Version 3.0.3.3 causing PHP Fatal Errors

Hello @firemyst,

Sorry about your issue, but for me it seems the issue doesn’t have any relation of this plugin because:

• The error happened because global variable $wp_rewrite was not allocated.
• $wp_rewrite would be allocated at 360 in “wp-settings.php” as $GLOBALS['wp_rewrite'] = new WP_Rewrite();.
• According to the stack frame #8, the timing of this issue was after get_header action hook which would be related your theme.
• This plugin will finish its jobs at init (or wp_loaded for admin) action hook when you select "init" action hook as “Validation timing” OR muplugins_loaded when you select "mu-plugins" (ip-geo-block-mu.php). This is far earlier than get_header action hook. Please check the order of action hook in codex.

So I wonder your issue would be caused by the shortage of the memory.

Could you try to make all plugins deactivated but this plugin? As for me, I will check the memory usage of this plugin.

Thanks for your cooperation.

Hi,

Here’re the results using Query Monitor plugin. Memory usage were calculated by difference between activating and deactivating this plugin.

[Admin dashboard]
Activated Deactivated    Delta
 32,079KB    30,754KB  1,325KB

[Queries]
IGB       Core
11Q        32Q

[Public facing page]
Activated Deactivated    Delta
27,458KB     26,371KB  1,087KB

[Queries]
IGB       Core
3Q         22Q

[Installation information]
- Server: Apache
- PHP: 5.6.10
- WordPress: 4.8
- Multisite: yes
- Zlib: yes
- ZipArchive: yes
- BC Math: yes
- mb_strcut: yes
- DNS lookup: available [17.5 msec]
- Twenty Twelve Child 2.0
- Twenty Twelve 2.3
- IP Geo Block 3.0.4a
- Query Monitor 2.13.4

Sorry but this is a developing version. I don’t think those are particular high.

I installed that Query Monitor plugin.

With all my other plugins disabled except BPS (Bullet Proof Security), WordFence, and IP Geo Block, memory usage is: 36,090 kb; with all the plugins enabled memory usage is 43,858kb. Mem limit is set to 512mb.

With all the plugins disabled, the error message still occurs when I have IP Geo Block enabled. Here’s the most recent from the IP Geo Block log:

2017-07-13 01:23:54 185.85.191.201 TR blocked GET[80]:/dl/wp-login.php

and there was one entry in the error log file:

[13-Jul-2017 01:23:54 UTC] PHP Fatal error:  Uncaught Error: Call to a member function using_index_permalinks() on null in /home/---/public_html/dl/wp-includes/rest-api.php:318
Stack trace:
#0 /home/---/public_html/dl/wp-includes/rest-api.php(664): get_rest_url()
#1 /home/---/public_html/dl/wp-includes/class-wp-hook.php(296): rest_output_link_wp_head()
#2 /home/---/public_html/dl/wp-includes/class-wp-hook.php(323): WP_Hook->apply_filters(Array, Array)
#3 /home/---/public_html/dl/wp-includes/plugin.php(453): WP_Hook->do_action(Array)
#4 /home/---/public_html/dl/wp-includes/general-template.php(2589): do_action('wp_head')
#5 /home/---/public_html/dl/wp-includes/theme-compat/header.php(46): wp_head()
#6 /home/---/public_html/dl/wp-includes/template.php(688): require_once('/home/---/p...')
#7 /home/---/public_html/dl/wp-includes/template.php(647): load_template('/home/---/p...', true)
#8 /home/---/public_html/dl/wp-includes/general-template.php(45): locate_template(Array, true)
#9 /home/---/public_html/dl/ in /home/---/public_html/dl/wp-includes/rest-api.php on line 318

When I disable IP Geo Block, no error messages occur regardless if the other plugins are enabled or disabled.

If this was theme related, then I would expect those error messages to occur all the time.

But those error messages only occur when I have IP Geo Block enabled.

That leads me to believe it’s related to something IP Geo Block is doing, directly or indirectly, specifically when access is blocked to the wp-login.php page for GET requests by country.

So is there any other information I can provide to help get to the bottom of this issue?

Thank you.

• This reply was modified 7 years, 4 months ago by FireMyst. Reason: Made the wording a little bit clearer

Well, I don’t get those errors, but one thing is different in my log:
blocked GET[80]:/dl/wp-login.php

Those dosent look like that on my page, but something like:
219.233.49.198 CN blocked GET[443]:/1login/?redirect_to=https%3A%2F%2Fvedsegaard.dk%2Fa-ord%2F

Also the logins, looks different, on my page they look like:
x.x.x.x DK wp-zep POST[443]:/wp-admin/admin-ajax.php

And the GET[80] never occur any more.
I think Your errors come from another plug-in.

If you read my previous post, I’ve had all other plugins disabled and the error still occurs. So how can it be from another plugin?

The admin-ajax.php will have a different log entry. I’m not concerned about those. THose aren’t causing errors.

Again, if you read my post, it’s when I have the login form blocked by country and GET requests.

OK, I can confirm there is a BUG in IP Geo Block now.

When I click the “export settings” under “plugin settings”, it returns the following:

Illegal JSON format.
? Back

So there’s some sort of mixture of settings I have with my installation that’s causing issues.

“With all my other plugins disabled except BPS (Bullet Proof Security), WordFence”
All except…

@tokkonopapa

Here’s one bug I found in IP Geo block: if you put the following in the “Response message” setting, it causes the illegal json format:

Sorry, that's not found.

It’s caused because you’re not escaping the apostrophe.

That happens when I select a “Response Code” of “404 Not Found” instead of returning “403 Forbidden”.

Hi guys,

Thank you for your discussions about this issue.

@firemyst: Thank you so much for reporting about “Illegal JSON formt”. Yes, actually the settings data would be send correctly as \"ip_geo_block_settings[response_msg]\":\"Sorry, that\'s not found.\", but decoding json fails and the error is trapped by this plugin. I’ll fix it in near future.

But it happens only on “Export settings“. The “apostrophe” is properly displayed on blocking by country and the fatal error never happens.

Or did you confirm that the issue was gone when you cut the “apostrophe”? If so, I would be happy. But I don’t think so!

I’d like to propose some debugging method to find when and where the global variable $wp_rewrite was broken to null using this. But before doing this, I’d appreciate if you try to change your theme to the default theme.

As for me, I should try to reproduce this fatal error in my test environment. To do this, I need details about your environment. Please copy and paste the “Installation information” at “Plugin settings” section.

Thanks for your great cooperation in advance!

Hi @firemyst,

I missed one thing.

That happens when I select a “Response Code” of “404 Not Found” instead of returning “403 Forbidden”.

If you select "mu-plugins (ip-geo-block-mu.php) as “Validation timing“, then please select "init" action hook and test again.

"mu-plugins (ip-geo-block-mu.php) says:

Validate at an earlier phase than other typical plugins. It can reduce load on server but has some restrictions.

“Response Code” of “404 Not Found” calls 404.php in your theme. But when you select "mu-plugins (ip-geo-block-mu.php), this plugin will do its job before initializing theme. This is one of the restrictions.

If you want “404 Not Found”, then:

1. Once you should show “404 Not Found” page.
2. Save that page as 404.php. It’s a static page but the file name should not be 404.html.
3. Replace it to your original 404.php in your theme directory.

I hope it can fix your issue.

Hi @tokkonopapa,

Thanks for your reply. So I can confirm a few things:

1) The JSON issue, as you suspected, didn’t resolve my initial issue of the error messages occurring when blocking the wp-login page. But at least you’re aware of it now and can fix it. ??

2) Setting response code to 403 works perfectly.

3) Using Response code 404 and setting “validation timing” to “mu-plugins” doesn’t work by itself. It throws the following error message:

[14-Jul-2017 00:56:19 UTC] PHP Fatal error:  Uncaught Error: Call to undefined function is_user_logged_in() in /home/----/public_html/dl/wp-content/plugins/ip-geo-block/classes/class-ip-geo-block.php:219
Stack trace:
#0 /home/----/public_html/dl/wp-includes/class-wp-hook.php(298): IP_Geo_Block::enqueue_nonce('')
#1 /home/----/public_html/dl/wp-includes/class-wp-hook.php(323): WP_Hook->apply_filters('', Array)
#2 /home/----/public_html/dl/wp-includes/plugin.php(453): WP_Hook->do_action(Array)
#3 /home/----/public_html/dl/wp-includes/script-loader.php(1296): do_action('wp_enqueue_scri...')
#4 /home/----/public_html/dl/wp-includes/class-wp-hook.php(298): wp_enqueue_scripts('')
#5 /home/----/public_html/dl/wp-includes/class-wp-hook.php(323): WP_Hook->apply_filters(NULL, Array)
#6 /home/----/public_html/dl/wp-includes/plugin.php(453): WP_Hook->do_action(Array)
#7 /home/----/public_html/dl/wp-includes/general-template.php(2589): do_action('wp_head')
#8 /home/----/public_html/dl/wp-includes/theme-compat/header.php(46): wp_head()
# in /home/----/public_html/dl/wp-content/plugins/ip-geo-block/classes/class-ip-geo-block.php on line 219

4) if I set response code to “404” and create a “404.php” file for my theme as you suggested, no errors are returned or logged, so that resolves the issue. To me, it’s not ideal (eg, if we have a theme change, color changes, etc, the 404.php file will have to be manually updated), but at least it keeps all those error messages from being thrown and the error file from growing to huge sizes.

5) Here is the output from the “installation information”:

- Server: Apache
- PHP: 7.0.20
- WordPress: 4.8
- Multisite: no
- Zlib: yes
- ZipArchive: yes
- BC Math: gmp yes
- mb_strcut: yes
- DNS lookup: available [22.1 msec]
- Optimizer 0.5.2
- BulletProof Security 2.2
- Captcha Bank 4.0.11
- Google Analytics Dashboard for WP (GADWP) 5.1.1
- Intense 2.8.8
- IP Geo Block 3.0.3.3
- Remove WordPress Overhead 1.1.0
- Subscribe to Comments Reloaded 170607
- Top 10 2.4.4
- Wordfence Security 6.3.12
- WP Rocket 2.9.5
- Yoast SEO 5.0.2

@tokkonopapa, Would you still like me to change to the default theme to see what happens?

Thank you.

Dear @firemyst,

Thank you for your cooperation.

1) The JSON issue, as you suspected, didn’t resolve my initial issue of the error messages occurring when blocking the wp-login page. But at least you’re aware of it now and can fix it.

Yes. And I appreciate you to head up about the JSON issue that is related only to “Export settings”.

2) Setting response code to 403 works perfectly.

Thank you for confirming!

3) Using Response code 404 and setting “validation timing” to “mu-plugins” doesn’t work by itself. It throws the following error message:

True. But it would not always happen. It depends on the theme you’re using.

4) if I set response code to “404” and create a “404.php” file for my theme as you suggested, no errors are returned or logged, so that resolves the issue.

Yes!

To me, it’s not ideal (eg, if we have a theme change, color changes, etc, the 404.php file will have to be manually updated),

Yep, I can understand it. May be I could setup something for theme before loading 404.php for users convenience. But it would place an additional load on server and would decrease the advantage of "mu-plugins" (ip-geo-block-mu.php).

I hate attackers spending my server resources especially on brute force attacks. I think this is a design matter about the balance between performance and convenience. Placing 404.php into your child theme can help a bit for updating issue. I hope your kind understanding.

Would you still like me to change to the default theme to see what happens?

No! I’d like to close this topic. But I’m always open to hear your opinions.

Anyway, I believe that this issue might be caused by my poor documentations. So I’ve improved them. Please refer to the followings:

– Response code and message
– Validation timing

Again, thanks so much!!