Nicolas V.
Supporter
Languages:
English (English )
French (Français )
Timezone:
America/Lima (GMT-05:00)
|
Hello,
Just to let you know that I managed to install the last duplicator copy and reactivate UpdraftPlus which allowed me to reinstall your plugins and themes.
I reactivated WPML and I noticed that in "WPML > Settings > Taxonomies Translation" you set "Template Part Areas (wp_template_part_area)" as translatable but it shouldn't. It should be set as "Not translatable".
Then I also review all WPML tables and compare their structure to make sure that everything was in order. So far the tables from WPML look fine, and no specific error in debug.log (only the cron jobs issue and deprecated notices I mentioned in my video). In "WPML > Support" all server requirements are met.
Next Step, I'll try to reactivate all plugins and see if I notice something.
|
Swen Kleibrink
|
Hi,
Thanks for your work. I hope you can identify it, I set the item to not translatable.
Strange this time trying to activate the plugin i received a 503 error in backend, instead of critical error But frontend still works.
debug.log only has this :
[21-Aug-2023 07:25:55 UTC] PHP Deprecated: stripos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /home4/a60p1p9l/starpaint.de/wp-content/plugins/google-site-kit/includes/Core/REST_API/REST_Routes.php on line 69
[21-Aug-2023 07:25:56 UTC] PHP Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated in /home4/a60p1p9l/starpaint.de/wp-content/plugins/megamenu/megamenu.php on line 948
[21-Aug-2023 07:25:56 UTC] PHP Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated in /home4/a60p1p9l/starpaint.de/wp-content/plugins/megamenu/megamenu.php on line 948
[21-Aug-2023 07:25:57 UTC] PHP Notice: ob_end_flush(): Failed to send buffer of zlib output compression (0) in /home4/a60p1p9l/starpaint.de/wp-includes/functions.php on line 5349
[21-Aug-2023 07:26:15 UTC] PHP Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated in /home4/a60p1p9l/starpaint.de/wp-content/plugins/megamenu/megamenu.php on line 948
[21-Aug-2023 07:26:15 UTC] PHP Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated in /home4/a60p1p9l/starpaint.de/wp-content/plugins/megamenu/megamenu.php on line 948
[21-Aug-2023 07:26:15 UTC] PHP Notice: ob_end_flush(): Failed to send buffer of zlib output compression (0) in /home4/a60p1p9l/starpaint.de/wp-includes/functions.php on line 5349
I turned off compression in php.ini settings
that didn't help
I downgraded to php 8.0 from 8.1 to see and still problem.
moved site kit plugin out still problems
moved rankmath to another folder problem went away
reenabled sitekit no error
turned compression back on in php no error
updated php to 8.2 from 8.0 still ok
I have open ticket with Rank math, but they say there is no problem with WPML so maybe you need to reach out to them https://wordpress.org/support/topic/new-conflict-with-wpml-string-translation-plugin/#post-16988162
also the on going support with Google https://wordpress.org/support/topic/there-has-been-a-critical-error-on-this-website-please-check-your-site-admin-em-32/#post-16988165
|
Swen Kleibrink
|
interesting, without rankmath enabled when you click to configure string translation I get the critical error or 503 error in backend.
|
Swen Kleibrink
|
I took the painstaking task of loading my linux , I had to configure LAMP etc but I don't see the error on my linux only on backend, I forgot to check which version of php I am using, and I use mariadb and also had error could not connect to WPML and the permilinks would not work on frontend but backend did not have an error.
here is my php.ini settings
; cPanel-generated php ini directives, do not edit
; Manual editing of this file may result in unexpected behavior.
; To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
; For more information, read our documentation (<em><u>hidden link</u></em>)
allow_url_fopen = Off
display_errors = Off
enable_dl = Off
file_uploads = On
max_execution_time = 90
max_input_time = 120
max_input_vars = 5000
memory_limit = 1024M
post_max_size = 256M
session.gc_maxlifetime = 1440
session.save_path = "/var/cpanel/php/sessions/ea-php82"
upload_max_filesize = 256M
zlib.output_compression = On
I use bulletproof security here is the .htaccess for root
text/x-generic .htaccess ( UTF-8 Unicode text )
# BULLETPROOF 6.9 SECURE .HTACCESS
# CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
# PHP/php.ini handler htaccess code
AddHandler application/x-httpd-ea-php81___lsphp .php .php8 .phtml
# TURN OFF YOUR SERVER SIGNATURE
# Suppresses the footer line server version number and ServerName of the serving virtual host
ServerSignature Off
# DO NOT SHOW DIRECTORY LISTING
# Disallow mod_autoindex from displaying a directory listing
# If a 500 Internal Server Error occurs when activating Root BulletProof Mode
# copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code
# and paste it into BPS Custom Code and comment out Options -Indexes
# by adding a # sign in front of it.
# Example: #Options -Indexes
Options -Indexes
# DIRECTORY INDEX FORCE INDEX.PHP
# Use index.php as default directory index file. index.html will be ignored.
# If a 500 Internal Server Error occurs when activating Root BulletProof Mode
# copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code
# and paste it into BPS Custom Code and comment out DirectoryIndex
# by adding a # sign in front of it.
# Example: #DirectoryIndex index.php index.html /index.php
DirectoryIndex index.php index.html /index.php
# BRUTE FORCE LOGIN PAGE PROTECTION
# PLACEHOLDER ONLY
# Use BPS Custom Code to add Brute Force Login protection code and to save it permanently.
# See this link: <em><u>hidden link</u></em>
# for more information.
# BPS ERROR LOGGING AND TRACKING
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# BPS has premade 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed and
# 410 Gone template logging files that are used to track and log 400, 403, 404, 405 and 410 errors
# that occur on your website. When a hacker attempts to hack your website the hackers IP address,
# Host name, Request Method, Referering link, the file name or requested resource, the user agent
# of the hacker and the query string used in the hack attempt are logged.
# All BPS log files are htaccess protected so that only you can view them.
# The 400.php, 403.php, 404.php, 405.php and 410.php files are located in /wp-content/plugins/bulletproof-security/
# The 400, 403, 405 and 410 Error logging files are already set up and will automatically start logging errors
# after you install BPS and have activated BulletProof Mode for your Root folder.
# If you would like to log 404 errors you will need to copy the logging code in the BPS 404.php file
# to your Theme's 404.php template file. Simple instructions are included in the BPS 404.php file.
# You can open the BPS 404.php file using the WP Plugins Editor or manually editing the file.
# NOTE: By default WordPress automatically looks in your Theme's folder for a 404.php Theme template file.
ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
ErrorDocument 401 default
ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
ErrorDocument 404 /404.php
ErrorDocument 405 /wp-content/plugins/bulletproof-security/405.php
ErrorDocument 410 /wp-content/plugins/bulletproof-security/410.php
# DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs
RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$
# WP-ADMIN/INCLUDES
# Use BPS Custom Code to remove this code permanently.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
RewriteRule ^wp-includes/theme-compat/ - [F]
# WP REWRITE LOOP START
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]
# PLUGINS/THEMES AND VARIOUS EXPLOIT FILTER SKIP RULES
# To add plugin/theme skip/bypass rules use BPS Custom Code.
# The [S] flag is used to skip following rules. Skip rule [S=12] will skip 12 following RewriteRules.
# The skip rules MUST be in descending consecutive number order: 12, 11, 10, 9...
# If you delete a skip rule, change the other skip rule numbers accordingly.
# Examples: If RewriteRule [S=5] is deleted than change [S=6] to [S=5], [S=7] to [S=6], etc.
# If you add a new skip rule above skip rule 12 it will be skip rule 13: [S=13]
# CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
# WPBakery Visual Composer plugin skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/js_composer/ [NC]
RewriteRule . - [S=15]
# WooCommerce shop, cart, checkout & wishlist URI skip/bypass rule
RewriteCond %{REQUEST_URI} ^.*/(shop|cart|checkout|wishlist).* [NC]
RewriteRule . - [S=14]
# WooCommerce order & wc-ajax= Query String skip/bypass rule
RewriteCond %{QUERY_STRING} .*(order|wc-ajax=).* [NC]
RewriteRule . - [S=13]
# Adminer MySQL management tool data populate
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/adminer/ [NC]
RewriteRule . - [S=12]
# Comment Spam Pack MU Plugin - CAPTCHA images not displaying
RewriteCond %{REQUEST_URI} ^/wp-content/mu-plugins/custom-anti-spam/ [NC]
RewriteRule . - [S=11]
# Peters Custom Anti-Spam display CAPTCHA Image
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/peters-custom-anti-spam-image/ [NC]
RewriteRule . - [S=10]
# Status Updater plugin fb connect
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/fb-status-updater/ [NC]
RewriteRule . - [S=9]
# Stream Video Player - Adding FLV Videos Blocked
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/stream-video-player/ [NC]
RewriteRule . - [S=8]
# XCloner 404 or 403 error when updating settings
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/xcloner-backup-and-restore/ [NC]
RewriteRule . - [S=7]
# BuddyPress Logout Redirect
RewriteCond %{QUERY_STRING} action=logout&redirect_to=http%3A%2F%2F(.*) [NC]
RewriteRule . - [S=6]
# redirect_to=
RewriteCond %{QUERY_STRING} redirect_to=(.*) [NC]
RewriteRule . - [S=5]
# Login Plugins Password Reset And Redirect 1
RewriteCond %{QUERY_STRING} action=resetpass&key=(.*) [NC]
RewriteRule . - [S=4]
# Login Plugins Password Reset And Redirect 2
RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC]
RewriteRule . - [S=3]
# CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
#
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*starpaint.de.*
RewriteRule . - [S=1]
# CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
# The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
# Good sites such as W3C use it for their W3C-LinkChecker.
# Use BPS Custom Code to add or remove user agents temporarily or permanently from the
# User Agent filters directly below or to modify/edit/change any of the other security code rules below.
RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
# END BPSQSE BPS QUERY STRING EXPLOITS
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# WP REWRITE LOOP END
# DENY BROWSER ACCESS TO THESE FILES
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
# To be able to view these files from a Browser, replace 127.0.0.1 with your actual
# current IP address. Comment out: #Require all denied and Uncomment: Require ip 127.0.0.1
# Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1
# Note: The BPS System Info page displays which modules are loaded on your server.
<FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
<IfModule mod_authz_core.c>
Require all denied
#Require ip 127.0.0.1
</IfModule>
<IfModule !mod_authz_core.c>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
#Allow from 127.0.0.1
</IfModule>
</IfModule>
</FilesMatch>
# HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE
# PLACEHOLDER ONLY
# Use BPS Custom Code to add custom code and save it permanently here.
# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (<em><u>hidden link</u></em>)
<IfModule php8_module>
php_flag display_errors Off
php_value max_execution_time 90
php_value max_input_time 120
php_value max_input_vars 5000
php_value memory_limit 1024M
php_value post_max_size 256M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php82"
php_value upload_max_filesize 256M
php_flag zlib.output_compression On
</IfModule>
<IfModule lsapi_module>
php_flag display_errors Off
php_value max_execution_time 90
php_value max_input_time 120
php_value max_input_vars 5000
php_value memory_limit 1024M
php_value post_max_size 256M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php82"
php_value upload_max_filesize 256M
php_flag zlib.output_compression On
</IfModule>
# END cPanel-generated php ini directives, do not edit
# php -- BEGIN cPanel-generated handler, do not edit
# Set the "ea-php82" package as the default "PHP" programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php82___lsphp .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
here is .htaccess for wp-admin
# BULLETPROOF 6.9 WP-ADMIN SECURE .HTACCESS
# DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
# RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
# RewriteRule . /index.php [L] will break WordPress
# WPADMIN DENY BROWSER ACCESS TO FILES
# Deny Browser access to /wp-admin/install.php
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# To be able to view the install.php file from a Browser, replace 127.0.0.1 with your actual
# current IP address. Comment out: #Require all denied and Uncomment: Require ip 127.0.0.1
# Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1
# Note: The BPS System Info page displays which modules are loaded on your server.
# BEGIN BPS WPADMIN DENY ACCESS TO FILES
<FilesMatch "^(install\.php)">
<IfModule mod_authz_core.c>
Require all denied
#Require ip 127.0.0.1
</IfModule>
<IfModule !mod_authz_core.c>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
#Allow from 127.0.0.1
</IfModule>
</IfModule>
</FilesMatch>
# END BPS WPADMIN DENY ACCESS TO FILES
# BEGIN OPTIONAL WP-ADMIN ADDITIONAL SECURITY MEASURES:
# BEGIN CUSTOM CODE WPADMIN TOP
# Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.
# END CUSTOM CODE WPADMIN TOP
# BEGIN EXAMPLE OF OPTIONAL/ADDITIONAL SECURITY MEASURES
# EXAMPLE WP-ADMIN DIRECTORY PASSWORD PROTECTION - .htpasswd
# Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.
# This code example from BEGIN EXAMPLE to END EXAMPLE is just an example of optional
# code that you could add to your wp-admin htaccess file in the CUSTOM CODE WPADMIN TOP text box.
# IMPORTANT: To setup Directory Password Protection use your web host control panel.
# This example code is just showing you what the code will look like after you setup
# Directory Password Protection using your web host control panel.
# NOTES: Adding Directory Password Protection creates an additional password login
# to gain access to your wp-admin folder/WordPress Login page.
# Users / visitors to your site will not be able to register or login to your site
# unless you give them the Directory Password Protection username and password.
# You can specify a single specific user or use valid-user to allow all valid
# user accounts to be able to login to your site.
# EXAMPLE:
#AuthType basic
#AuthGroupFile /dev/null
#AuthUserFile /path/to/protected/server/directory/.htpasswd
#AuthName "Password Protected Area"
#require user JohnDoe
#require valid-user
# END EXAMPLE OF OPTIONAL/ADDITIONAL SECURITY MEASURES
# END OPTIONAL WP-ADMIN ADDITIONAL SECURITY MEASURES
# BPS REWRITE ENGINE
RewriteEngine On
# BEGIN CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
# To add wp-admin plugin skip/bypass rules use BPS wp-admin Custom Code.
# If a plugin is calling a wp-admin file in a way that it is being blocked/forbidden
# by BPS you can whitelist that file name by creating a skip rule for that file.
#
# Example: skip/bypass rule for the admin-ajax.php file and post.php file
# RewriteCond %{REQUEST_URI} (admin-ajax\.php|post\.php) [NC]
# RewriteRule . - [S=2]
#
# The [S] flag is used to skip following rules. Skip rule [S=2] will skip 2 following RewriteRules.
# The skip rules MUST be in descending consecutive number order: 4, 3, 2...
# If you add a new skip rule above skip rule 2 it will be skip rule 3: [S=3]
#
# Example: Multiple skip rules in descending consecutive number order.
# Yoast Facebook OpenGraph wp-admin plugin skip/bypass rule
# RewriteCond %{QUERY_STRING} page=wpseo_social&key=(.*) [NC]
# RewriteRule . - [S=3]
# skip/bypass rule for the admin-ajax.php file and post.php file
# RewriteCond %{REQUEST_URI} (admin-ajax\.php|post\.php) [NC]
# RewriteRule . - [S=2]
#
# post.php skip/bypass rule
RewriteCond %{REQUEST_URI} (post\.php) [NC]
RewriteRule . - [S=2]
# END CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
# DEFAULT WHITELIST SKIP RULE FOR press-this.php AND widgets.php
RewriteCond %{REQUEST_URI} (press-this\.php|widgets\.php) [NC]
RewriteRule . - [S=1]
# BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
# WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED
# Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\s+|%20+\s+|\s+%20+|\s+%20+\s+)(http|https)(:/|/) [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
# END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
and the only other think my linux (linux mint) not a server did not have connection to cloudflare and does not have wordfence installed.
I will call support for our host to look around at server while I wait for your response
but I want to solve this soon
could it be wordpress core files ? or something I reinstaleld them, but I could delete and manually reinstall. ?
please let me know
thanks
|
Swen Kleibrink
|
Hi I found a workaround it is with the latest wordpress version:
I disabled a rule in rankmath via cloudflare ip source address user agent and in coding for rankmath timeout at the same time i downgraded wordpress to 6.2.2 by manually deleting all wordpress core files and uploading 6.2.2
now the conflict is not there
and the error log is not large I cleared it out
but I was getting this in error_log below but now the conflict is away
Google says its site kit plugin still causes problems and Rank math says these errors below are yours.. so please let me know when you fix them
I stay at the older version of WordPress until fixed
[21-Aug-2023 07:14:37 UTC] Cron-Reschedule-Event-Fehler für Hook: primeMoverDeleteSymlinkEvent, Fehlercode: invalid_schedule, Fehlermeldung: Die Ereignisplanung existiert nicht., Daten: {"schedule":"every_prime_mover_biweek","args":[],"interval":259200}
[21-Aug-2023 07:37:11 UTC] PHP Warning: include(/home.../wp-content/plugins/seo-by-rank-math/vendor/composer/../../includes/traits/class-hooker.php): Failed to open stream: No such file or directory in /home.../wp-content/plugins/sitepress-multilingual-cms/vendor/composer/ClassLoader.php on line 571
[21-Aug-2023 07:37:11 UTC] PHP Warning: include(): Failed opening '/home.../wp-content/plugins/seo-by-rank-math/vendor/composer/../../includes/traits/class-hooker.php' for inclusion (include_path='.:/opt/cpanel/ea-php81/root/usr/share/pear') in /home.../wp-content/plugins/sitepress-multilingual-cms/vendor/composer/ClassLoader.php on line 571
[21-Aug-2023 07:37:11 UTC] PHP Fatal error: Trait "RankMath\Traits\Hooker" not found in /home.../wp-content/plugins/seo-by-rank-math/includes/class-installer.php on line 26
[21-Aug-2023 08:45:16 UTC] PHP Warning: Undefined property: stdClass::$plugin in /home.../wp-admin/includes/class-wp-automatic-updater.php on line 228
|
Swen Kleibrink
|
Morning I see no one is active on this issue that is pressing that is why I spent hours and days trying to figure it out.
I have talked with the Google and WordPress team along with Rank Math I also have problems on other websites as well as my partner. I am not sure if the String Translation Plugin has conflict with your new fix in the CMS plugin but it has problems with the WordPress version and with Rank Math and Site Kit. I was able to reproduce on my standalone Linux server after my first tests, the WordPress updated and then had the problem.
Below are my details I hope it helps you along with the last errors.
I believe The issue has to do with something new in WordPress 6.3 It has created lots of problems. Me and my business partner manage over 100 sites and half of them or more have problems. Backend wp-admin critical error, or 503 error or 500 error. Front end works fine.
I can confirm the first problem was with
1. Google Site Kit - they are still working on a fix in but not yet
2. Rank Math - still trying to analyze it
3. WPML Multilingual CMS (Core) Version 4.6.5 - this has been updated but possibly still has conflict because
4. WPML String Translation Version 3.2.7 when activated with your plugin / and or Google Site Kit throws errors only in backend -
5. Also multiple plugins are throwing php errors under the latest wordpress verison for example Max Mega Menu Version 3.2.2
I can confirm downgrading to PHP 8.0 or upgrading from 8.1 to 8.2 does not solve the problem. Many sites can't go below 8.0 because so many themes, plugins, etc have been updated to work with PHP 8.0 and higher.
I can confirm the only workarounds are:
1. Disable Rank Math Plugin and Google Site Kit so that WPML throws no errors -OR-
2. Downgrade WordPress to Version 6.2.2 then re-enable Rank Math and Google Site Kit
More information:
On the primary website I am writing this issue about we disabled all plugins except only necessary one at a time to see where he conflict lies.
Themes installed on this site and others*:
VanTam Themes, Ocean WP, Traveler, GeneratePress, Divi, BeTheme, The 7 *I won't list all because it is not a theme problem
Basic required plugins:
Bulletproof Security
Wordfence
Woocommerce
Woocommerce Shipping & Tax
Fish & Ships
Perfmatters
Rank Math SEO
Google Site Kit
WPML Multilingual CMS
WPML String Translation
UpdraftPlus
WPML Forms Multilingual
in some cases:
Shoplentor
YITH extras for Woocommerce
and in some cases required plugins for the theme
How tested:
Only activated the two WPML Plugins then the offending plugin (ie Rank math or Google Site Kit) both caused the backend to crash with errors
We have cleaned out manually all folders except what is needed, re-uploaded WordPress 6.2.2 manually via FTP, deleted and re-downloaded each and every plugin only the two workarounds stop the odd behavior until WordPress and other Plugin authors find the bugs and correct them.
I hope this helps you
|
Nicolas V.
Supporter
Languages:
English (English )
French (Français )
Timezone:
America/Lima (GMT-05:00)
|
Hello,
We're still working on your package. I found that if String translation is activated, and I start reactivated the other plugins, at some point I'll have the following error:
Fatal error: Allowed memory size of 536870912 bytes exhausted
I increased the memory to 2048M but the issue persist. Here is the feedback I received from second tier support this morning:
Some users have reported performance issues with String Translation when used with WordPress 6.3. These issues arise in specific scenarios and appear to be associated with strings that have the “default” text domain.
As a workaround, you can use the following steps:
Backup the website
- Option 1: Go to “WPML > String Translation”, find and delete the strings belonging to “default” textdomain. (recommended)
- Option 2: Downgrade WordPress to 6.2.2
I'm going to try right now. I have to restore the package first. I'll get back to you.
|
Nicolas V.
Supporter
Languages:
English (English )
French (Français )
Timezone:
America/Lima (GMT-05:00)
|
Hello,
So I downgraded to WP 6.2.2 and I deleted strings that were under the textdomain "Default".
I was able to reactivate all 74 plugins without having the Memory exhausted error.
1. To downgrade you can use: https://wordpress.org/plugins/wp-downgrade/
2. To delete strings from "default" textdomain go to "WPML > String Translation", select "default" under the "in domain" dropdown. Then Select all strings and under the table, click on "Delete selected strings".
|
Swen Kleibrink
|
Ok thanks I notified WordPress in their forum of this, because you are not the only plugin, if they have a memory leak for such use in queries and strings then a lot of users are effected. I just read a review on 6.3 and there is a bug open on memory leak
I am afraid to delete strings but will try with backup then you went back to 6.3 ?
I only see 4 strings in default domain is this correct or all ones starting with default...?
I think 6.3 is too buggy I will stay at 6.2.2 until they resolve issues.
|
Nicolas V.
Supporter
Languages:
English (English )
French (Français )
Timezone:
America/Lima (GMT-05:00)
|
Hi,
Correct it was only 4 strings for me. You shouldn't have to delete them if you downgrade. I did both just to be on the safe side.
|
Swen Kleibrink
|
Ok strange only 4 I thought it would b a few hundred, the last when had a German tranlation "Tag" on it, not sure if it was important.
But why with only 4 of these strings was it leaking so much memory ? And why with WordPress 6.3 ?
How will you fix this in your next version? Or better yet how do we communicate to WordPress to fix the issue ?
Thanks
|
Nicolas V.
Supporter
Languages:
English (English )
French (Français )
Timezone:
America/Lima (GMT-05:00)
|
Hello,
Our developers are still investigating this issue. In the meantime, we've published this errata in case other customers are faced with the same issue: https://wpml.org/errata/wordpress-6-3-performance-issues-with-string-translation-in-specific-scenarios/
|
Nicolas V.
Supporter
Languages:
English (English )
French (Français )
Timezone:
America/Lima (GMT-05:00)
|
Hi,
Just to let you know that today we released new versions of WPML (4.6.6) and String Translation (3.2.8) that should resolve that issue.
Ref: https://wpml.org/errata/wordpress-6-3-performance-issues-with-string-translation-in-specific-scenarios/
|
