fatal error multiple different wordpress installations

  • macmacmac

    (@macmacmac)


    3 years, 7 months ago

    I’ve seen a couple similar errors with other users. So I thought I’d add to the collection seeing you mentioned elsewhere that people need to make a new thread to add their similar issue.

    This has been happening seemingly randomly on different wordpress website I have access to and also to others run by people I know. The only common link I see so far is that they all have WP 2FA installed and they all got the fatal error as soon as they get to the 2FA screen.

    Is there any update on the research on this yet?

    When seeking help with this issue, you may be asked for some of the following information:
    WordPress version 6.0.2
    Active theme: Astra (version 3.9.2)
    Current plugin: WP 2FA – Two-factor authentication for WordPress (version 2.3.0)
    PHP version 7.4.30

    Error Details
    =============
    An error of type E_ERROR was caused in line 291 of the file /usr/www/users/website/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-authentication.php. Error message: Uncaught Exception: Invalid characters in the base32 string. in /usr/www/users/website/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-authentication.php:291
    Stack trace:
    #0 /usr/www/users/website/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-authentication.php(255): WP2FA\Authenticator\Authentication::base32_decode(‘\x87\xEE\xE6\x05(\xA3U\x0F\xB8\x15G\x15\xC6\x9BX…’)
    #1 /usr/www/users/website/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-authentication.php(234): WP2FA\Authenticator\Authentication::calc_totp(‘\x87\xEE\xE6\x05(\xA3U\x0F\xB8\x15g\x15\xC6\x9Bx…’, 55492758.766667)
    #2 /usr/www/users/website/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-login.php(903): WP2FA\Authenticator\Authentication::is_valid_authcode(‘\x87\xEE\xE6\x05(\xA3U\x0F\xB8\x15g\x15\xC6\x9Bx…’, ‘439783’)
    #3 /usr/www/users/website/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-login.php(719): WP2FA\Authenticator\Login::validate_totp_authentication(Object(

    • This topic was modified 3 years, 7 months ago by macmacmac.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor robertabela

    (@robert681)

    3 years, 7 months ago

    Thank you for using our plugin @macmacmac

    I am sorry to read about your issue. So far we did not manage to reproduce the issue ourselves, so we need more information from users like you to better understand what is happening. We do acknowledge that this is a problem from our side.

    Would you be able to do a test for us please? Can you reset the 2FA configuration of a user who is encountering this problem? To do so please go to the user’s profile page, click the Reset 2FA button, and reconfigure 2FA.

    Does this (temporarily) solve the problem?

    Looking forward to hearing from you.

    Plugin Contributor robertabela

    (@robert681)

    3 years, 7 months ago

    Hello @macmacmac

    Based on information we have got from other plugin users, it seems like we found the cause of this issue. Do you have the Sucuri plugin installed? Or maybe another plugin that resets the WordPress salts every couple of days / weeks?

    Based on our tests so far this error is happening because the WordPress salts are being changed, and the plugin uses the salts as a key to encrypt the data in the database etc.

    Looking forward to hearing from you.

    Thread Starter macmacmac

    (@macmacmac)

    3 years, 7 months ago

    Correct. All the websites where I see this error have sucuri running with salts being reset periodically. This has not been a problem in the past so I guess you improved the app which now interferes with sucuri.

    And in reaction to your earlier comment. That is the method I used to solve the issue for each user that was affected. By disabling 2FA and letting them set it up again.

    Thank you for clearing up the cause of the issue! I guess I’ll have to choose which plugin I’ll replace for another now.

    Plugin Contributor robertabela

    (@robert681)

    3 years, 7 months ago

    Hello @macmacmac

    Thank you for the confirmation. We are currently discussing how to work around this issue. A temporary solution for you would be to disable the refreshing of the WordPress salts in the Sucuri security plugin.

    tomaszraczek

    (@tomaszraczek)

    3 years, 4 months ago

    Hello @robert681

    Will this problem be solved in the next update? If so, in what time frame can it be expected?

    Thanks,
    Tomasz

    Plugin Contributor robertabela

    (@robert681)

    3 years, 4 months ago

    Indeed @tomaszraczek

    Update 2.4.0 is almost at BETA stage and we will soon be releasing an update of the plugin which includes a fix for this. Basically, the plugin now will have and use it’s own keys instead of using the WordPress ones.

    Keep the plugin installed so you are notified when the update is available.

    I hope the above helps. Should you have any questions, please do not hesitate to ask.

    Have a great day.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘fatal error multiple different wordpress installations’ is closed to new replies.