nlpro

Hi?@josflachs,

If you require no further assistance, please mark this topic as ‘Resolved’.

+++ To prevent any confusion, I’m not SolidWP +++

Hi?@emilieveber0612,

If you require no further assistance, please mark this topic as ‘Resolved’.

+++ To prevent any confusion, I’m not SolidWP +++

Hi @agenziathinknow,

If you require no further assistance, please mark this topic as ‘Resolved’.

+++ To prevent any confusion, I’m not SolidWP +++

Hi @luquerias,

Ok I see. I’m pretty sure the SolSec plugin does not remove functions. Maybe it’s a plugin conflict (but if it was there would have been more similar reports). Have you tried temporarily deactivating the SolSec plugin? This is the only way to know for sure it is not the culprit.

Hi Lucas,

No, this is not caused by the Solid Security plugin. Probably best to contact AutomatorWP support. They should be able to assist you in fixing these errors.

+++ To prevent any confusion, I’m not SolidWP +++

Hi @shanedelierrr,

Okidoki. Just realized I got the alternative for php_sapi_name() wrong…ahum. Apologies for the confusion.

This is better:

67	} elseif ( ( ! defined( 'WP_CLI' ) || ! WP_CLI ) && ... ) {
68		...
69	}

Hi @boabo, @felicity_gilbertson,

I’ve had a look at the relevant code (I’ve replaced irrelevant lines of code with …):

59	if ( is_ssl() ) {
		...
		...
	
		...
		...
		...
		...
67	} elseif ( 'cli' !== php_sapi_name() && ! ITSEC_Core::doing_data_upgrade() && 'GET' === $_SERVER['REQUEST_METHOD'] ) {
68		$this->redirect_to_https();
69	}

It seems to me that the condition at line 67 (as is) may create a conflict. The goal of the condition is to exclude command line interface (cli) commands from being redirected to https. Which makes sense because a cli command is not an http(s) request. So when a cli command runs there is no point to redirect to https.

However, just checking for ‘cli’ !== php_sapi_name() and then assuming it’s a http request where $_SERVER[‘REQUEST_METHOD’] exists is prone to error/PHP warning. This can easily be avoided:

67	} elseif ( 'cli' !== php_sapi_name() && ! ITSEC_Core::doing_data_upgrade() && isset( $_SERVER['REQUEST_METHOD'] ) && 'GET' === $_SERVER['REQUEST_METHOD'] ) {

As a test please make a copy of the /wp-content/plugins/better-wp-security/core/modules/ssl/class-itsec-ssl.php file. Then edit the original file (not the copy) and change line 67 to match with the above. Then start monitoring whether the issue persists (or not).

@shanedelierrr

Instead of using the PHP php_sapi_name() function it’s probably better to check for the WP_CLI constant:

67	} elseif ( defined( 'WP_CLI' ) && WP_CLI && ... ) {
68		...
69	}

+++ To prevent any confusion, I’m not SolidWP +++

• This reply was modified 5 months, 2 weeks ago by nlpro.
• This reply was modified 5 months, 2 weeks ago by nlpro.
• This reply was modified 5 months, 2 weeks ago by nlpro.

Hi @agenziathinknow,

That is correct, but unfortunately this is the only way to solve the issue you reported in this topic.

Do note, plugins that (http) access php files directly is considered a bad security practice… So avoiding using such plugins would prevent you exposing yourself to serious security reasons ??

Addendum:

You can add a request for excludes to the Disable PHP in Plugins setting to the SolidWP public Ideas board?here.

• This reply was modified 5 months, 2 weeks ago by nlpro.

Hi @emilieveber0612,

In addition to my previous post, you may be interested in reading this topic.

+++ To prevent any confusion, I’m not SolidWP +++

Hi @agenziathinknow,

If you require no further assistance, please mark this topic as ‘Resolved’.

+++ To prevent any confusion, I’m not SolidWP +++

Hi @swb1,

Good to hear my input was usefull to you. If you require no further assistance, please mark this topic as ‘Resolved’.

+++ To prevent any confusion, I’m not SolidWP +++

Hi @josflachs,

Did you also check your spam folder? Also check for any errors:

a. In the Security > Logs page. Under Screen Options tick Show Debug/Process entries. and click on the Apply button. Then filter for Notification Center module log entries. You should be able to see Type:Debug Description:Sending Two-Factor Email entries. If there are any problems sending the 2FA email from WordPress, additional error log entries should be visible. That said, usually the cause for emails not arriving lies outside WordPress. The SolSec plugin uses the WordPress Core wp_mail() function to send emails.

b. In the Security menu in the Admin Bar.

c. In Security > Settings > Notifications.

The 2FA Email provider sends the Login Authentication Code email to the user’s WordPress email address. So you would have to change the email address for that user in the WordPress user profile (Users > Profile).

+++ To prevent any confusion, I’m not SolidWP +++

• This reply was modified 5 months, 2 weeks ago by nlpro.
• This reply was modified 5 months, 2 weeks ago by nlpro.
• This reply was modified 5 months, 2 weeks ago by nlpro.

Hi @sealsystems,

Note I have changed (amongst other things) the curly braces ({}) into square brackets ([]) for the “types” entry. Which makes a big difference ??

I thought I better mention that.

As a side note: What PHP version are you using (8.3.11)?

• This reply was modified 5 months, 2 weeks ago by nlpro.

Hi @sealsystems,

Ok, it looks like the File Change settings have somehow not been upgraded in the past when updating the plugin. I have seen this several times in the past, but never been able to figure out the exact cause. The good news is that we can manually correct the File Change settings. The Debug page interface actually allows you to manually edit the settings and then save them. Simply follow my previous instructions and then manually edit the File Change settings to look exactly as can be seen below:

{
    "file_list": [
        "/wp-content/uploads/ithemes-security/backups"
    ],
    "types": [
        ".log",
        ".mo",
        ".po",
        ".bmp",
        ".gif",
        ".ico",
        ".jpe",
        ".jpeg",
        ".jpg",
        ".png",
        ".psd",
        ".raw",
        ".svg",
        ".tif",
        ".tiff",
        ".aif",
        ".flac",
        ".m4a",
        ".mp3",
        ".oga",
        ".ogg",
        ".ra",
        ".wav",
        ".wma",
        ".asf",
        ".avi",
        ".mkv",
        ".mov",
        ".mp4",
        ".mpe",
        ".mpeg",
        ".mpg",
        ".ogv",
        ".qt",
        ".rm",
        ".vob",
        ".webm",
        ".wm",
        ".wmv"
    ],
    "expected_hashes": {
        "/Volumes/ServerData/OBFUSCATED/wp-config.php": "d620406cd69470023d11229",
        "/Volumes/ServerData/OBFUSCATED/.htaccess": "98bb09e27d81aca338f9fdf"
    },
    "last_scan": 318945,
    "compare_file_hashes": true
}

Don’t forget to replace OBFUSCATED with the correct path.

Finally click on the Save button (Right next to the Load button).

Once the File Change settings have been corrected you should be able to make and save any changes through the plugin UI ??

Hi @sealsystems,

If not already add the line below to the wp-config.php file:

define('ITSEC_DEBUG', true);

This should add an extra Debug menu item under the Security menu option.

Then navigate to Security > Debug.

Under the Settings section select file-change and then click on the Load button.

Please share the file change settings displayed.

+++ To prevent any confusion, I’m not SolidWP +++