kmarusek

Hey there,

When getting old vulnerability data for issues that have already been resolved, a few things could be happening.

One common occurrence is an old staging site producing the report, but because it has the production site information, it looks like the notifications are coming from the production website. So, if you know of a staging site, verify that the notifications aren’t accidentally being sent from it.

If this isn’t the case, try removing and re-adding your SolidWP Security Pro license if using pro to the website. If the error persists, you might be due to plugin transient data, so I’d suggest installing a transient clearing plugin like?Transients Manager?and clearing the plugin’s transients.

Upon activating the Transients Manager plugin, you need to go to?Tools ? Transients?in your WordPress dashboard. From here, you will see a list of transients stored in your WordPress database.

You can perform bulk deletion tasks or delete transients individually.

This page lets you perform the following bulk actions:

• Delete expired transients.
• Delete selected transients.
• Delete all transients with an expiration date.
• Delete all transients.

You can start with deleting all transients that start with “itsec_” if that doesn’t resolve it try deleting all transients. 

Sincerely,
Kevin

Hey there,

I’ve run tests using my PHP 8.3 WordPress sandbox on both Solid Security Pro and Basic, but I haven’t been able to successfully trigger this MySQL query sequence error.

The issue appears to be caused by Solid Security Telemetry. You can try disabling “Allow Data Sharing” in Solid Security by going to?Security > Settings > Global Settings,?scrolling down to?Other,?and making sure “Allow Data Sharing”?is UNchecked.?

If you use a caching plugin (e.g., WP Rocket, W3 Total Cache, or LiteSpeed Cache), then clear all caches.

You may also want to clear all transient data in phpMyAdmin with this SQL query:
DELETE FROM ihdhu4xkh_options WHERE option_name LIKE 'transient%';

However, be sure to make a backup of your website before doing this.

Please let me know if disabling data sharing and clearing your transients/cache resolves the query error, or if you have any follow-up questions.

Best,
Kevin
SolidWP Support

Hey there,

I understand you’re getting a PHP warning on your site with Solid Security Pro.

This has been reported in the past and was resolved once the user uninstalled and reinstalled Solid Security Pro on their website.

When you uninstall and delete Solid Security Pro from the WP Plugins page, it runs a cleanup script and removes itself from the site, including the database. Anything left over is temporary data (transients/cron jobs) that WordPress stores.

<span style=”box-sizing: border-box; margin: 0px; padding: 0px;”>Once deleted, please clear all caches in this manner:?server cache -> CDN cache (if you use it) -> plugin cache -> browser cache?before installing a fresh copy of the latest plugin version, which you can grab from your?SolidWP Member Panel.</span>

I recommend?backing up?your site before you make any changes.

Please let me know if uninstalling and re-installing Solid Security Pro helped or if you have other questions.

Best regards,
Kevin
SolidWP Support

@visualvision, I’m sorry for the extremely slow turnaround. Notifications for this thread were being sent to an older email address that I check infrequently; I’ve rectified this issue.

I’ve attempted to replicate this behavior in my testing environment to no avail, so this issue may be part of a conflict.

To resolve this, I’d first suggest checking for a conflict using the steps from this article:?Checking for a Conflict. This is a standard step to confirm if the issue remains when all other plugins and themes are deactivated.
?
If the issue persists, try to enable WP Debug ?(including?SCRIPT_DEBUG) by following the guide here:?Debugging in WordPress. Try to do another round of mobile 2FA setup until you reach the area where the issue happens. Then, open your browser’s console to check for any plugin errors when encountering the problem. Look for any related errors on your site’s?debug.log?file and server error logs (if you have access). If you need help accessing the debug.log file, please ask for your hosting provider’s assistance, and while at it, please have them check the server error logs, too. Once you’ve got the error details, please send them our way.

Hey Nic,

You’ve come to the right place; let’s get this sorted.

So based on what I’m reading these issues are coming from two different things. So I’m going to address them as such.

1. Your device is being blocked or potentially locked out.
I’m still not 100% certain I follow what is happening here. You attempt to set up 2FA, at which point you’re unable to navigate to the site “I couldn’t get to the site”? When you type the url of the website are you seeing anything at all or does the site come up as a 500 server not found error? If you do see something and it says something about a “lockout” or “restriction” it’s possible you triggered an IP lockout/ban for the device having difficulty accessing the website.

If you’re seeing a restricted access or lockout message; using the secondary device – navigate to Security > FIrewall > IP Managment > Active Lockouts here, look for your the IP of the device experiencing issues, clear the IP from the list and add it to the Authorized IPs list.

2. Manual Site Scans fail on plugins, themes, WordPress core and Google SafeBrowsing.
This is triggered when your Logging setting is set to Database only, you can find this setting via Security > Settings > General Settings, and then scrolling down to the Logging section. Make sure you change it File Only or Both if you’d like to fix this issue.

Keep me posted on if this helps resolve the issues you’re experiencing!

Very Best,

Kevin M
SolidWP Support

Hello,

@nlpro would be correct, this is a harmless notice and it will be addressed by our developers as soon as they have the capacity to do so. Should see this resolved in a future update.

Very best,

Kevin M.
SolidWP Support

Hey Abbi,

This is highly unusual and I can’t say I’ve heard of this happening because of Solid Security before. Could you try disabling the Solid Security plugin to see if the issue persist?

Very best,

Kevin
SolidWP Support

Hey Alex,

I’d gladly help troubleshoot this with you.

To start, lets get a look at the site scan logs, you should be able to locate those via Security > Logs > Important Events, here you should see Site Scan. Click the “View Details” button on the left of the event, then “Show Raw Details”. Copy that information and paste it in your reply for me to review.

You may want to share the url of the site I can attempt to trigger a lockout. It could potentially be a conflict of some sort as well, you could start by enabling wp-debug and if there’s no errors present, start doing a conflict test on the site to see if any plugins are interfering with Solid Security.

Best,

Kevin
SolidWP Support

Hey @luquerias I installed this plugin on my sandbox environment running 6.6.2-WP with PHP 8.1.29, with no issues.

Here are some steps to troubleshoot and resolve this issue:

1. Update Plugins: Ensure that AutomatorWP and all other plugins, including Solid Security Basic, are up to date. Compatibility issues often arise from outdated plugins.
2. Check PHP Version: Make sure your server is running a supported version of PHP. AutomatorWP may require a minimum version (usually PHP 7.2 or higher).
3. Conflict Testing: Temporarily deactivate other plugins to see if the issue persists. If the error goes away, reactivate the plugins one by one to identify the conflicting plugin.
4. Theme Conflict: Switch to a default WordPress theme (like Twenty Twenty-Four) to check if the issue is related to your current theme.
5. Error Logs: Check your server’s error logs for more specific messages related to the hash function error. This can provide clues about what’s going wrong.
6. Reinstall AutomatorWP: If the problem continues, try deleting and reinstalling the AutomatorWP plugin. This can resolve issues caused by corrupted files.
   

Let me know if you have any updates on this matter or further questions.

Best,

Kevin M.
SolidWP Support

Hey there,
Site Vulnerabilities can be found using the Security > Vulnerabilities Site Scan tool. Running the site scan will provide you a report on site vulnerabilities, there’s also the scheduled site scan that runs twice daily. You can manage the notifications of these scans in Security > Settings > Notifications under “Site Scan Results”.

As for IP Block list, this can be found in Security > Firewall > IP Management then under “Banned IPs” or “Active Lockouts” you’ll see a list of all the IP’s depending on the selection.

Let me know if this answer your question or if you have further questions.

Have a great week!

Best,

Kevin M.
SolidWP Support

Absolutely!

I believe the setting you’re looking for is found via:
Security > Settings > Features > Firewall > Local Brute Force

If you expand that setting, you should see the?Login Attempts?field. You can then modify this to the number you think is best for your security needs.

I hope this helps, and if you have any further questions, let me know!

Best,
Kevin M.
SolidWP Support

Hey Corey,

I’d be happy to help answer this question!

The issue you’re experiencing seems related to how Solid Security is set to detect user IPs. If you’re using a Proxy service for your website, you may need to adjust the Proxy Detection settings in

Security > Settings > Global Settings > Scroll Down to IP Detection.

Once you get to IP Detection settings, click the dropdown menu and select “Manual”. This will open additional options, from here you’ll need to select the correct Proxy Header that you need for your server settings. If using Cloudflare you’ll need the CF-Connecting-IP header, otherwise most other proxy servers use X-Forwared-For

When a Proxy server is being used, the users will be re-routed to your site, which puts all users within a specific IP range with the user’s actual IP being hidden unless the correct header is in place to request it from the server. So, If one of the users triggers a lockout, it can impact many users because of the shared IP range from being routed by the proxy.

Setting the appropriate Proxy Detection will allow the IP address to be properly read preventing users from being blocked by accident and correctly assigning restrictions to the appropriate IP addresses.

Let me know if this helps resolve your issue, and I’m here to help if you have any further issues.

Best,

Kevin M.
SolidWP Support