Update old security keys
-
I saw that there were recommendations and that one of them was to update the old security keys. I clicked on Regenerate keys and now I have the following printed at the top of my dashboard pages and I can’t get rid of it:
DEFENDER GENERATED SALTS */ define('AUTH_KEY', 'L&p9JB^fKV]|BAsA:|g=Ro,hh@_cLy6Hl?5cRR}fJx|2;3VasLVq;<0Q~q!xcX6/'); define('SECURE_AUTH_KEY', 'w5O$VZWVhW})+d90;gk_zvb-4GCO!w/]/=(XpvC/t^tFo}p>}'); define('LOGGED_IN_KEY', 'kYi$eddJ~uX-6);}uf6T)MJfFcB6a{TQO5f]):NkXy/@Qsj=PBAE|,KS#
BkcFSK’); define(‘NONCE_KEY’, ‘)+I1|V;j9Ur^hnbJ(4@M|HDswV@C$H8kiUQ+c&E7>EF7?o>aV>TJkl.4cZd-Mkm'); define('AUTH_SALT', '4Ko*pfIlmC+Zc~#~n
)l?foHH79L7(G!YH80UIgS8YV;ni5%9S6Q8Z^}v1B52eW1′); define(‘SECURE_AUTH_SALT’, ‘hn9+I9y!5Qa5iuETkZn2rC)Q.lnIwo>;&BYv&,e0}s*m3LA%vhIg5jrptU~~aMMi’); define(‘LOGGED_IN_SALT’, ‘HYhua~w=Bk$,n>SW>eEt,EN}-oj>~rsbR@[Mj3zQf0cf+#DnF+eb)D@OG:_- 5?d|9La@]6gG4/B%V.GbuBpErQf-Kz;pWXy%Z7HX0n;’); define(‘SECURE_AUTH_KEY’, ‘A4M|Y#yS3Wsr0F@&Lw6J.7;jlM;2W14)y>7|yP 4@}pjf/+K6:!++C,[SuDNm|s'); define('LOGGED_IN_KEY', '%?1o{z|$..KJ|n?=a
vq~#b5.b@Fh5FhZJF=}Ixn-9@^_-RmU4q5 %Y+@Ps3w(07′); define(‘NONCE_KEY’, ‘+.sv-d#V5qxBMjsu,Ou+3i`The page I need help with: [log in to see the link]
-
Now my site seems to be hosed by this. The above code is displaying on the front end of the site and the dashboard is down completely. I tried to restore from a backup from a week ago and the problem persists. Please help soon!
Thank you,
I found that if I removed the GENERATED SALTS code from the wp-config file, the front end came back, but the dashboard is still down completely.
Hi @earrame,
I am sorry to know that you are experiencing an issue.
Since restoring a backup didn’t help, I suspect something else is causing the issue. Can you please let us know if you notice any errors at the dashboard end?
Please enable debug log and check if a PHP error is being logged. You can find more details regarding the same here: https://wordpress.org/support/article/debugging-in-wordpress/
Can you please share the debug log with your next response so that we can help you further?
Kind Regards,
Nebu JohnThis is the content of the error log:
[Mon Oct 18 00:35:48.770821 2021] [fcgid:warn] [pid 21502:tid 140397019907840] [client 194.34.132.57:58512] mod_fcgid: stderr: PHP Warning: Cannot modify header information – headers already sent by (output started at /home/seawing_vps/seawingdesigns.com/wp-config.php:1) in /home/seawing_vps/seawingdesigns.com/wp-includes/functions.php on line 6712, referer: http://seawingdesigns.com/wp-login.php
Of course this repeats many times but it is the same every time.
I cannot open the login page/ dashboard at all, it is just a white screen.
Hi @earrame
Thank you for the log,
Could you try the following step?
PHP Warning: Cannot modify header information – headers already sent by (output started at /home/seawing_vps/seawingdesigns.com/wp-config.php:1)
More information https://make.wordpress.org/support/handbook/appendix/breakfix-lessons/php-whitespace-headers-already-sent/
Could you edit your wp-config, it seems there is a whitespace space in the first line before of <?php tag
Make sure to remove it and save the file.
Let us know the result you got.
Best Regards
Patrick FreitasI looked and there is no white space. See the content of file below:
<?php /** Enable W3 Total Cache */ define('WP_CACHE', true); // Added by W3 Total Cache /** Enable W3 Total Cache Edge Mode */ define('W3TC_EDGE_MODE', true); // Added by W3 Total Cache /** WordPress's config file **/ /** http://wordpress.org/ **/ // ** MySQL settings ** // //Added by WP-Cache Manager define('DB_NAME', "***********"); // The name of the database define('DB_USER', "**********"); // Your MySQL username define('DB_PASSWORD', "*************"); // ...and password define('DB_HOST', "mysql.seawingdesigns.com:3306"); // ...and the server MySQL is running on // Change the prefix if you want to have multiple blogs in a single database. $table_prefix = 'wp_2sw142_'; define( 'DISALLOW_FILE_EDIT', true ); // example: 'wp_' or 'b2' or 'mylogin_' // Turning off Post Revisions. Comment this line out if you would like them to be on. define('WP_POST_REVISIONS', false); // Change this to localize WordPress. A corresponding MO file for the // chosen language must be installed to wp-includes/languages. // For example, install de.mo to wp-includes/languages and set WPLANG to 'de' // to enable German language support. define('WPLANG', ''); // Enable WP_DEBUG mode define( 'WP_DEBUG', true ); // Enable Debug logging to the /wp-content/debug.log file define( 'WP_DEBUG_LOG', true ); // Disable display of errors and warnings define( 'WP_DEBUG_DISPLAY', false ); @ini_set( 'display_errors', 0 ); // Use dev versions of core JS and CSS files (only needed if you are modifying these core files) define( 'SCRIPT_DEBUG', true ); /* Stop editing */ $server = DB_HOST; $loginsql = DB_USER; $passsql = DB_PASSWORD; $base = DB_NAME; define('ABSPATH', dirname(__FILE__) . '/'); // Get everything else require_once ABSPATH . 'wp-settings.php';
I had to do a full site restore. This experience makes me hesitant to use this plugin at all.
Hello there @earrame
So you weren’t using any salt keys before?
Can you try to visit this URL:
https://api.wordpress.org/secret-key/1.1/salt/
and copy the generated keys?Then add them in the wp-config.php file as shown in the sample file here:
https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php#L40-L58Then try to re-downlod Defender and re-apply the salt keys recommendation.
Looking forward to your results.
Dimitris
I am really worried that it is going to take my site down again. I guess I would rather leave it alone rather than take that risk.
Hi @earrame
Are you able to talk with your hosting provider and create a staging site and test the above solution before making changes on the live site?
Kind Regards,
KrisI encountered this same problem again, this time I didn’t make any changes in Defender, the salt was just added automatically to the WP-config which caused it to print on screen. I was able to remove it with no further problems. Here is the content of that file:
/* DEFENDER GENERATED SALTS */ define('AUTH_KEY', '?%:7I(B*?k!:qJCC;-L2vF-Rza@R5oNY7hjTZq
cM-7+|.%XH]L-)VY!1fsl,kCx’);
define(‘SECURE_AUTH_KEY’, ‘E`RF*RZRW@h_N8S8G-.?R<2ZW<.,t7VTQWeB&FEuJPk6C[A|cnv5$KMlv!<G,9D(‘);
define(‘LOGGED_IN_KEY’, ‘L],QLTX~wWx$;+?x:<!^#b4,0vxcD#?mwS|3Qij/(M-9mM$/c)_G3fY3Q;vfw]&q’);
define(‘NONCE_KEY’, ‘s#Tp#}|D_ar^$VMjAy?1%6}Yh+BD-YS?noZp)8g35()YKd^9$VuJFJX{~pr1|[&@’);
define(‘AUTH_SALT’, ‘$^_*JA7$v>Fsh=dYPI7$Iwz8V9AuY?%#g:)lSOD;HF fCm|vg& /n_mfb#g%}$4+’);
define(‘SECURE_AUTH_SALT’, ‘I7y4,*sMwL=<ubaPMz+~2-lD)XXby0AxA} ?0K&FjeZ2^,o oQ<!5V(C:7.J 5OH’);
define(‘LOGGED_IN_SALT’, ‘8afobMK)G%R~5Jo1C>QyT@V{](oz&9qcZ@upTtyH!fIj-()SQ?F7lEA]?$+nt]
‘);
define(‘NONCE_SALT’, ‘&FG=p~=uhbv-ep3KZ:fM]6 . 9; ud9|/<mI[8hXj+ygnYqXP4`nb;./7O;2b|_,’);<?php
/** Enable W3 Total Cache */
define(‘WP_CACHE’, true); // Added by W3 Total Cache/** Enable W3 Total Cache Edge Mode */
define(‘W3TC_EDGE_MODE’, true); // Added by W3 Total Cache/** WordPress’s config file **/
/** http://wordpress.org/ **/
// ** MySQL settings ** //
//Added by WP-Cache Manager
define(‘DB_NAME’, “*******”);
// The name of the database
define(‘DB_USER’, “*******”);
// Your MySQL username
define(‘DB_PASSWORD’, “**********”);
// …and password
define(‘DB_HOST’, “mysql.seawingdesigns.com:3306″);
// …and the server MySQL is running on
// Change the prefix if you want to have multiple blogs in a single database.
$table_prefix = ‘wp_2sw142_’;define( ‘DISALLOW_FILE_EDIT’, true );
// example: ‘wp_’ or ‘b2’ or ‘mylogin_’
// Turning off Post Revisions. Comment this line out if you would like them to be on.
define(‘WP_POST_REVISIONS’, false);
// Change this to localize WordPress. A corresponding MO file for the
// chosen language must be installed to wp-includes/languages.
// For example, install de.mo to wp-includes/languages and set WPLANG to ‘de’
// to enable German language support.
define(‘WPLANG’, ”);
/* Stop editing */
$server = DB_HOST;
$loginsql = DB_USER;
$passsql = DB_PASSWORD;
$base = DB_NAME;
define(‘ABSPATH’, dirname(__FILE__) . ‘/’);
// Get everything else
require_once ABSPATH . ‘wp-settings.php’;`Hi @earrame
Sorry to hear you are having this issue.
Could you please send me an email to contact@wpmudev.org using this template:
Subject: “Attn: Patrick Freitas”
Message: link back to this thread for reference https://wordpress.org/support/topic/update-old-security-keys/
Best Regards
Patrick FreitasHi @earrame
I hope you are doing well.
Sorry for the delay here.
Our developers checked the issue and it is related to the wp-config file,
As you can see on the shared wp-config file it is:
/* Stop editing */ $server = DB_HOST; $loginsql = DB_USER; $passsql = DB_PASSWORD; $base = DB_NAME; define(‘ABSPATH’, dirname(__FILE__) . ‘/’); // Get everything else require_once ABSPATH . ‘wp-settings.php’;
This doesn’t match the default WordPress config file so if any plugin would look for the correct lines it wouldn’t be able to find.
To prevent the issue, modify that section to:
/* That's all, stop editing! Happy publishing. */ /** Absolute path to the WordPress directory. */ if ( ! defined( 'ABSPATH' ) ) { define( 'ABSPATH', dirname( __FILE__ ) . '/' ); } $server = DB_HOST; $loginsql = DB_USER; $passsql = DB_PASSWORD; $base = DB_NAME;
Also, unless you are using the variables on a different location on your file, it doesn’t make much sense to add the DB info into variables to be used on define, I suggest reverting to the default WordPress way:
https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php
And follow the guideline for any editing:
Best Regards
Patrick FreitasHi @earrame,
Since we haven’t heard from you for a while. I’ll mark this thread as resolved for now. Please feel free to re-open the thread if you need further assistance.
Best Regards
Nithin
- The topic ‘Update old security keys’ is closed to new replies.