• Resolved earrame

    (@earrame)


    I saw that there were recommendations and that one of them was to update the old security keys. I clicked on Regenerate keys and now I have the following printed at the top of my dashboard pages and I can’t get rid of it:

    DEFENDER GENERATED SALTS */ define('AUTH_KEY', 'L&p9JB^fKV]|BAsA:|g=Ro,hh@_cLy6Hl?5cRR}fJx|2;3VasLVq;<0Q~q!xcX6/'); define('SECURE_AUTH_KEY', 'w5O$VZWVhW})+d90;gk_zvb-4GCO!w/]/=(XpvC/t^tFo}p>}'); define('LOGGED_IN_KEY', 'kYi$eddJ~uX-6);}uf6T)MJfFcB6a{TQO5f]):NkXy/@Qsj=PBAE|,KS#BkcFSK’); define(‘NONCE_KEY’, ‘)+I1|V;j9Ur^hnbJ(4@M|HDswV@C$H8kiUQ+c&E7>EF7?o>aV>TJkl.4cZd-Mkm'); define('AUTH_SALT', '4Ko*pfIlmC+Zc~#~n)l?foHH79L7(G!YH80UIgS8YV;ni5%9S6Q8Z^}v1B52eW1′); define(‘SECURE_AUTH_SALT’, ‘hn9+I9y!5Qa5iuETkZn2rC)Q.lnIwo>;&BYv&,e0}s*m3LA%vhIg5jrptU~~aMMi’); define(‘LOGGED_IN_SALT’, ‘HYhua~w=Bk$,n>SW>eEt,EN}-oj>~rsbR@[Mj3zQf0cf+#DnF+eb)D@OG:_- 5?d|9La@]6gG4/B%V.GbuBpErQf-Kz;pWXy%Z7HX0n;’); define(‘SECURE_AUTH_KEY’, ‘A4M|Y#yS3Wsr0F@&Lw6J.7;jlM;2W14)y>7|yP 4@}pjf/+K6:!++C,[SuDNm|s'); define('LOGGED_IN_KEY', '%?1o{z|$..KJ|n?=avq~#b5.b@Fh5FhZJF=}Ixn-9@^_-RmU4q5 %Y+@Ps3w(07′); define(‘NONCE_KEY’, ‘+.sv-d#V5qxBMjsu,Ou+3i`

    The page I need help with: [log in to see the link]

Viewing 14 replies - 1 through 14 (of 14 total)
  • Thread Starter earrame

    (@earrame)

    Now my site seems to be hosed by this. The above code is displaying on the front end of the site and the dashboard is down completely. I tried to restore from a backup from a week ago and the problem persists. Please help soon!

    Thank you,

    Thread Starter earrame

    (@earrame)

    I found that if I removed the GENERATED SALTS code from the wp-config file, the front end came back, but the dashboard is still down completely.

    Plugin Support Nebu John – WPMU DEV Support

    (@wpmudevsupport14)

    Hi @earrame,

    I am sorry to know that you are experiencing an issue.

    Since restoring a backup didn’t help, I suspect something else is causing the issue. Can you please let us know if you notice any errors at the dashboard end?

    Please enable debug log and check if a PHP error is being logged. You can find more details regarding the same here: https://wordpress.org/support/article/debugging-in-wordpress/

    Can you please share the debug log with your next response so that we can help you further?

    Kind Regards,
    Nebu John

    Thread Starter earrame

    (@earrame)

    This is the content of the error log:

    [Mon Oct 18 00:35:48.770821 2021] [fcgid:warn] [pid 21502:tid 140397019907840] [client 194.34.132.57:58512] mod_fcgid: stderr: PHP Warning: Cannot modify header information – headers already sent by (output started at /home/seawing_vps/seawingdesigns.com/wp-config.php:1) in /home/seawing_vps/seawingdesigns.com/wp-includes/functions.php on line 6712, referer: http://seawingdesigns.com/wp-login.php

    Of course this repeats many times but it is the same every time.

    I cannot open the login page/ dashboard at all, it is just a white screen.

    Plugin Support Patrick – WPMU DEV Support

    (@wpmudevsupport12)

    Hi @earrame

    Thank you for the log,

    Could you try the following step?

    PHP Warning: Cannot modify header information – headers already sent by (output started at /home/seawing_vps/seawingdesigns.com/wp-config.php:1)

    More information https://make.wordpress.org/support/handbook/appendix/breakfix-lessons/php-whitespace-headers-already-sent/

    Could you edit your wp-config, it seems there is a whitespace space in the first line before of <?php tag

    Make sure to remove it and save the file.

    Let us know the result you got.
    Best Regards
    Patrick Freitas

    Thread Starter earrame

    (@earrame)

    I looked and there is no white space. See the content of file below:

    <?php
    /** Enable W3 Total Cache */
    define('WP_CACHE', true); // Added by W3 Total Cache
    
    /** Enable W3 Total Cache Edge Mode */
    define('W3TC_EDGE_MODE', true); // Added by W3 Total Cache
    
    /** WordPress's config file **/
    /** http://wordpress.org/   **/
    // ** MySQL settings ** //
    //Added by WP-Cache Manager
    define('DB_NAME', "***********");
    // The name of the database
    define('DB_USER', "**********");
    // Your MySQL username
    define('DB_PASSWORD', "*************");
    // ...and password
    define('DB_HOST', "mysql.seawingdesigns.com:3306");
    // ...and the server MySQL is running on
    // Change the prefix if you want to have multiple blogs in a single database.
    $table_prefix = 'wp_2sw142_';
    
    define( 'DISALLOW_FILE_EDIT', true );
    // example: 'wp_' or 'b2' or 'mylogin_'
    // Turning off Post Revisions. Comment this line out if you would like them to be on.
    define('WP_POST_REVISIONS', false);
    // Change this to localize WordPress.  A corresponding MO file for the
    // chosen language must be installed to wp-includes/languages.
    // For example, install de.mo to wp-includes/languages and set WPLANG to 'de'
    // to enable German language support.
    define('WPLANG', '');
    // Enable WP_DEBUG mode
    define( 'WP_DEBUG', true );
    
    // Enable Debug logging to the /wp-content/debug.log file
    define( 'WP_DEBUG_LOG', true );
    
    // Disable display of errors and warnings
    define( 'WP_DEBUG_DISPLAY', false );
    @ini_set( 'display_errors', 0 );
    
    // Use dev versions of core JS and CSS files (only needed if you are modifying these core files)
    define( 'SCRIPT_DEBUG', true );
    /* Stop editing */
    $server = DB_HOST;
    $loginsql = DB_USER;
    $passsql = DB_PASSWORD;
    $base = DB_NAME;
    define('ABSPATH', dirname(__FILE__) . '/');
    // Get everything else
    require_once ABSPATH . 'wp-settings.php';
    Thread Starter earrame

    (@earrame)

    I had to do a full site restore. This experience makes me hesitant to use this plugin at all.

    Plugin Support Dimitris – WPMU DEV Support

    (@wpmudev-support6)

    Hello there @earrame

    So you weren’t using any salt keys before?

    Can you try to visit this URL:
    https://api.wordpress.org/secret-key/1.1/salt/
    and copy the generated keys?

    Then add them in the wp-config.php file as shown in the sample file here:
    https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php#L40-L58

    Then try to re-downlod Defender and re-apply the salt keys recommendation.

    Looking forward to your results.

    Dimitris

    Thread Starter earrame

    (@earrame)

    I am really worried that it is going to take my site down again. I guess I would rather leave it alone rather than take that risk.

    Plugin Support Kris – WPMU DEV Support

    (@wpmudevsupport13)

    Hi @earrame

    Are you able to talk with your hosting provider and create a staging site and test the above solution before making changes on the live site?

    Kind Regards,
    Kris

    Thread Starter earrame

    (@earrame)

    I encountered this same problem again, this time I didn’t make any changes in Defender, the salt was just added automatically to the WP-config which caused it to print on screen. I was able to remove it with no further problems. Here is the content of that file:

    /* DEFENDER GENERATED SALTS */
    define('AUTH_KEY',         '?%:7I(B*?k!:qJCC;-L2vF-Rza@R5oNY7hjTZq

    cM-7+|.%XH]L-)VY!1fsl,kCx’);
    define(‘SECURE_AUTH_KEY’, ‘E`RF*RZRW@h_N8S8G-.?R<2ZW<.,t7VTQWeB&FEuJPk6C[A|cnv5$KMlv!<G,9D(‘);
    define(‘LOGGED_IN_KEY’, ‘L],QLTX~wWx$;+?x:<!^#b4,0vxcD#?mwS|3Qij/(M-9mM$/c)_G3fY3Q;vfw]&q’);
    define(‘NONCE_KEY’, ‘s#Tp#}|D_ar^$VMjAy?1%6}Yh+BD-YS?noZp)8g35()YKd^9$VuJFJX{~pr1|[&@’);
    define(‘AUTH_SALT’, ‘$^_*JA7$v>Fsh=dYPI7$Iwz8V9AuY?%#g:)lSOD;HF fCm|vg& /n_mfb#g%}$4+’);
    define(‘SECURE_AUTH_SALT’, ‘I7y4,*sMwL=<ubaPMz+~2-lD)XXby0AxA} ?0K&FjeZ2^,o oQ<!5V(C:7.J 5OH’);
    define(‘LOGGED_IN_SALT’, ‘8afobMK)G%R~5Jo1C>QyT@V{](oz&9qcZ@upTtyH!fIj-()SQ?F7lEA]?$+nt]‘);
    define(‘NONCE_SALT’, ‘&FG=p~=uhbv-ep3KZ:fM]6 . 9; ud9|/<mI[8hXj+ygnYqXP4`nb;./7O;2b|_,’);

    <?php
    /** Enable W3 Total Cache */
    define(‘WP_CACHE’, true); // Added by W3 Total Cache

    /** Enable W3 Total Cache Edge Mode */
    define(‘W3TC_EDGE_MODE’, true); // Added by W3 Total Cache

    /** WordPress’s config file **/
    /** http://wordpress.org/ **/
    // ** MySQL settings ** //
    //Added by WP-Cache Manager
    define(‘DB_NAME’, “*******”);
    // The name of the database
    define(‘DB_USER’, “*******”);
    // Your MySQL username
    define(‘DB_PASSWORD’, “**********”);
    // …and password
    define(‘DB_HOST’, “mysql.seawingdesigns.com:3306″);
    // …and the server MySQL is running on
    // Change the prefix if you want to have multiple blogs in a single database.
    $table_prefix = ‘wp_2sw142_’;

    define( ‘DISALLOW_FILE_EDIT’, true );
    // example: ‘wp_’ or ‘b2’ or ‘mylogin_’
    // Turning off Post Revisions. Comment this line out if you would like them to be on.
    define(‘WP_POST_REVISIONS’, false);
    // Change this to localize WordPress. A corresponding MO file for the
    // chosen language must be installed to wp-includes/languages.
    // For example, install de.mo to wp-includes/languages and set WPLANG to ‘de’
    // to enable German language support.
    define(‘WPLANG’, ”);
    /* Stop editing */
    $server = DB_HOST;
    $loginsql = DB_USER;
    $passsql = DB_PASSWORD;
    $base = DB_NAME;
    define(‘ABSPATH’, dirname(__FILE__) . ‘/’);
    // Get everything else
    require_once ABSPATH . ‘wp-settings.php’;`

    Plugin Support Patrick – WPMU DEV Support

    (@wpmudevsupport12)

    Hi @earrame

    Sorry to hear you are having this issue.

    Could you please send me an email to contact@wpmudev.org using this template:

    Subject: “Attn: Patrick Freitas”

    Message: link back to this thread for reference https://wordpress.org/support/topic/update-old-security-keys/

    Best Regards
    Patrick Freitas

    Plugin Support Patrick – WPMU DEV Support

    (@wpmudevsupport12)

    Hi @earrame

    I hope you are doing well.

    Sorry for the delay here.

    Our developers checked the issue and it is related to the wp-config file,

    As you can see on the shared wp-config file it is:

    /* Stop editing */
    $server = DB_HOST;
    $loginsql = DB_USER;
    $passsql = DB_PASSWORD;
    $base = DB_NAME;
    define(‘ABSPATH’, dirname(__FILE__) . ‘/’);
    // Get everything else
    require_once ABSPATH . ‘wp-settings.php’;

    This doesn’t match the default WordPress config file so if any plugin would look for the correct lines it wouldn’t be able to find.

    To prevent the issue, modify that section to:

    /* That's all, stop editing! Happy publishing. */
    
    /** Absolute path to the WordPress directory. */
    if ( ! defined( 'ABSPATH' ) ) {
    	define( 'ABSPATH', dirname( __FILE__ ) . '/' );
    }
    
    $server = DB_HOST;
    $loginsql = DB_USER;
    $passsql = DB_PASSWORD;
    $base = DB_NAME;

    Also, unless you are using the variables on a different location on your file, it doesn’t make much sense to add the DB info into variables to be used on define, I suggest reverting to the default WordPress way:

    https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php

    And follow the guideline for any editing:

    Editing wp-config.php

    Best Regards
    Patrick Freitas

    Plugin Support Nithin – WPMU DEV Support

    (@wpmudevsupport11)

    Hi @earrame,

    Since we haven’t heard from you for a while. I’ll mark this thread as resolved for now. Please feel free to re-open the thread if you need further assistance.

    Best Regards
    Nithin

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Update old security keys’ is closed to new replies.