Php 8.0, login, & brute force protection

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author nintechnet

    (@nintechnet)

    3 years ago

    It is compatible with PHP 8.x.

    Can you run the troubleshooter script and paste the results here?

    I upgraded the path in my .htaccess file to direct NFW to the new 8.0 version of Php.

    Can you paste the directive here, including the <IfModule.. lines?

    Thread Starter saintandrews

    (@saintandrews)

    3 years ago

    Thanks for the quick response. Selective redactions have obviously been made below.

    The directive path:

    <IfModule mod_env.c>
    SetEnv PHPRC /home/name/php/phprc/7.4/phprc
    </IfModule>

    or

    <IfModule mod_env.c>
    SetEnv PHPRC /home/name/php/phprc/8.0/phprc
    </IfModule>

    Various wp-check.php returns:

    [BEGIN PHP 7.4, NFW-WP+ w/brute force protection active]

    NinjaFirewall (WP edition) troubleshooter
    HTTP server : Apache
    PHP version : 7.4.15
    PHP SAPI : CGI-FCGI

    auto_prepend_file : /home/name/example.com/wp-content/nfwlog/ninjafirewall.php
    Loader’s path to firewall : /home/name/example.com/wp-content/plugins/nfwplus/lib/firewall.php
    wp-config.php : found in /home/name/wp-config.php

    [END PHP 7.4, NFW-WP+ w/brute force protection active]

    [BEGIN PHP 8.0, NFW-WP+ w/brute force protection active]

    https://www.example.com = only blank white space

    [END PHP 8.0, NFW-WP+ w/brute force protection active]

    [BEGIN PHP 8.0, with NFW-WP+ entirely disabled]

    NinjaFirewall (WP edition) troubleshooter
    HTTP server : Apache
    PHP version : 8.0.2
    PHP SAPI : CGI-FCGI

    auto_prepend_file : /home/name/example.com/wp-content/nfwlog/ninjafirewall.php
    Loader’s path to firewall : The loader does not exist: /home/name/example.com/wp-content/plugins/nfwplus/lib/firewall.php
    wp-config.php : found in /home/name/wp-config.php

    [END PHP 8.0, with NFW-WP+ entirely disabled]

    [BEGIN PHP 8.0, with NFW-WP+ itself active but w/brute force only disabled]

    When accessing https://www.example.com alone:

    “There has been a critical error on this website.

    Learn more about troubleshooting WordPress.”

    When accessing https://www.example.com/wp-check.php

    NinjaFirewall (WP edition) troubleshooter
    HTTP server : Apache
    PHP version : 8.0.2
    PHP SAPI : CGI-FCGI

    auto_prepend_file : /home/name/example.com/wp-content/nfwlog/ninjafirewall.php
    Loader’s path to firewall : /home/name/example.com/wp-content/plugins/nfwplus/lib/firewall.php
    wp-config.php : found in /home/name/wp-config.php

    [END PHP 8.0, with NFW-WP+ itself active but w/brute force only disabled]

    Plugin Author nintechnet

    (@nintechnet)

    3 years ago

    That looks like a PHP error. Enable debugging in WordPress:
    1. Edit your wp-config.php
    2. Search for:
    define('WP_DEBUG', false);
    3. Replace with:
    define('WP_DEBUG', true);
    4. Add this line below:
    define( 'WP_DEBUG_LOG', true );

    When you get the blank page or the critical error message, check the PHP error log, it will be located in “/wp-content/debug.log”.

    Undo the above change after debugging.

    Thread Starter saintandrews

    (@saintandrews)

    3 years ago

    I tweaked my wp-config file as you suggested and used this option from above

    [BEGIN PHP 8.0, NFW-WP+ w/brute force protection active]

    https://www.example.com = only blank white space

    [END PHP 8.0, NFW-WP+ w/brute force protection active]

    attempting to log in to test.

    The debug.log implicated another plugin with a specific problem on a specific line. I disabled that plugin entirely, cleared my browser, and attempted to login again. The results were the same – just a blank white page after the initial brute force screen – but there were also no changes in the debug log. I deleted the log, cleared everything again, and repeated the process, but I could never get the debug log to recreate itself.

    But it happens that my host runs a standing PP log of their own which dates back years. The most recent entries, repeated since at least early March – that is, predating my attempt to change from PHP 7.4 to 8.0 – include these

    [BEGIN]

    [31-Mar-2021 04:31:24 America/Los_Angeles] PHP Fatal error: Uncaught Error: Undefined constant “GEOIP_STANDARD” in /home/name/example.com/wp-content/plugins/nfwplus/lib/firewall.php:577
    Stack trace:
    #0 /home/name/example.com/wp-content/plugins/nfwplus/lib/firewall.php(285): nfw_is_asn(‘a:39:{i:0;s:7:”…’)
    #1 /home/name/example.com/wp-content/nfwlog/ninjafirewall.php(7): include_once(‘/home/name/a…’)
    #2 {main}
    thrown in /home/name/example.com/wp-content/plugins/nfwplus/lib/firewall.php on line 577
    [31-Mar-2021 04:32:23 America/Los_Angeles] PHP Fatal error: Uncaught Error: Undefined constant “GEOIP_STANDARD” in /home/name/example.com/wp-content/plugins/nfwplus/lib/firewall.php:577
    Stack trace:
    #0 /home/name/example.com/wp-content/plugins/nfwplus/lib/firewall.php(285): nfw_is_asn(‘a:39:{i:0;s:7:”…’)
    #1 /home/name/example.com/wp-content/nfwlog/ninjafirewall.php(7): include_once(‘/home/name/a…’)
    #2 {main}
    thrown in /home/name/example.com/wp-content/plugins/nfwplus/lib/firewall.php on line 577
    [31-Mar-2021 04:32:34 America/Los_Angeles] PHP Fatal error: Uncaught Error: Undefined constant “GEOIP_STANDARD” in /home/name/example.com/wp-content/plugins/nfwplus/lib/firewall.php:577
    Stack trace:
    #0 /home/name/example.com/wp-content/plugins/nfwplus/lib/firewall.php(285): nfw_is_asn(‘a:39:{i:0;s:7:”…’)
    #1 /home/name/example.com/wp-content/nfwlog/ninjafirewall.php(7): include_once(‘/home/name/a…’)
    #2 {main}
    thrown in /home/name/example.com/wp-content/plugins/nfwplus/lib/firewall.php on line 577

    [END]

    which may or may not have anything to do with anything but which I’m offering just so you’ll know.

    At this point I think I’m just going to bide my time and continue with PHP 7.4. My only real reason for upgrading was to see if I could wring out a little more site speed.

    This superior firewall plugin continues to perform flawlessly for me under 7.4, the PHP log above notwithstanding, and I may try to repeat the debug process again to see if I can unearth anything else.

    Unless you can think of any other reason why NFW-W+ doesn’t or can’t hand off to the login page from its brute force page under PHP 8.0, with or without that reauth query string which has now become a constant, at this point I think I’m best served just making a strategic retreat back into the status quo.

    Thanks for your help, and if I turn up the solution, I’ll be sure to update this reply.

    Plugin Author nintechnet

    (@nintechnet)

    3 years ago

    I see the problem, but cannot reproduce the error on PHP 8.
    Anyway, to fix it you would need to edit this file: /wp-content/plugins/nfwplus/lib/firewall.php

    Open it, and search for GEOIP_STANDARD. There are two occurrences and they should be replaced with NFW_GEOIP_STANDARD.

    I’ll fix it in the next version.

    Thread Starter saintandrews

    (@saintandrews)

    3 years ago

    For whatever reason, making those changes allowed me to proceed to the main login page using NFW-WP+ with brute force enabled under PHP 8.0. IOW, taking NFW out of the problem as a variable – thus revealing a garden of others not NFW related.

    But that resolves this thread. Thanks again.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Php 8.0, login, & brute force protection’ is closed to new replies.