I recommend that you stick with file data save method. The database save method usually fails when you are scanning a lot of data.
Future releases will default to file save method.
Thank you for your response, Scott.
I see. But why doesn’t this problem happen when file save mode is set?
(Even with the file save mode, the plugin still needs to check a lot of files.)
Is it related with the database timeout? And if so, isn’t it possible to fix the plugin so that the search finishes before the timeout?
Please see the plugin FAQ http://wordpress.org/extend/plugins/wordpress-file-monitor-plus/faq/
There is a section there about max_allowed_packet
which explains this.
Hi Scott, I want to add that maybe another FAQ-entry would be very helpful, since exporting the WP-CMS was impossible. The max_packet_size is fixed by webhoster, so there is not adaption possible.
I tzracked it down to the wp_options table, and specific the serialized array of the WPFMP data.
Enabling the debug log shows ths entry, inserted for reference when other users of this great security plugin encounter the same problem.
[19-Feb-2012 16:23:14 UTC] WordPress database error Got a packet bigger than ‘max_allowed_packet’ bytes for query INSERT INTO wpcms_options
(option_name
, option_value
, autoload
) VALUES (‘sc_wpfmp_scan_data’, values….);
ANother suggestions is, please insert a checksum in the DB of the contents of the .sc_wpfmp_scan_data-file! this is a safeguard to changing it easily via hacking the filesystem. Just another layer of defense-in-depth.
maybe with an installation specific entry in wp_options (key is based upon MD5 of Site-Base-URL?), so this cannot be found easily by drive-by-infection attempts.
@devstorm I don’t see how changing the name of .sc_wpfmp_scan_data
to a random name will make it anymore secure?
If a hacker has compromised your system and know that you are running WPFMP then all they would have to do is scan the data folder for any files. Whether its called .sc_wpfmp_scan_data
or .abcdefg1234
doesn’t make it any more secure.
@scott, @devstorm,
Thank you for all your suggestion for the solution.
I understand that MySQL max_allowed_packet limit is changeable,
so I will try setting it as high as possible.
If not possible, then I might have to set the file mode as an alternative.
Scanning checksum data should be another good idea, but to do that, I have to revise the program so that checksum data can be inserted in DB table, and that will take a lot of time if I assign it to every website I own.
(But if the future wpfmp will have that feature, then I want to try it!)