WordPress.org

Ready to get started?Download WordPress

Forums

iQ Block Country
[resolved] Error: Cannot modify header information (10 posts)

  1. b-cat
    Member
    Posted 1 year ago #

    Hi,

    I love your plugin. It provides a great service--thank you!

    However, I'm encountering the following problem. When front-end access is blocked, the plugin DOES block access to the site, but it also displays this error message to the person trying to visit the site:

    Warning: Cannot modify header information - headers already sent by (output started at ... /wp-content/themes/ThemeName/header.php:7) in ... /wp-content/plugins/iq-block-country/iq-block-country.php on line 531

    That message is repeated five times, and refers to the iq-block-country.php file at the following line numbers: 531, 532, 533, 534, and 537.

    As noted above, the error also references ...ThemeName/header.php at line 7. For context, I'll provide lines 1-8 below from that ThemeName/header.php file:

    <?php
    /**
     * @package WordPress
     * @subpackage ThemeName
     */
    ?><!DOCTYPE html>
    <html <?php language_attributes(); ?>>
    <head>

    Any ideas on how to prevent the error message from displaying?

    One of the negative effects of this error message is that a hacker in a blocked country can see the entire directory structure of the site, can see that it is a WordPress site, can see the WP ThemeName that the site is based on, and can also see that the site is being blocked by the IQ-Block-Country plugin...which is only going to give them all kinds of ideas for pursuing a hack against the plugin. Would be much better if the site did not reveal so much information when it's trying to block a hacker.

    Thanks for any ideas!

    http://wordpress.org/extend/plugins/iq-block-country/

  2. Pascal
    Member
    Plugin Author

    Posted 1 year ago #

    Hi,

    This is because your theme is sending data before the plugin is able to. A theme will always be displayed partly before the plugin kicks in as this is wordpress behavior.

    I think in this case you can solve it by removing: <?php language_attributes(); ?>

    The error is generated by PHP and not the plugin itself. I think your hosting provider did not set display_errors to off in the php configuration. This supresses most error messages and should reveal as less as possible.

    See for more info:http://phpsec.org/projects/phpsecinfo/tests/display_errors.html

  3. b-cat
    Member
    Posted 1 year ago #

    Thanks, Pascal.

    Your links above are helpful.

    However, I have tried the solutions you recommend, but they don't seem to work on my site. I called my hosting provider, and got instructions on how to turn off the display errors function in the php.ini file, and I've also deleted the <?php language_attributes(); ?> code in the theme's header.php file...but it still displays error messages.

    I also tried modifying the root htaccess file, but that crashed the site, so I've restored the original .htaccess file.

    I might just have to live with this.

  4. Pascal
    Member
    Plugin Author

    Posted 1 year ago #

    Hi,

    You can also alter the plugin code.

    Where it says

    // display block message

    Remove the next line that starts with header just above the print of blockmessage. That should make the error disapear as it will. Ot send the 403 forbidden header.

    It breaks how it should be done but will still be effective with human visits.

  5. b-cat
    Member
    Posted 1 year ago #

    Thanks, Pascal. I think it is fixed now. Here is what I did...

    (1) First, in the plugin php file, I removed the header line that you describe above:
    header ( 'HTTP/1.1 403 Forbidden' );

    However, there were still some header error messages.

    (2) So then I removed these four (4) header lines, also:

    // Prevent as much as possible that this error message is cached:
    header("Cache-Control: no-store, no-cache, must-revalidate");
    header("Cache-Control: post-check=0, pre-check=0", false);
    header("Pragma: no-cache");
    header("Expires: Sat, 26 Jul 2012 05:00:00 GMT");

    And now it appears to work without displaying header errors.

    I don't know if it is a serious problem if the error messages are or are not cached, but I guess it won't matter too much in my case since I'm only blocking people from countries who should not be contacting our site in the first place.

    Thanks again!

  6. b-cat
    Member
    Posted 1 year ago #

    One more note...

    I've noticed that Better WP Security plugin has an option to manually block specific IP addresses. I'm using that plugin, also, and when it blocks an IP address, it seems to do this before the site or the theme loads any info at all, and it delivers in a clean 403 error page without any "cannot modify headers" errors.

    I think Better WP Security is doing this by modifying the root .htaccess file and blocking IP addresses that way.

    I don't know if that is an approach that makes sense for your plugin, but just thought it might be something to consider if these header errors are a common problem.

    All the best!

  7. Pascal
    Member
    Plugin Author

    Posted 12 months ago #

    I must not have been very awake when I wrote my last update on this topic as I completly forgot about the other headers indeed.

    Glad that you solved it by yourself!

    For blocking countries the .htacccess file cannot be used or it will be a very very long list of ip address that are blocked. For individual IP addresses that approach can be used indeed.

    I am curious which headers are send out by your site so if you can supply your website url I can check things out (can also be done via email if you like)

  8. b-cat
    Member
    Posted 12 months ago #

    Sure...how do I reach you by email? I couldn't find a message option on your user profile link (or maybe I'm missing something).

  9. Pascal
    Member
    Plugin Author

    Posted 12 months ago #

    You can reach me at [firstname]@redeo.nl

  10. Pascal
    Member
    Plugin Author

    Posted 11 months ago #

    I'll probably implement an option in the settings panel that allows you to choose between sending headers or not.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic