you. i use HTTP at the moment, later will put in an HTTPS and i my backup process with WPVivid was taking too long and a checked the site health and i get the same

1. Background updates ensure that WordPress can auto-update if a security update is released for the version you are currently using.

Error A plugin has prevented updates by disabling wp_version_check().
Passed No version control systems were detected.
Passed Your installation of WordPress doesn’t require FTP credentials to perform updates.
Passed All of your WordPress files are writable.

… also have recommend to remove inactive plugins, older version of PHP

…The scheduled event, wp_update_themes, failed to run. Your site still works, but this may indicate that scheduling posts or automated updates may not work as intended.

…The REST API is one way WordPress, and other applications, communicate with the server. One example is the block editor screen, which relies on this to display, and save, your posts and pages.

The REST API call gave the following unexpected result: (404) .

…and Loopback requests are used to run scheduled events, and are also used by the built-in editors for themes and plugins to verify code stability.

The loopback request returned an unexpected http status code, 404, it was not possible to determine if this will prevent features from working as expected.

————–

what i can do? i am very new at this.

hi all! …help …please!
“A plugin has prevented updates by disabling wp_version_check().”
and in passed tests:
“You are currently running the latest version of WordPress available, keep it up”

it was in good health …i dont remember installing any new plug in !
…so, all deactivated (one by one) and i keep getting the same critical error
i reseted most of the plugins, im now out of ideas where to start … again !
thank you !

Hiya,

This is another users topic, from almost 2 years ago.

To avoid sending a lot of notifications to users who are well past their point of following up on this topic, I am closing it.

If you are experiencing problems with WordPress, please create your own topics ??