WordPress.org

Forums

iThemes Security (formerly Better WP Security)
Blank admin page after activating excludes for File Change Detection (1 post)

  1. Marcelo Pedra
    Member
    Posted 10 months ago #

    Hello , I want to report this bug I found after activating the File Change Detection feature.
    I run WP 3.9.1 under PHP 5.4.21 and it is delivering a blank page for page=toplevel_page_itsec_logs when I do the following steps:

    1) Activate File Change Detection feature and let it be a couple days. Since I use W3 Total Cache, it will record a lot of entries regarding the cache folder having huge amount of changes, as you can expect in a cache folder. :)

    2) Then go to the Settings and select several folders to be excluded:
    wp-content/cache/
    wp-content/plugins/wordfence/tmp/
    wp-content/uploads/backwpup-XXXXXX-temp/
    wp-content/uploads/backwpup-XXXXXX-logs/
    wp-content/uploads/backwpup-XXXXXX-backups/

    3) Immediately try to go to the Logs tab to empty the Log entries (page=toplevel_page_itsec_logs).
    In websites running PHP 5.3 it's all ok: the pages opens, and you can click the Clear Logs button and everything is ok.
    But under PHP 5.4 the page stalls loading and end in a blank page. The CPU usage in my Windows PC spikes to 100% and Process Manager show Google Chrome is using all the cpu. ALTHOUGH, if I close that browser tab and reopen a new tab going to the wp-admin page, I can then open other admin pages and the cpu usage is back to normal. So, I go back to the Settings page, deactivate the File Change Detection feature, and everything is back to normal (and the Logs tab is able to be opened again).

    I tried this in several WP sites and it happens even if I set the plugin to "Temporarily Whitelist my IP".

    No PHP errors are being generated nor logged in the FTP space.

    So, the bug happens when you try to open page=toplevel_page_itsec_logs, running on PHP 5.4, with Google Chrome (I'm not testing another browsers), with the File Change Detection feature enabled, AND more than 5 Log entries for File Change already created. In websites where have not been any Log entries registered, the Log page doesnt stall.
    WEIRD! It's turning me crazy.
    At least, the frontend pages looks good and no troubles.

    So.... I gone crazy. I opened up phpmyadmin, lookup the table _itsec_log and emptied those 17 entries. And the problem has gone.

    The File Change additional settings were:
    - Split file checking into chunks: enabled
    - Email file change notifications: enabled
    - Display file change admin warning: enabled

    Just for the sake of curiosity, some facts about the sites to help you reproduce the stage:
    - I also use the WordFence plugin, but it is set to only work like a firewall and login protection, not live traffice view, not file change detection, not cache features.
    - The issue happens whether the sites use cloudflare.com cache or not. So, it is not guilty.
    - All the sites are using W3 Total Cache with only Disk Enhanced Cache and Browser Cache.

    Can you tell what the bug is? Looks like when you have recorded some entries in the Logs, the Logs page try to load something huge and then die. But it was only 17 entries. The problem, probably, is when every and each entry holds a huge amount of data. Just consider it was reporting the changes in the cache folder in websites with 500+ posts, and hundreds of categories and tags.
    Probably you should be aware of the most popular cache folder names and automatically detect it and whitelist it, or, at least, advice users that if File Change is enabled and the cache folders are not excluded, the Logs will do a mess =)

    Maybe loading the details of every log entry using Ajax and then UNLOADING the data when you close the overlay could help to mitigate the spikes in cpu/ram usage in the browser.
    Hope this helps to solve this bug.

    Thanks for the marvelous plugin (because yes, all the other features are awesome).

    https://wordpress.org/plugins/better-wp-security/

Reply

You must log in to post.

About this Plugin

About this Topic

  • RSS feed for this topic
  • Started 10 months ago by Marcelo Pedra
  • This topic is not resolved
  • WordPress version: 3.9.1

Tags

No tags yet.