Support » Plugin: Wordfence Security - Firewall & Malware Scan » SQL Error in Current WordFence

  • Resolved Jeffrey Schutzman

    (@jeffpyebrookcom)


    Periodically the following WordFence related error is showing in the debug log of our sites

    [20-Sep-2017 13:40:01 UTC] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘%.6f
    ORDER BY attackLogTime DESC
    LIMIT 10’ at line 2 for query SELECT SQL_CALC_FOUND_ROWS * FROM wp_wfHits
    WHERE action = ‘blocked:waf’ AND attackLogTime > %.6f
    ORDER BY attackLogTime DESC
    LIMIT 10 made by do_action_ref_array, WP_Hook->do_action, WP_Hook->apply_filters, wordfence::processAttackData
    [20-Sep-2017 13:40:01 UTC] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘%.6f
    LIMIT 1505778330’ at line 3 for query SELECT SQL_CALC_FOUND_ROWS * FROM wp_wfHits
    WHERE action in (‘blocked:waf’, ‘learned:waf’, ‘logged:waf’, ‘blocked:waf-always’)
    AND attackLogTime > %.6f
    LIMIT 1505778330 made by do_action_ref_array, WP_Hook->do_action, WP_Hook->apply_filters, wordfence::processAttackData

Viewing 4 replies - 1 through 4 (of 4 total)
  • Hi Jeffrey!
    This is due to a change in the WordPress database functions that came with WordPress 4.8.2 which was just released. We appear to have overlooked a detail there in how database queries are handled. We have nailed down the cause for this and are currently working on a fix.

    Hi again,
    We just did an emergency release to fix this. Wordfence 6.3.19 should be available for update shortly.

    It appears my website automatically updated WP 4.8.2 and now I am seeing the SQL errors and also am not able to log into my website. Website seems to be running fine but can not log in to update Wordfence.

    Here is the error:
    2017/09/20 12:41:08 [error] 897#897: *354 FastCGI sent in stderr: “PHP message: WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘%1$s
    WHERE user_caps = ‘%2$s’
    AND action = ‘%3$s’
    AND obje' at line 1 for query SELECThistid` FROM %1$s
    WHERE user_caps = ‘%2$s’
    AND action = ‘%3$s’
    AND object_type = ‘%4$s’
    AND object_subtype = ‘%5$s’
    AND object_name = ‘%6$s’
    AND user_id = ‘%7$s’
    AND hist_ip = ‘%8$s’
    AND hist_time = ‘%9$s’
    ; made by wp_signon, do_action(‘wp_login’), WP_Hook->do_action, WP_Hook->apply_filters, call_user_func_array, AAL_Hook_User->hooks_wp_login, aal_insert_log, AAL_API->insert, W3TC\DbCache_Wpdb->query, W3TC\DbCache_WpdbInjection_QueryCaching->query, W3TC\_CallUnderlying->query, W3TC\DbCache_Wpdb->query, W3TC\DbCache_WpdbInjection->query, W3TC\DbCache_Wpdb->default_query
    PHP message: WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘%2$d’ at line 2 for query DELETE FROM %1$s
    WHERE hist_time < %2$d made by wp_signon, do_action(‘wp_login’), WP_Hook->do_action, WP_Hook->apply_filters, call_user_func_array, AAL_Hook_User->hooks_wp_login, aal_insert_log, AAL_API->insert, AAL_API->_delete_old_items, W3TC\DbCache_Wpdb->query, W3TC\DbCache_WpdbInjection_QueryCaching->query, W3TC\_CallUnderlying->query, W3TC\DbCache_Wpdb->query, W3TC\DbCache_WpdbInjection->query, W3TC\DbCache_Wpdb->default_query
    PHP message: WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘%1$s
    WHERE user_caps = ‘%2$s’
    AND action = ‘%3$s’
    AND obje' at line 1 for query SELECThistid` FROM %1$s
    WHERE user_caps = ‘%2$s’
    AND action = ‘%3$s’
    AND object_type = ‘%4$s’
    AN
    2017/09/20 12:41:08 [error] 897#897: *354 upstream sent too big header while reading response header from upstream, client: XXXYYYZZZZ, server: http://www.XXXYYYZZZZ.com, request: “POST /wp-login.php HTTP/1.1”, upstream: “fastcgi://unix:/var/run/php-fpm/php-fpm.sock:”, host: “www.XXXYYYZZZZ.com”, referrer: “http://www.XXXYYYZZZZ.com/wp-login.php&#8221;

    Please advise.

    Hi! That looks like it’s coming from W3TC. If you are having problems logging in please use FTP/SSH or any file browser that your web host is providing via their administration panel and rename or delete the corresponding plugin folder located in wp-content/plugins. In this case, you would rename the folder called w3-total-cache to w3-total-cache_old or something like that.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘SQL Error in Current WordFence’ is closed to new replies.