Support » Plugin: Wordfence Security - Firewall & Malware Scan » Uncaught exception when running wp-cron.php (`wfWAFStorageFile->_open`)

  • Resolved Q

    (@quinncom)


    I’m executing WordPress cron via crontab (cd /var/www/html; php wp-cron.php) every 15 minutes. About once a day I’ll receive an email from cron contining this:

    Stack trace:
    #0 /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(431): wfWAFStorageFile->_open('/var/www/html/...', false, false, '<?php exit('Acc...', true)
    #1 /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(610): wfWAFStorageFile->open('')
    #2 /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(564): wfWAFStorageFile->fetchConfigData('')
    #3 /var/www/html/wp-content/plugins/wordfence/lib/wordfenceClass.php(7889): wfWAFStorageFile->getConfig('attackDataKey', false)
    #4 [internal function]: wordfence::processAttack in /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 468
    

    Most of the time wp-cron.php executes without errors, so this is an intermittant problem. I haven’t seen this error while using the public website or wp-admin.

    Any ideas?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Hey @quinncom,

    I’ve spoken with the Team about this. Can you please try running the cron job via cURL or WGET versus PHP as it can cause permission/ownership issues on the wflogs directory.

    Please let me know how it goes.

    Thanks,

    Gerroald

    Thread Starter Q

    (@quinncom)

    Hi Gerroald,

    Thanks for the reply.

    If I execute wp-cron.php via http request (curl, et al) then there is no error.

    My hunch is that this is a permissions problem. But I’m confused why the problem is intermittant: the error messages are only reported about once a week, and I’m running wp-cron.php via CLI every 15 minutes.

    I do consistently get this error every time: Unable to open /var/www/html/wp-content/wflogs/attack-data.php for reading and writing. That’s not a problem, it doesn’t prevent wp-cron.php or wp-cli from running successfully, so I usually filter the cli output like this 2>&1 | grep -v /wflogs/.

    There are two users who need access to the /wflogs/ directory:

    – apache is running as user apache
    – cron jobs execute as the site user user1

    Wordfence writes files to the /wflogs/ directory with only owner-readability permissions set:

    
    drwxr-xr-x 2 apache user1      224 May 16 23:55 .
    drwxrwsr-x 8 apache user1       97 Dec 11 01:46 ..
    -rw------- 1 apache user1    40083 Dec 11 01:46 attack-data.php
    -rw------- 1 apache apache     601 May 16 23:53 config-livewaf.php
    -rw------- 1 apache apache     559 Dec 20 05:10 config.php
    -rw------- 1 apache apache   11713 Dec 24 18:45 config-synced.php
    -rw------- 1 apache apache 1255378 May 16 23:55 config-transient.php
    -rw-rw-r-- 1 apache user1  3803555 Apr 26 15:29 GeoLite2-Country.mmdb
    -rw-r--r-- 1 apache user1      133 May 16 23:53 .htaccess
    -rw------- 1 apache user1       51 May 16 23:53 ips.php
    -rw-r--r-- 1 apache apache  264325 May 16 23:53 rules.php
    -rw------- 1 apache user1       51 Dec 11 01:47 template.php
    

    I update the perms to -rw-r-----, only for them to automatically reset to -rw-------. I could do something hackish like add chmod g+r ./wflogs/ before I run any cron job, but I thought I would report this issue because I would expect Wordfence to fail gracefully and display a more useful error message if there is a permissions issue, if indeed this problem is caused by permissions.

    Thanks again for your help.

    Plugin Author WFSupport

    (@wfsupport)

    Hi

    A better error message is an excellent idea. We’ve passed that over to the dev and qa teams top see whether or not we are able to get better information to provide site owners with more actionable results.

    I think you are right in that it is a permissions issue. When I see the ownership I see the files are owned by the apache user and group. They should be owned by the user that php runs under if I am not mistaken. You may have to alter the cron job to sudo to the php process owner before executing the job.

    However, since this is a server permissions issue, our support is limited in what we can do here.

    Thanks!

    Tim

    Thread Starter Q

    (@quinncom)

    Hi Tim,

    Better error messages would be a great for everyone: it’d make the developer experience better and reduce your support load.

    In this case, there is an easy fix that should be implemented to prevent the error from occurring in the first place: allow to configure WordFence to use a specific chmod mask so its log files can be defined as group-readable. You call this a “permissions issue”, but the issue is that the permissions are actually impossible to fix. If I set the correct permissions for my environment (-rw-r-----), WordFence will just resets them to what it assumes is correct (-rw-------) the next time it runs, thus generating an error.

    In my case, -rw-r----- are the necessary permissions. Because of legacy reasons, the php user runs as apache, but the cron user must run as user1.

    I’ve already mentioned two errors that occur due to permissions in my previous messages, but there are more:

    Error #3:

    
    Warning: flock() expects parameter 1 to be resource, boolean given in /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 326
    Warning: flock() expects parameter 1 to be resource, boolean given in /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 329
    Warning: fclose() expects parameter 1 to be resource, boolean given in /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 330
    

    Error #4:

    
    Stack trace:
    #4 [internal function]: wordfence::processAttack in /var/www/html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 468
    

    (With the “There has been a critical error on your website” page html dumped to the screen.)

    • This reply was modified 1 year, 5 months ago by Q.
    • This reply was modified 1 year, 5 months ago by Q. Reason: Redact private server details
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Uncaught exception when running wp-cron.php (`wfWAFStorageFile->_open`)’ is closed to new replies.