The first thing to do is find out which plugin is creating that error. When you can find that you’ll be able to look into it’s code to see what’s triggering it and see what your plugin is doing to trigger that situation.
Thank you for your comment but I don’t think you actually read what I wrote.
I did read it, but I am guessing my response didn’t spell out what you need to do exactly. Hopefully this will shed some more light on what you need to do.
Can you tell me where that error message is coming from? I know that it’s not coming from your plugin because it doesn’t have that phrase anywhere in it. That means that it’s coming from another plugin or theme that the people are using – so what I said above still stands
Something if your plugin is triggering that error in a different plugin for some unknown reason, and that’s what you need to figure out. Find out which plugin is showing that error (you’ll have to ask people that report this problem what combination of plugins and theme they are using so you can try to replicate it). When you find out what plugin is actually showing that message, you’ll need to discet that plugins code to find out what the trigger for the error message is. When you find out what the actual cause of the error is you can go back to your plugin and see what you have done that’s causing that trigger to occur in the other plugin.
Yeah, what he said ^^^^
I suspect the culprit is some security plugin. It may have detected your attempt to create a table (or something else?) and decided it was a hack attempt. Which is lame, no decent hacker would do something that obvious. Plus it should give the user the option of letting the script run once appropriately warned.
It should be possible to make a program which traverses all the files of your wordpress directory, gets the content of the file and looks for the unwanted message. If you class yourself as an advanced developer this is an easy thing to do. Mayby you can also find a useable code by googling a little. It is prob ably not in the core code but this one from edit-comments.php surprised me :wp_die(__(‘Cheatin’ uh?’));
Best regards
Try this code and let your clients who get the message try it also.
<?php
$dir=dirname(__FILE__).'/wordpress';
dirToArray($dir);
function dirToArray($dir) {
$result = array();
$cdir = scandir($dir);
foreach ($cdir as $key => $value)
{
if (!in_array($value,array(".","..")))
{
if (is_dir($dir . DIRECTORY_SEPARATOR . $value))
{
$result[$value] = dirToArray($dir . DIRECTORY_SEPARATOR . $value);
}
else
{
$file_content=file_get_contents($dir. DIRECTORY_SEPARATOR .$value);
if(preg_match('/suck/i',$file_content))
echo $dir. DIRECTORY_SEPARATOR .$value.'</br>';
}
}
}
}
?>
You should also search all tables in the database for a match. In phpmyadmin it is easily done with selecting database, click search, select all tables and enter the searchword(s).
A pure sql code doing the same can be seen here:
http://stackoverflow.com/questions/7523039/mysql-query-to-search-all-tables-within-a-database-for-a-string
When still nothing is found it might be the result of a plugin doing an external http request. You can find http requests whis are not to wordpress by using this searchstring https?\:\\\(www\.)?[^(wordpress)] in the above php directory search.
Thank you jaip, this will be a great help.
The regexp https?\:\\\(www\.)?[^(wordpress)] is not working properly. Someone else might be able to write a regexp which excludes requests to w3.org apache.org codex.wordpress and wordpress and mayby more in the search for external http requests in plugins or themes.
Here it is, folks.
http://wordpress.org/plugins/stealth-login-page/
/stealth-login-page/plugin.php > Line 169
$message = '<h2 style="text-align: center; margin-top: 4em;">You suck! Go hack someone else.</h2>';
Wow great! I don’t think that it will just be my plugin that is effected by this. I have looked at the code for stealth login page and it seems that it creates an extra security feature that when you link to a wordpress admin page it must contain a ‘special code’, if the url does not contain this code then you get a not so pleasant message “You suck! Go hack someone else.”.