Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security » Database wp_capabilities error being logged

  • Resolved barnez

    (@pidengmor)


    Hi,

    I’m seeing this error being logged in the databases of my sites that run NinjaFirewall:

    
        ( wp_usermeta.meta_key = 'wp_capabilities' AND wp_usermeta.meta_value LIKE '%\"administrator\"%' )
      )
    ) ORDER BY user_login ASC  made by shutdown_action_hook, do_action('shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, nf_check_dbdata, nf_get_dbdata, get_users, WP_User_Query->__construct, WP_User_Query->query
    [26-May-2020 01:24:48 UTC] WordPress database error Commands out of sync; you can't run this command now for query INSERT INTO <code>wp_options</code> (<code>option_name</code>, <code>option_value</code>, <code>autoload</code>) VALUES ('_transient_timeout_nfw_db_check', '1590456348', 'no') ON DUPLICATE KEY UPDATE <code>option_name</code> = VALUES(<code>option_name</code>), <code>option_value</code> = VALUES(<code>option_value</code>), <code>autoload</code> = VALUES(<code>autoload</code>) made by shutdown_action_hook, do_action('shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, nf_check_dbdata, set_transient, add_option
    [26-May-2020 01:24:48 UTC] WordPress database error Commands out of sync; you can't run this command now for query INSERT INTO <code>wp_options</code> (<code>option_name</code>, <code>option_value</code>, <code>autoload</code>) VALUES ('_transient_nfw_db_check', '1', 'no') ON DUPLICATE KEY UPDATE <code>option_name</code> = VALUES(<code>option_name</code>), <code>option_value</code> = VALUES(<code>option_value</code>), <code>autoload</code> = VALUES(<code>autoload</code>) made by shutdown_action_hook, do_action('shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, nf_check_dbdata, set_transient, add_option
    

    The troubleshooting script is showing an issue with the user capabilities:
    Error: missing manage_options capability - Error: missing unfiltered_html capability

    Should I try a database repair?

    Thanks.

    *UPDATE*
    If I deactivate any single plugin (NF or other) then the error is removed from the wp-check.php output. Then, if I activate that plugin again, the error does not return.

    • This topic was modified 2 months, 1 week ago by barnez. Reason: Result of deactivating and reactivating plugin
Viewing 15 replies - 1 through 15 (of 19 total)
  • Plugin Author nintechnet

    (@nintechnet)

    The troubleshooting script will always display this message if you aren’t logged in.

    Regarding the DB error, do you have anything else in your PHP error log at that time? It looks like another plugin is preventing NF to send that query. Are you running a caching plugin?

    Ahh. I see.

    There is no caching on any of the sites. The only other error in the log is:

    
    [23-May-2020 15:37:05 UTC] WordPress database error Commands out of sync; you can't run this command now for query SELECT option_value FROM wp_options WHERE option_name = '_transient_timeout_nfw_db_check' LIMIT 1 made by shutdown_action_hook, do_action('shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, nf_check_dbdata, get_transient, get_option
    [23-May-2020 15:37:05 UTC] WordPress database error Commands out of sync; you can't run this command now for query SELECT option_value FROM wp_options WHERE option_name = '_transient_nfw_db_check' LIMIT 1 made by shutdown_action_hook, do_action('shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, nf_check_dbdata, get_transient, get_option
    [23-May-2020 15:37:05 UTC] WordPress database error Commands out of sync; you can't run this command now for query SELECT wp_users.ID,wp_users.user_login,wp_users.user_pass,wp_users.user_nicename,wp_users.user_email,wp_users.user_registered,wp_users.display_name FROM wp_users INNER JOIN wp_usermeta ON ( wp_users.ID = wp_usermeta.user_id ) WHERE 1=1 AND (
    
    • This reply was modified 2 months, 1 week ago by Steven Stern (sterndata).
    • This reply was modified 2 months, 1 week ago by barnez. Reason: Changed to: 'no' caching
    Plugin Author nintechnet

    (@nintechnet)

    It looks like another plugin or theme has not finished its query and that leads to this problem during the shutdown action hook, when NF call the WP API which sends a query.
    You can try this plugin to check DB queries: https://wordpress.org/plugins/query-monitor/

    Thanks for the advise. I’ve installed that plugin and will see if I can track down the issue.

    barnez

    (@pidengmor)

    Update. This new error in the log related to event_updates.php may shine some fresh light on the issue:

    
    [04-Jun-2020 23:23:59 UTC] PHP Warning:  sprintf(): Too few arguments in /home/xxxx/xxxx/wp-content/plugins/ninjafirewall/lib/event_updates.php on line 251
    [04-Jun-2020 23:23:59 UTC] PHP Fatal error:  Uncaught Error: Call to a member function get_error_message() on null in /home/xxxx/xxxx/wp-content/plugins/ninjafirewall/lib/event_updates.php:251
    Stack trace:
    #0 /home/xxxx/xxxx/wp-content/plugins/ninjafirewall/lib/event_updates.php(47): nfw_fetch_security_updates('https://updates...')
    #1 /home/xxxx/xxxx/wp-content/plugins/ninjafirewall/lib/utils.php(579): nfw_check_security_updates()
    #2 /home/xxxx/xxxx/wp-includes/class-wp-hook.php(287): nfw_garbage_collector()
    #3 /home/xxxx/xxxx/wp-includes/class-wp-hook.php(311): WP_Hook->apply_filters('', Array)
    #4 /home/xxxx/xxxx/wp-includes/plugin.php(544): WP_Hook->do_action(Array)
    #5 /home/xxxx/xxxx/wp-cron.php(138): do_action_ref_array('nfwgccron', Array)
    #6 {main}
      thrown in /home/xxxx/xxxx/wp-content/plugins/ninjafirewall/lib/event_updates.php on line 251
    
    Plugin Author nintechnet

    (@nintechnet)

    This is a bug but I doubt it is related to your issue: it shows that when your site connected to ours to download the list of security updates, it failed.
    Line 252 in ninjafirewall/lib/event_updates.php, there is:
    $result->get_error_message()
    But it should be:
    $res->get_error_message()
    I’ll fix it in the next release.

    barnez

    (@pidengmor)

    Ah. It’s a bug. Thanks for the explanation.

    Plugin Author nintechnet

    (@nintechnet)

    Does your database error occur often or randomly?

    barnez

    (@pidengmor)

    It is random:

    Site 1: once on 1 June, 4 June
    Site 2: once on 8 May, 9 May, 20 May, 26 May, 8 June
    Site 3: 21 May, 24 May, 28 May
    Site 4: 23 May
    Site 5: 8 May, 26 May

    All site run on the same server environment (php 7.4.6) and latest versions of WordPress (5.4.1) and NF (4.2.1).

    Plugin Author nintechnet

    (@nintechnet)

    Can you post the list of installed plugins, for instance on Site 2 (it has more errors than other sites).

    The sites have in common that all run both NinjaFirewall and The SEO Framework: https://wordpress.org/plugins/autodescription/

    In detail:

    
    Site 1: Calculated Fields Form | Contact Form 7 | Contact Form 7 HoneyPot | Ninja Firewall | The SEO Framework
    Site 2: Ninja Firewall | The SEO Framework
    Site 3: Ninja Firewall | The SEO Framework
    Site 4: Calculated Fields Form | Contact Form 7 | Contact Form 7 HoneyPot | Ninja Firewall | The SEO Framework
    Site 5: Ninja Firewall | The SEO Framework | WebP Express
    Site 6: Members | Ninja Firewall | The SEO Framework | User Menus
    
    Plugin Author nintechnet

    (@nintechnet)

    I can see that “The SEO Framework” has a ‘shutdown’ action too, but I’m not sure at all it is the issue.
    Note that the error won’t stop the firewall from working but if you can locate the issue, report it here and we’ll see if we can do something.

    Will do. Thanks!

    I’ve been logging all the database queries on site 2, and after 12 days the error log shows another instance of the same error at 22:28:38 UTC. I checked the sql_log, and there are 100 lines of queries logged for the exact time the error is triggered: 10:28:38 pm. I guess the issue is located within those lines, and perhaps the previous queries logged at 10:27:21 pm, but I would prefer not to expose these on pastebin as they may contain sensitive information. Would you be interested in reviewing the log?

    Plugin Author nintechnet

    (@nintechnet)

    You can send it to our helpdesk support, or there if you need to attach a file.

Viewing 15 replies - 1 through 15 (of 19 total)
  • You must be logged in to reply to this topic.