rahra0

Is somebody from the Hestia theme reading this forum?

Ok, thank you.

Do you have any suggestion for a well-working SMTP plugin?

Bernhard

Hi!

I tested now with all plugins disabled. I also tried various PDF files, all files less than 1 MB. Same problem. Interestingly, the error message is always the same (including the exact same amount of bytes) independently of which PDF file I upload.

This is a WP network installation which runs like a charm since almost 10 years. There are about 10 blogs in the network. Thus, I have a test blog within this network and can test almost everything.
The WP is the latest version 5.3.

Bernhard

I could figure out, what exactly happens and could solve the issue.

Again, the setup is a WP multisite installation. I have one superadmin which is only member of the primary blog which I use solely for administration of the network. In this primary blog no plugin is active except the Wordfence plugin and the Multisite Enhancements which are both network activated.

I created a testblog and several testusers to find out what is happening.
Actually the short answer is that the “Settings->Enable 2FA for these roles” caused the issue and that this setting is done separately on each blog.
I did not expect that at first hand because this options menu is only visible to the superadmin and not the regular administrator. And even for the superadmin the menu is a little bit hidden.

So what to do:
1.) Add the superadmin as user to the (each) sub-blog of the WP network.
2.) Login to the sub-blog with the superadmin and navigate to the “Edit my profile” in the right upper corner.
3.) Scroll down, somewhere in the middle to “Wordfence Login Security” and click “Activate 2FA”.
4.) On the newly opened options page click the second tab “Settings” (again, which is only visible to the superadmin) and activate the roles for which you want to enable 2FA.
5.) Save the settings.
6.) You can remove the superadmin from the blog as a user again.

I’d like to point out that if a user has the 2FA-permission in any of the blogs he is allow to use 2FA on all blogs even if the role disallows it (if the user has different roles in different blogs). That actually was causing my confusion.

Best regards,
Bernhard

I updated it but it does still not work on the one blog. But the error message in the error_log doesn’t appear any more.

Bernhard

Hi!

Thanks for your reply.
Actually this is a WP multisite installation. I manage the users through the “master” site as supposed, without any special plugin.
On the master site (where the WP network is configured) there is only the “Wordfence Security” plugin and the “Multisite Enhancements” plugin active. I can deactivate the latter and test if this creates any collision.

Or do you think it could be from a plugin of a user blog? I have a test blog within this installation. I will again try to use it and test it without any other plugins active.

Best regards,
Bernhard

Deleting the fta_settings did not help. The error log of the web server shows the following:

[Tue Oct 08 10:49:49.441514 2019] [php7:warn] [pid 66542] [client 193.81.143.52:47078] PHP Warning:  key() expects parameter 1 to be array, null given in /var/www/apache24/wordpress/wp-content/plugins/easy-facebook-likebox/my-instagram-feed/includes/mif-skins.php on line 99, referer: https://www.obermassing.at/wp-admin/plugins.php
[Tue Oct 08 10:49:52.160175 2019] [php7:warn] [pid 66542] [client 193.81.143.52:47078] PHP Warning:  key() expects parameter 1 to be array, null given in /var/www/apache24/wordpress/wp-content/plugins/easy-facebook-likebox/my-instagram-feed/includes/mif-skins.php on line 99, referer: https://www.obermassing.at/wp-admin/plugins.php?activate=true&plugin_status=all&paged=1&s=
[Tue Oct 08 10:50:00.452549 2019] [php7:warn] [pid 30434] [client 2a0c:ec80:55:161::6:59820] PHP Warning:  key() expects parameter 1 to be array, null given in /var/www/apache24/wordpress/wp-content/plugins/easy-facebook-likebox/my-instagram-feed/includes/mif-skins.php on line 99

Interestingly, if I activate the plugin it somehow creates pages with the title “My Instagram Feed Demo”.
I have to delete them after activating the plugin.

I run a multisite installation and it is the “Graphene” theme. On other blogs it works, hence, it definitely seems to be theme-related.

Bernhard

I tried several combinations of adding various user with different user names, email addresses and so and could not really find out in which cases it comes to the conclusion that 2FA is “Not Allowed”.

I had a look at the code and came to the conclusion the there seems to be a bug in the function _user_can_for_blog() which is called by can_activate_2fa() (in modules/login-security/classes/controller/users.php:164). Unfortunately, I cannot debug it completely since I do not fully understand the complex code dependencies.

I patched the code to hard-coded return true every time, but obviously that’s not a final solution.

Is there anybody from Wordfence reading here? Or do the have any contact?

Best regards,
Bernhard

In respect to my previous posting for WP developers:
*) The upload itself seems to work, since I can find the files in the /tmp folder of the server.
*) It is the same behavior when using the browser uploader.

I run a Multi-Site WP installation very successful since many years on FreeBSD+Apache+PHP56. Some time ago I encountered the same problem with file uploads. More specifically:
*) image upload works
*) uploading files with disallowed extensions fails (as expected)
*) uploading allowed file types other than images, e.g. mp3 fails with “HTTP error”

I tried all those options shown within this thread without success. The Web server log shows that the child process of the Apache segfaults. When I decrease PHP memory_limit the log file shows the error message of memory_limit and segfaults immediately afterwards. When increasing the memory_limit again the mem_limit-error-message goes away but it keeps segfaulting. I re-istalled all binaries without any success.

The problem was solved after upgrading PHP from 5.6 to 7.2.

I had the same problem.

Options -> Other options -> Delete Wordfence tables and data on deactivation to remove Wordfence completely

and a re-installation did not help.

Finally, I found out that the InnoDB files where internally somehow corrupted and I couldn’t find any way to repair this. My mysql_errorlog showed the following messages on reactivation of the Wordfence plugin:

InnoDB: The error means the system cannot find the path specified.
InnoDB: If you are installing InnoDB, remember that you must create
InnoDB: directories yourself, InnoDB does not create them.
2016-07-31 17:01:34 1332 [ERROR] InnoDB: Could not find a valid tablespace file for 'wpm/wp_mu_wfNet404s'. See https://dev.mysql.com/doc/refman/5.6/en/innodb-troubleshooting-datadict.html for how to resolve the issue.
2016-07-31 17:01:34 1332 [ERROR] InnoDB: Tablespace open failed for '"wpm"."wp_mu_wfNet404s"', ignored.
2016-07-31 17:01:34 802c06400  InnoDB: Operating system error number 2 in a file operation.

The only way to recover was to completely dump all databases, then stopping the mysql server and removing all database files in the file system. Then I restarted the server which created fresh InnoDB files and finally I imported all data again.

This is indeed a missing feature! There are postings which are more than 2 years old kindly requesting IPv6.
Please IPv6-support!

The solution to disable IPv6 is not a soltion (found on Wordfence site: https://support.wordfence.com/support/articles/1000011134-i-m-getting-errors-that-wordfence-can-t-detect-visitor-ip-addresses-or-i-use-ipv6-on-my-site-and-i-k)

Why do you think it is SSL-related? Both of above domains are plain HTTP without SSL. They differ in their domain name.

It’s extremely annoying. I’m unable to get this to work.
I set up a completely fresh blog (within the existing network). I assigned two domain names which are CNAMEs to the primary name of the site/network (which is anafi.abenteuerland.at):

https://w3test.abenteuerland.at/
https://w3test.cypherpunk.at/

Although it seems to work, Firebug clearly shows that everything is fetched from the first domain name except the initial request.

As usual, I added two <VirtualHost> stanzas to the Apache configuration, one for each domain name.

Regards,
Bernhard

I’ll setup a new fresh install without SSL for testing purpose and will post the results here again.