WordPress Critical Error + Invalid Code

Resolved

(@ruen06)

I face the same issue in this topic. https://wordpress.org/support/topic/big-issue-error-invalid-verification-code-critical/

I am using Defender Pro. If Defender Pro is enabled, after logging in with the code, it shows the error ‘There has been a critical error on …’

If I disabled Defender Pro, the code is always invalid. So I have no choice but to disable your plugin.

This is the PHP error recorded:

[19-Oct-2022 01:12:30 UTC] PHP Fatal error: Uncaught Exception: Invalid characters in the base32 string. in /var/web/site/public_html/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-authentication.php:291

PHP Stacktrace:
/var/web/site/public_html/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-authentication.php(255): WP2FA\Authenticator\Authentication::base32_decode('\x1F\x11\x98\xC4\xCE\xEAC\t\xEB\x98\x90\x1C\v[\xB4...')
/var/web/site/public_html/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-authentication.php(234): WP2FA\Authenticator\Authentication::calc_totp('\x1F\x11\x98\xC4\xCE\xEAC\t\xEB\x98\x90\x1C\v[\xB4...', 55538065)
/var/web/site/public_html/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-login.php(903): WP2FA\Authenticator\Authentication::is_valid_authcode('\x1F\x11\x98\xC4\xCE\xEAC\t\xEB\x98\x90\x1C\v[\xB4...', '050330')
/var/web/site/public_html/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-login.php(719): WP2FA\Authenticator\Login::validate_totp_aut in /var/web/site/public_html/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-authentication.php on line 291

Viewing 15 replies - 1 through 15 (of 19 total)

1 2 →

Plugin Contributor robertabela
(@robert681)

1 year, 6 months ago

Hello @ruen06

Thank you for using our plugin. I am sorry to read about your issue. Can you please confirm one thing for us?

If you reconfigure 2FA for your user, then it works right for a few weeks, correct?

Looking forward to hearing from you.

Thread Starter ruen06
(@ruen06)

1 year, 6 months ago

If you reconfigure 2FA for your user, then it works right for a few weeks, correct?

I have reset for one of my users who login to website frequently. I will let you know if this issue happens again.

Thread Starter ruen06
(@ruen06)

1 year, 5 months ago

Hi, when will this issue be resolved? My client is complaining and this 2FA feature is important to their site.

Plugin Contributor robertabela
(@robert681)

1 year, 5 months ago

Hello @ruen06

We have already designed a fix for this and we are working on the next update of the plugin. The fix will be included with the next update of the plugin.

I’m afraid that at the moment I can’t give you any timeline or date estimates, however, there is a temporary workaround for this: if you disable the “refreshing of WordPress salts” in Defender Pro the issue won’t occur.

I hope the above helps. Please let us know if you need any further assistance.

Thread Starter ruen06
(@ruen06)

1 year, 5 months ago

Hi, thanks for the update. However, “if you disable the “refreshing of WordPress salts” in Defender Pro the issue won’t occur.” – there is no such option in Defender Pro.

Plugin Contributor robertabela
(@robert681)

1 year, 5 months ago

I am sorry, I am not familiar with Defender Pro. Maybe you can contact their support to see if it is possible to disable the “changing of the WordPress salts”?

Thread Starter ruen06
(@ruen06)

1 year, 5 months ago

Hi, I have disabled the changing of WordPress salts periodically. Please release the fix as soon as possible. Thanks

Plugin Contributor robertabela
(@robert681)

1 year, 5 months ago

Thank you for the update @ruen06

We have already started working on the new update of the plugin. However, at this stage I cannot give you an ETA of when it will be released. Please subscribe to our newsletter or follow the WP 2FA plugin blog if you would like to be notified when the next update is released.

Should there be anything else we can assist you with, please do not hesitate to ask.

Have a great day.

Thread Starter ruen06
(@ruen06)

1 year, 4 months ago

Hi, just to let you know, I face the same error again when trying to log in today. The changing of WordPress salts was disabled one month ago.

Are there any other users who face the same issue as me? Get the same error even after disabling the feature you mentioned

Thread Starter ruen06
(@ruen06)

1 year, 4 months ago

I notice two situations where the error message ‘There has been a critical error on this website.’ shows.

First situation:
If you click Login without entering any 2FA code.

Second situation:
I set up the code by using the app first. Then I switch the method to set up the code by using email.
I enter the code from the app when I try to log in.

This is not the correct message that users should see. Please check your app thoroughly.
Plugin Contributor robertabela
(@robert681)

1 year, 4 months ago
Hello @ruen06

I am sorry to read that you are encountering other issues with the plugin. Has anything else changed since you have disabled the refreshing of WordPress salts?

By the way, when you get that error, which is reported by WordPress and not our plugin, WordPress sends you an email with the logs and information about the error. Can you please forward them to us via email at support@wpwhitesecurity.com so we can assist you?

Looking forward to hearing from you.
- This reply was modified 1 year, 4 months ago by robertabela.
Thread Starter ruen06
(@ruen06)

1 year, 4 months ago

Has anything else changed since you have disabled the refreshing of WordPress salts?

No.

By the way, when you get that error, which is reported by WordPress and not our plugin, WordPress sends you an email with the logs and information about the error. Can you please forward them to us via email at support@wpwhitesecurity.com so we can assist you?

I am sure it is caused by your plugin. WordPress didn’t email us anything. The error message only shows when I do the actions mentioned in the two situations.

Plugin Contributor robertabela
(@robert681)

1 year, 4 months ago

Hello @ruen06

Thank you for your message and for using our plugin.

I am sorry to read about your issue. Can you please confirm if this is a new install and this was always the case, or this was working and after a few days this started happening?

Looking forward to hearing from you.

Thread Starter ruen06
(@ruen06)

1 year, 4 months ago

Which issue did you mean? The issue of 2FA didn’t work after some time?
Or the two situations that caused the WordPress error message?

For the salts changing issue, I am sure I am clear enough on reporting the issue.

For the two situations that caused the WordPress error message,
I am unsure whether the issue of two situations causing WordPress error is related to the salts changing issue. But since I get the same WordPress error message when trying to login so I note it under this topic for your reference.

And obviously, I have used your plugin for some time, so this is not a new install.
That was my first time trying to log in using the method mentioned in the two situations.

Plugin Contributor robertabela
(@robert681)

1 year, 4 months ago

Hello @ruen06

I am sorry to read about your issue.

Currently we have a number of fixes lined up that are related to this and similar issues. They will be included in update 2.4.0, which will be released some time in January. So I’d suggest to wait for the next update.

Having said that, can you run a quick test? If you reset the 2FA setup for a user, can you please confirm it if works then for a few days?

Looking forward to hearing from you.

Viewing 15 replies - 1 through 15 (of 19 total)

1 2 →

The topic ‘WordPress Critical Error + Invalid Code’ is closed to new replies.