WP7.0 Issue with Functions.Php line 6170

Resolved HKP
(@hiskingdomprophecy)

1 week, 4 days ago

Hi Folks,

Yesterday I noticed thousands of the following two Error Messages in my debug.log. (I was working on another issue, which is why debug was on.)

I have recently updated to WP7.0 and have Kadence Security Basic (KSB) Version 10.0.1 installed.

After checking/disabling all other plugins, this issue comes up only when KSB is active.

I wrote to WP for assistance on this, but they were unable to help as the error message has no information to help diagnose the issue.

If you need me to add a line of code before line 6170 to allow you to know the actual source of the issue, I’d be pleased to do that for you.

Any questions, please just ask.

[27-May-2026 07:11:08 UTC] PHP Notice: Function is_search was called incorrectly. Conditional query tags do not work before the query is run. Before then, they always return false. Please see <a href="https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/">Debugging in WordPress</a> for more information. (This message was added in version 3.1.0.) in /xxx/wp-includes/functions.php on line 6170

[27-May-2026 07:11:08 UTC] PHP Notice: Function is_404 was called incorrectly. Conditional query tags do not work before the query is run. Before then, they always return false. Please see <a href="https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/">Debugging in WordPress</a> for more information. (This message was added in version 3.1.0.) in /xxx/wp-includes/functions.php on line 6170

Regards and thanks,
Angus

The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)

Plugin Support

(@solidwppawel)

Hi Angus,

I dug into the Kadence Security 10.0.1 codebase before answering, and the plugin does not call is_search() or is_404() anywhere in its PHP source. The historical 404 Detection module that did look at is_404 was removed back in version 8.0.0, and the only modern reference is the Hide Backend module actively removing wp_redirect_admin_locations from template_redirect, which suppresses one of the two core sites where is_404 would normally be checked.

Both functions live in wp-includes/canonical.php (is_search inside redirect_canonical, is_404 inside wp_redirect_admin_locations), and both of those run on template_redirect, which fires after the main query has been parsed. On a normal request neither call should trigger the notice you are seeing. The fact that both notices fire at the exact same timestamp (07:11:08 UTC) is a strong hint that one caller is invoking them back-to-back, very early in the request cycle, before the main query runs.

To find what is actually calling them, the cleanest move is to drop in a small must-use plugin that captures a backtrace the moment either notice fires. That will tell us the exact file and line that triggered it, and we can take it from there.

Create a file at wp-content/mu-plugins/debug-conditional-tags.php (create the mu-plugins folder if it does not exist) with the snippet below (use the Code button in the forum toolbar so it renders as a code block):

<?php
add_action( 'doing_it_wrong_run', function ( $function_name, $message ) {
    if ( $function_name === 'is_search' || $function_name === 'is_404' ) {
        error_log( '[conditional-tag-backtrace] ' . $function_name . ' | ' .         wp_debug_backtrace_summary() );
    }
}, 10, 2 );

Load any front-end page that previously produced the notices. The next set of lines in debug.log will be prefixed with [conditional-tag-backtrace] and will name the calling file, class, and method (for example mytheme/functions.php:42 or wp-content/cache/…/page.php:18). Paste a couple of those lines back here and I can pinpoint the source.

A few extra things worth confirming while you are at it:

The site headers show WP-Optimize cache is in the request path. When you say all other plugins were disabled, were you also able to remove or rename the wp-content/advanced-cache.php and wp-content/object-cache.php drop-in files, plus any custom mu-plugins under wp-content/mu-plugins/? Those run regardless of plugin activation state and are the most common indirect source of this kind of notice.

Which features of Kadence Security do you have enabled (especially Hide Backend, Firewall, and System Tweaks)? If you can paste the Server Config Rules section from Kadence Security > Tools, that would also help rule out a rewrite interaction.

Once we have the backtrace, this should be quick to localize.

Kind regards,

Pawel P.

Liquid Web Software Support

Thread Starter

HKP

(@hiskingdomprophecy)

1 week, 4 days ago

@solidwppawel Dear Pawel,

Thanks for the speedy reply. I am WP user, not a coder, so it may take me a while to figure some of this out. 🙂

As background, since I can only test on a live site, I deactivated plugins group by group and then zeroed in, one by one, when the error messages stopped.

Each time I did the check of the debug.log, I cleaned out the cache and minify files before going to an external browser and loaded my last 10 post. So for, I have not found which one of them is causing the issue. Buit I shall now have a look at that and see if I can find a post that triggers the issue.

You wrote: “Create a file” I shall have a look at that now as I am not familiar with MU but think I know what and where you want.

I have been using this plugin for a long time now, through all its name changes etc. but rerely make changes, other than adding/removing custom bans

In Tweaks:
Stysem Tweaks – all 5 on
WordPress Tweaks – Disable File Editor, Disable XML-RPC, not allow multiple autheentication, User login: email &* username, on = Focne unique, Disabnle Extra,…
Hide Backend – on Redirection – on, Advances – blank
Feature flage – Encryption enabled.

Feartues
Login – 2 factor – off
Firewall – all 4 on
Site check – both on
Utilities – all 3 on
——————–

Wil report back soon.
Regards and t hanks,
Angus

Server Config Rules:

BEGIN Kadence Security – Do not modify or remove this line Kadence Security Config Details: 2

# Enable HackRepair.com's blocklist feature - Security > Settings > Banned Users > Default Blocklist
# Start HackRepair.com Blacklist
RewriteEngine on
# Start Abuse Agent Blocking
RewriteCond %{HTTP_USER_AGENT} "^Mozilla.*Indy" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Mozilla.*NEWT" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^$" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Maxthon$" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^SeaMonkey$" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Acunetix" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^binlar" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^BlackWidow" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Bolt 0" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^BOT for JCE" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Bot mailto\:craftbot@yahoo\.com" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^casper" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^checkprivacy" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^ChinaClaw" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^clshttp" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^cmsworldmap" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Custo" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Default Browser 0" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^diavol" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^DIIbot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^DISCo" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^dotbot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Download Demon" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^eCatch" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^EirGrabber" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^EmailCollector" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^EmailSiphon" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^EmailWolf" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Express WebPictures" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^extract" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^ExtractorPro" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^EyeNetIE" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^feedfinder" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^FHscan" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^FlashGet" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^flicky" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^g00g1e" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^GetRight" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^GetWeb\!" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Go\!Zilla" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Go\-Ahead\-Got\-It" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^grab" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^GrabNet" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Grafula" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^harvest" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^HMView" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Image Stripper" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Image Sucker" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^InterGET" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Internet Ninja" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^InternetSeer\.com" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^jakarta" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Java" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^JetCar" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^JOC Web Spider" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^kanagawa" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^kmccrew" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^larbin" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^LeechFTP" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^libwww" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Mass Downloader" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^microsoft\.url" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^MIDown tool" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^miner" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Mister PiX" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^MSFrontPage" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Navroad" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^NearSite" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Net Vampire" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^NetAnts" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^NetSpider" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^NetZIP" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^nutch" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Octopus" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Offline Explorer" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Offline Navigator" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^PageGrabber" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Papa Foto" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^pavuk" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^pcBrowser" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^PeoplePal" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^planetwork" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^psbot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^purebot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^pycurl" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^RealDownload" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^ReGet" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Rippers 0" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^sitecheck\.internetseer\.com" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^SiteSnagger" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^skygrid" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^SmartDownload" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^sucker" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^SuperBot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^SuperHTTP" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Surfbot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^tAkeOut" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Teleport Pro" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Toata dragostea mea pentru diavola" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^turnit" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^vikspider" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^VoidEYE" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Web Image Collector" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WebAuto" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WebBandit" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WebCopier" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WebFetch" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WebGo IS" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WebLeacher" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WebReaper" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WebSauger" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Website eXtractor" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Website Quester" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WebStripper" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WebWhacker" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WebZIP" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Widow" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WPScan" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WWW\-Mechanize" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^WWWOFFLE" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Xaldon WebSpider" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Zeus" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^zmeu" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "360Spider" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "CazoodleBot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "discobot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "EasouSpider" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "ecxi" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "GT\:\:WWW" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "heritrix" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "HTTP\:\:Lite" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "HTTrack" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "ia_archiver" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "id\-search" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "IDBot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Indy Library" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "IRLbot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "ISC Systems iRc Search 2\.1" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "LinksCrawler" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "LinksManager\.com_bot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "linkwalker" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "lwp\-trivial" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "MFC_Tear_Sample" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Microsoft URL Control" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Missigua Locator" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "MJ12bot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "panscient\.com" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "PECL\:\:HTTP" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "PHPCrawl" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "PleaseCrawl" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "SBIder" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "SearchmetricsBot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Snoopy" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Steeler" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "URI\:\:Fetch" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "urllib" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Web Sucker" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "webalta" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "WebCollage" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Wells Search II" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "WEP Search" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "XoviBot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "YisouSpider" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "zermelo" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "ZyBorg" [NC,OR]
# End Abuse Agent Blocking
# Start Abuse HTTP Referrer Blocking
RewriteCond %{HTTP_REFERER} "^https?://(?:[^/]+\.)?semalt\.com" [NC,OR]
RewriteCond %{HTTP_REFERER} "^https?://(?:[^/]+\.)?kambasoft\.com" [NC,OR]
RewriteCond %{HTTP_REFERER} "^https?://(?:[^/]+\.)?savetubevideo\.com" [NC]
# End Abuse HTTP Referrer Blocking
RewriteRule ^.* - [F,L]
# End HackRepair.com Blacklist, http://pastebin.com/u/hackrepair

# Ban User Agents - Security > Settings > Banned Users
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} ^Amazonbot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^AhrefsBot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^BLEXBot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Brightbot\ 1\.0 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^DataForSeoBot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^domainsproject\.org [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^keys\-so\-bot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^rogerbot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^SEMrushBot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^SerpstatBot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^anthropic\-ai [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^CCBot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^ChatGLM\-Spider [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^ChatGPT\-User [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^cohere\-ai [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^GPTBot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^PerplexityBot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^EzoicBot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Baiduspider [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^NPBot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Sogou [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^008 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Xenu [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^grub [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Ssemrushbot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Teleport [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^la_archiver [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^M12bot [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Microsoft\ URL\ Control [NC]
    RewriteRule ^.* - [F]
</IfModule>

# Disable XML-RPC - Security > Settings > WordPress Tweaks > XML-RPC
<files xmlrpc.php>
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</files>

# Protect System Files - Security > Settings > System Tweaks > System Files
<files .htaccess>
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</files>
<files readme.html>
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</files>
<files readme.txt>
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</files>
<files wp-config.php>
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</files>

# Disable Directory Browsing - Security > Settings > System Tweaks > Directory Browsing
Options -Indexes

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Protect System Files - Security > Settings > System Tweaks > System Files
    RewriteRule ^wp-admin/install\.php$ - [F]
    RewriteRule ^wp-admin/includes/ - [F]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
    RewriteRule ^wp-includes/theme-compat/ - [F]
    RewriteRule (^|.*/)\.(git|svn) - [F]

    # Disable PHP in Uploads - Security > Settings > System Tweaks > PHP in Uploads
    RewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]

    # Disable PHP in Plugins - Security > Settings > System Tweaks > PHP in Plugins
    RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]

    # Disable PHP in Themes - Security > Settings > System Tweaks > PHP in Themes
    RewriteRule ^wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
</IfModule>

END Kadence Security – Do not modify or remove this line

Thread Starter

HKP

(@hiskingdomprophecy)

1 week, 4 days ago

@solidwppawel Dear Pawel,

I have added the file and as soon as I loaded my home page I got the following 5 messages.

Look forward to your advice,
Regards and thanks, Angus

[28-May-2026 10:31:22 UTC] [conditional-tag-backtrace] is_search | shutdown_action_hook, do_action('shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, wp_ob_end_flush_all, ob_end_flush, WPO_Page_Optimizer->optimize, WPO_Page_Optimizer->maybe_cache_page, WPO_Page_Cache->should_cache_page, wpo_can_serve_from_cache, wpo_restricted_cache_page_type, wpo_is_search, is_search, _doing_it_wrong, do_action('doing_it_wrong_run'), WP_Hook->do_action, WP_Hook->apply_filters, {closure}

[28-May-2026 10:31:22 UTC] PHP Notice: Function is_search was called incorrectly. Conditional query tags do not work before the query is run. Before then, they always return false. Please see <a href="https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/">Debugging in WordPress</a> for more information. (This message was added in version 3.1.0.) in /xxx/wp-includes/functions.php on line 6170

[28-May-2026 10:31:22 UTC] [conditional-tag-backtrace] is_404 | shutdown_action_hook, do_action('shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, wp_ob_end_flush_all, ob_end_flush, WPO_Page_Optimizer->optimize, WPO_Page_Optimizer->maybe_cache_page, WPO_Page_Cache->should_cache_page, wpo_can_serve_from_cache, wpo_restricted_cache_page_type, is_404, _doing_it_wrong, do_action('doing_it_wrong_run'), WP_Hook->do_action, WP_Hook->apply_filters, {closure}

[28-May-2026 10:31:22 UTC] PHP Notice: Function is_404 was called incorrectly. Conditional query tags do not work before the query is run. Before then, they always return false. Please see <a href="https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/">Debugging in WordPress</a> for more information. (This message was added in version 3.1.0.) in /xxx/wp-includes/functions.php on line 6170

[28-May-2026 10:31:22 UTC] PHP Notice: Function is_feed was called incorrectly. Conditional query tags do not work before the query is run. Before then, they always return false. Please see <a href="https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/">Debugging in WordPress</a> for more information. (This message was added in version 3.1.0.) in /xxx/functions.php on line 6170

This reply was modified 1 week, 4 days ago by HKP.

Thread Starter

HKP

(@hiskingdomprophecy)

1 week, 4 days ago

@solidwppawel Dear Pawel,

Sorry, just found this on our Server Error Log, Didn’t think to look there for confirmation:

[Thu May 28 21:20:36.567391 2026] [proxy_fcgi:error] [pid 1078998:tid 1079117] [client 144.76.23.106:50274] AH01071: Got error 'PHP message: [conditional-tag-backtrace] is_search | shutdown_action_hook, do_action('shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, wp_ob_end_flush_all, ob_end_flush, WPO_Page_Optimizer->optimize, WPO_Page_Optimizer->maybe_cache_page, WPO_Page_Cache->should_cache_page, wpo_can_serve_from_cache, wpo_restricted_cache_page_type, wpo_is_search, is_search, _doing_it_wrong, do_action('doing_it_wrong_run'), WP_Hook->do_action, WP_Hook->apply_filters, {closure}; PHP message: [conditional-tag-backtrace] is_404 | shutdown_action_hook, do_action('shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, wp_ob_end_flush_all, ob_end_flush, WPO_Page_Optimizer->optimize, WPO_Page_Optimizer->maybe_cache_page, WPO_Page_Cache->should_cache_page, wpo_can_serve_from_cache, wpo_restricted_cache_page_type, is_404, _doing_it_wrong, do_action('doing_it_wrong_run'), WP_Hook->do_action, WP_Hook->apply_filters, {closure}'

Plugin Support

Pawel [SolidWP Support]

(@solidwppawel)

1 week, 3 days ago

Hi Angus,

That backtrace is exactly what we needed, thank you for grabbing it (and the server-log copy too).

It clears Kadence Security completely. Reading the call chain from the bottom up:

shutdown -> wp_ob_end_flush_all -> ob_end_flush -> WPO_Page_Optimizer->optimize -> maybe_cache_page -> WPO_Page_Cache->should_cache_page -> wpo_can_serve_from_cache -> wpo_restricted_cache_page_type -> wpo_is_search -> is_search

Every frame is WP-Optimize (the WPO_ classes). What is happening is that WP-Optimize, when it decides at the very end of the request whether the page is cacheable, calls is_search(), is_404() and is_feed() to rule out search/404/feed pages. Those three core functions print the “called incorrectly” notice whenever they run before WordPress has built its main query object, and that is precisely the situation here.

Here is why Kadence Security flips it on and off for you, even though the plugin never calls those functions itself:

Your firewall is set to load early (it boots before the rest of WordPress so it can stop attacks before they reach your site). When the firewall blocks a request, or when a repeat-offender IP is already locked out, it ends that request immediately, before WordPress gets far enough to build its query object. WP-Optimize, however, opens its page-cache output buffer even earlier than that, so its end-of-request “should I cache this page?” check still runs on the way out. At that point the query never ran, so is_search()/is_404()/is_feed() correctly report that they were called too early, and the notice is logged. With Kadence Security switched off, nothing ends those requests early, the query always runs, and WP-Optimize’s check has no reason to complain. That is the whole interaction.

A few things worth knowing:

This is harmless. It is a debug-only PHP Notice, logged only because you have WP_DEBUG_LOG turned on. Nothing on your site is broken or being mis-cached, and your visitors never see it. The requests producing it are blocked bot and attack hits, which is exactly what your IP 144.76.23.106 entry in the server log is (a Hetzner crawler). In other words, the “thousands” of lines map to the volume of bad traffic your firewall is turning away.

The clean, permanent fix sits on the WP-Optimize side. Their cache routine should check that the main query has actually run (did_action(‘wp’)) before calling those conditional tags. It is worth opening a quick report with the WP-Optimize team and pasting them the same backtrace you sent me, so they can add that guard.

In the meantime, to quiet your log you have two easy options:

Simplest: turn WP_DEBUG_LOG back off in wp-config.php now that the other issue you had it on for is done. The notices stop appearing because nothing is being written to debug.log at all.
If you want to keep debug logging on but silence just these three, swap the contents of the debug file you created (wp-content/mu-plugins/debug-conditional-tags.php) for the snippet below. It tells WordPress not to log the “called incorrectly” notice for these specific query tags, while leaving every other debug notice intact (use the Code button in the toolbar so it pastes cleanly):

<?php
add_filter( 'doing_it_wrong_trigger_error', function ( $function_name, $function_name ) {
    if ( in_array( $function_name, array( 'is_search', 'is_404', 'is_feed' ), true ) ) {
        return false;
    }
    return $trigger;
}, 10, 2 );

Either way, you can remove the backtrace logging we added, it has done its job.

If anything else turns up, just let me know.

Kind regards,

Pawel P.

Liquid Web Software Support

Thread Starter

HKP

(@hiskingdomprophecy)

1 week, 3 days ago

@solidwppawel Dear Pawel,

Thank you. I tested your new code but got this response:

[29-May-2026 11:11:46 UTC] PHP Fatal error: Redefinition of parameter $function_name in /xxx/mu-plugins/debug-conditional-tags.php on line 2

If you have a fix, I’ll use that till I hear back from WP-Optimize. Normally I have debug = False and it’s back on that now.

Regards and thanks.
Angus

nlpro

(@nlpro)

1 week, 1 day ago

Hi @hiskingdomprophecy,

<?php
add_filter( 'doing_it_wrong_trigger_error', function ( $trigger, $function ) {
    if ( in_array( $function, array( 'is_search', 'is_404', 'is_feed' ), true ) ) {
        return false;
    }
    return $trigger;
}, 10, 2 );

This code snippet probably works better (untested);-) (Note I made changes to BOTH parameter names.

+++ To prevent any confusion, I’m not SolidWP/Kadence +++

Thread Starter

HKP

(@hiskingdomprophecy)

1 week, 1 day ago

@nlpro

Thanks for the snippet. I have installed it and I can report happily that all error messages on this matter have stopped and don’t show in the Debug log or the Server Errors. So it looks like it is working as designed! Thanks again!!

Once I get a call back from WP-Optimize that they’ve fixed the issue, I shall remove your snippet.

@solidwppawel

I have received this reply to my post on WP-Optimize Support saying “I’ll pass this up the chain so we can investigate and look into improving compatibility with KSB and resolving those PHP notices.”

So it looks like WP-Optimize has taken all your good work to heart and will fix this issue. That is good news too!

Thanks again for all your help. I shall close this thread as it matter is now resolved.

Regards and thanks to you both and to all!
Angus

Viewing 8 replies - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.