critical error when running manual database backup

Please could you (or your hosts/server admin) check if any firewalls on either server are blocking the connection? They will have to check both the incoming and outgoing firewalls.

> You are not being blocked by our incoming firewall or server, and we
> have no outbound one, so it could be your code.

Could you install the free plugin WPCrontrol and check the cron events to see if there are any overdue tasks?

I used that to clean up the old jobs and jobs from uninstalled plugins. There are currently no un-run jobs and the backup fails. To be clear i am only running manual backups. I also find it interesting the the backup does run and creates the file but it always errors at around 25mb in size. The size of the database in cPanel is about 800mb

The Crontrol has this error at the top…
>There was a problem spawning a call to the WP-Cron system on your site. This means
>WP-Cron events on your site may not work. The problem was:

>Unexpected HTTP response code: 503

I have also deactivated every single plugin except for the AIOWPS and Crontrol so it is not another plugin.

Also from Dreamhost:
>Checking on the error logs, I found some access from the firewall related to the
>plugin, saying that the plugin request contains invalid or null characters.
>For this case, I have temporarily allowed access or site requests with invalid or null
>characters for the site, hoping that the error will now be removed when creating a
>backup.

It sounds like a problem with you site scheduler.

Can you add the following to your wp.config.php anywhere in the middle of your wp-config.php file as follows (don’t add it too late in the file, or it will take no effect):

define(‘ALTERNATE_WP_CRON’, true);

Added to the file, nothing has changed. The Croncontrol plugin shows a banner at the top saying: “The ALTERNATE_WP_CRON constant is set to true.”. The site health doesnt show the Cron error anymore, only the loopback error.

For record here is the config file and you can see the placement.

<?php

define(‘DB_NAME’, ‘nplh_us’);

define(‘DB_USER’, ‘nplhus’);

define(‘DB_PASSWORD’, ‘C3*apz6f’);

define(‘DB_HOST’, ‘time.nplh.us’);

define(‘DB_CHARSET’, ‘utf8mb4’);

define(‘DB_COLLATE’, ”);

define(‘ALTERNATE_WP_CRON’, true);

define(‘AUTH_KEY’, ‘9j/q(p|R|_DG!87C/:-I/v|x-Z9xVe>c_f@7{UhWh/a:Bq(;=8gMMB^$TMkD@j’);

define(‘SECURE_AUTH_KEY’, ‘*NqAaIf/ zi1|^ad.K{GV>}[ycL&`I1^-hL<@X8|Pds~EBi3@hAaRiR|rF(8-!GY’);

define(‘LOGGED_IN_KEY’, ‘EuA2&(2t@E#@SpS)}R76XL~T:?775t!3y9+bMin(s0>#+xy9x|05ShGIp2TuGN]e’);
define(‘NONCE_KEY’, ‘Ctfv9G ~|tVC+-m17j@;Yu^ZGe, 8B OJ*}U`.P|Ku+vCljxi]K%i!]q|Uz[@x’);

define(‘AUTH_SALT’, ‘6Fb=bu;kZ&kJ3H~ZgufLp]j{#(~_z+8sxkc0lgoWl[^|g9_l?ktd00O?0%9G^M’);

define(‘SECURE_AUTH_SALT’, ‘ |+QR8/9O1|zJ@+%l^M gMNvxiCEA:({<}*:S@$n<oVyhO3r,Up.uk-t*_niP&sE’);

define(‘LOGGED_IN_SALT’, ‘!% ui{a6J~4Qd<r3N]Nd-CEFo5) .gg)2.+hJ@gF0nrj}Vm%c)WW06r<S:t#)FH1’);

define(‘NONCE_SALT’, ‘/(6+C@;u7e0Q&+uRx*k*AEfp,FM|p!o563%2CCdZm[w`4;HJE{:{+Z+ZGdW0N<?A’);

$table_prefix = ‘wp_’;

define(‘WP_POST_REVISIONS’, 10);

define(‘WP_DEBUG’, false);

if (preg_match(“/^(.*)\.dream\.website$/”, $_SERVER[‘HTTP_HOST’])) {
$proto = (!empty($_SERVER[‘HTTPS’]) && $_SERVER[‘HTTPS’] !== ‘off’) ? “https” : “http”;
define(‘WP_SITEURL’, $proto . ‘://’ . $_SERVER[‘HTTP_HOST’]);
define(‘WP_HOME’, $proto . ‘://’ . $_SERVER[‘HTTP_HOST’]);
}

define( ‘WP_CACHE’, true ); // Added by WP Rocket

if ( !defined(‘ABSPATH’) )
define(‘ABSPATH’, dirname(__FILE__) . ‘/’);

require_once(ABSPATH . ‘wp-settings.php’);

define(‘CUSMIN_SCRIPT_TYPE’, ‘url’);

define(‘DISALLOW_FILE_EDIT’, false);

• This reply was modified 3 years, 5 months ago by jessenoplace.
• This reply was modified 3 years, 5 months ago by jessenoplace.
• This reply was modified 3 years, 5 months ago by jessenoplace.

Who is your hosting with?, can you ask them if loop back connections are enabled?

Was posted in OP, Dreamhost and yes they allow it… They have been working on this too. Nothing on their end is preventing this from working, they can see it going on and are not blocking anything related to it. As they mentioned before something in WP is the issue.

Dreamhost has finished testing and has isolated it to something in the htaccess file. Here is the current file. If there is a better way to show you please let me know…

# BEGIN All In One WP Security
#AIOWPS_BLOCK_WP_FILE_ACCESS_START
<Files license.txt>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
<Files wp-config-sample.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
<Files readme.html>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
#AIOWPS_BLOCK_WP_FILE_ACCESS_END
#AIOWPS_BASIC_HTACCESS_RULES_START
<Files .htaccess>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
ServerSignature Off
LimitRequestBody 10485760
<Files wp-config.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
#AIOWPS_BASIC_HTACCESS_RULES_END
#AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_START
<Files debug.log>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
#AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_END
#AIOWPS_DISABLE_INDEX_VIEWS_START
Options -Indexes
#AIOWPS_DISABLE_INDEX_VIEWS_END
#AIOWPS_DISABLE_TRACE_TRACK_START
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</IfModule>
#AIOWPS_DISABLE_TRACE_TRACK_END
#AIOWPS_FORBID_PROXY_COMMENTS_START
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^POST
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_HOST} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule wp-comments-post\.php - [F]
</IfModule>
#AIOWPS_FORBID_PROXY_COMMENTS_END
#AIOWPS_DENY_BAD_QUERY_STRINGS_START
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ftp:     [NC,OR]
RewriteCond %{QUERY_STRING} http:    [NC,OR]
RewriteCond %{QUERY_STRING} https:   [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(request|insert|union|declare|drop) [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
#AIOWPS_DENY_BAD_QUERY_STRINGS_END
#AIOWPS_ADVANCED_CHAR_STRING_FILTER_START
<IfModule mod_alias.c>
RedirectMatch 403 \,
RedirectMatch 403 \:
RedirectMatch 403 \;
RedirectMatch 403 \=
RedirectMatch 403 \[
RedirectMatch 403 \]
RedirectMatch 403 \^
RedirectMatch 403 \

RedirectMatch 403 \{
RedirectMatch 403 \}
RedirectMatch 403 \~
RedirectMatch 403 \”
RedirectMatch 403 \$
RedirectMatch 403 \<
RedirectMatch 403 \>
RedirectMatch 403 \|
RedirectMatch 403 \.\.
RedirectMatch 403 \%0
RedirectMatch 403 \%A
RedirectMatch 403 \%B
RedirectMatch 403 \%C
RedirectMatch 403 \%D
RedirectMatch 403 \%E
RedirectMatch 403 \%F
RedirectMatch 403 \%22
RedirectMatch 403 \%27
RedirectMatch 403 \%28
RedirectMatch 403 \%29
RedirectMatch 403 \%3C
RedirectMatch 403 \%3E
RedirectMatch 403 \%3F
RedirectMatch 403 \%5B
RedirectMatch 403 \%5C
RedirectMatch 403 \%5D
RedirectMatch 403 \%7B
RedirectMatch 403 \%7C
RedirectMatch 403 \%7D
# COMMON PATTERNS
Redirectmatch 403 \_vpi
RedirectMatch 403 \.inc
Redirectmatch 403 xAou6
Redirectmatch 403 db\_name
Redirectmatch 403 select\(
Redirectmatch 403 convert\(
Redirectmatch 403 \/query\/
RedirectMatch 403 ImpEvData
Redirectmatch 403 \.XMLHTTP
Redirectmatch 403 proxydeny
RedirectMatch 403 function\.
Redirectmatch 403 remoteFile
Redirectmatch 403 servername
Redirectmatch 403 \&rptmode\=
Redirectmatch 403 sys\_cpanel
RedirectMatch 403 db\_connect
RedirectMatch 403 doeditconfig
RedirectMatch 403 check\_proxy
Redirectmatch 403 system\_user
Redirectmatch 403 \/\(null\)\/
Redirectmatch 403 clientrequest
Redirectmatch 403 option\_value
RedirectMatch 403 ref\.outcontrol
# SPECIFIC EXPLOITS
RedirectMatch 403 errors\.
RedirectMatch 403 config\.
RedirectMatch 403 include\.
RedirectMatch 403 display\.
RedirectMatch 403 register\.
Redirectmatch 403 password\.
RedirectMatch 403 maincore\.
RedirectMatch 403 authorize\.
Redirectmatch 403 macromates\.
RedirectMatch 403 head\_auth\.
RedirectMatch 403 submit\_links\.
RedirectMatch 403 change\_action\.
Redirectmatch 403 com\_facileforms\/
RedirectMatch 403 admin\_db\_utilities\.
RedirectMatch 403 admin\.webring\.docs\.
Redirectmatch 403 Table\/Latest\/index\.
</IfModule>
#AIOWPS_ADVANCED_CHAR_STRING_FILTER_END
#AIOWPS_SIX_G_BLACKLIST_START
# 6G FIREWALL/BLACKLIST
# @ https://perishablepress.com/6g/

# 6G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
RewriteCond %{QUERY_STRING} (‘|\”)(.*)(drop|insert|md5|select|union) [NC]
RewriteRule .* – [F]
</IfModule>

# 6G:[REQUEST METHOD]
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC]
RewriteRule .* – [F]
</IfModule>

# 6G:[REFERRERS]
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000,}) [NC,OR]
RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
RewriteRule .* – [F]
</IfModule>

# 6G:[REQUEST STRINGS]
<IfModule mod_alias.c>
RedirectMatch 403 (?i)([a-z0-9]{2000,})
RedirectMatch 403 (?i)(https?|ftp|php):/
RedirectMatch 403 (?i)(base64_encode)(.*)(\()
RedirectMatch 403 (?i)(=\’|=\%27|/\’/?)\.
RedirectMatch 403 (?i)/(\$(\&)?|\*|\”|\.|,|&|&?)/?$
RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\”\\”)
RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\|\s|\{|\}|\[|\]|\|)
RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack)
RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php
</IfModule>

# 6G:[USER AGENTS]
<IfModule mod_setenvif.c>
SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot
SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot

# Apache < 2.3
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
#AIOWPS_IP_BLACKLIST_2_3_START
Deny from 116.203.0.0/16
Deny from 121.243.0.0/16
Deny from 161.0.0.0/16
Deny from 161.10.0.0/16
Deny from 187.76.0.0/16
Deny from 197.46.0.0/16
Deny from 202.138.0.0/16
Deny from 25.225.0.0/16
Deny from 34.139.0.0/16
Deny from 34.86.0.0/16
Deny from 35.224.0.0/16
#AIOWPS_IP_BLACKLIST_2_3_END

</IfModule>

# Apache >= 2.3
<IfModule mod_authz_core.c>
<RequireAll>
Require all Granted
Require not env bad_bot
#AIOWPS_IP_BLACKLIST_2_4_START
Require not ip 116.203.0.0/16
Require not ip 121.243.0.0/16
Require not ip 161.0.0.0/16
Require not ip 161.10.0.0/16
Require not ip 187.76.0.0/16
Require not ip 197.46.0.0/16
Require not ip 202.138.0.0/16
Require not ip 25.225.0.0/16
Require not ip 34.139.0.0/16
Require not ip 34.86.0.0/16
Require not ip 35.224.0.0/16
#AIOWPS_IP_BLACKLIST_2_4_END

</RequireAll>
</IfModule>
</IfModule>
#AIOWPS_SIX_G_BLACKLIST_END
# END All In One WP Security

# BEGIN WP Rocket v3.10.1
# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset UTF-8
# Force UTF-8 for a number of file formats
<IfModule mod_mime.c>
AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml
</IfModule>

# FileETag None is not enough for every server.
<IfModule mod_headers.c>
Header unset ETag
</IfModule>

# Since we’re sending far-future expires, we don’t need ETags for static content.
# developer.yahoo.com/performance/rules.html#etags
FileETag None

<IfModule mod_alias.c>
<FilesMatch “\.(html|htm|rtf|rtx|txt|xsd|xsl|xml)$”>
<IfModule mod_headers.c>
Header set X-Powered-By “WP Rocket/3.10.1”
Header unset Pragma
Header append Cache-Control “public”
Header unset Last-Modified
</IfModule>
</FilesMatch>

<FilesMatch “\.(css|htc|js|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$”>
<IfModule mod_headers.c>
Header unset Pragma
Header append Cache-Control “public”
</IfModule>
</FilesMatch>
</IfModule>

<IfModule mod_mime.c>
AddType image/avif avif
AddType image/avif-sequence avifs
</IfModule>
# Expires headers (for better cache control)
<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault “access plus 1 month”
# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
ExpiresByType text/cache-manifest “access plus 0 seconds”
# Your document html
ExpiresByType text/html “access plus 0 seconds”
# Data
ExpiresByType text/xml “access plus 0 seconds”
ExpiresByType application/xml “access plus 0 seconds”
ExpiresByType application/json “access plus 0 seconds”
# Feed
ExpiresByType application/rss+xml “access plus 1 hour”
ExpiresByType application/atom+xml “access plus 1 hour”
# Favicon (cannot be renamed)
ExpiresByType image/x-icon “access plus 1 week”
# Media: images, video, audio
ExpiresByType image/gif “access plus 4 months”
ExpiresByType image/png “access plus 4 months”
ExpiresByType image/jpeg “access plus 4 months”
ExpiresByType image/webp “access plus 4 months”
ExpiresByType video/ogg “access plus 4 months”
ExpiresByType audio/ogg “access plus 4 months”
ExpiresByType video/mp4 “access plus 4 months”
ExpiresByType video/webm “access plus 4 months”
ExpiresByType image/avif “access plus 4 months”
ExpiresByType image/avif-sequence “access plus 4 months”
# HTC files (css3pie)
ExpiresByType text/x-component “access plus 1 month”
# Webfonts
ExpiresByType font/ttf “access plus 4 months”
ExpiresByType font/otf “access plus 4 months”
ExpiresByType font/woff “access plus 4 months”
ExpiresByType font/woff2 “access plus 4 months”
ExpiresByType image/svg+xml “access plus 1 month”
ExpiresByType application/vnd.ms-fontobject “access plus 1 month”
# CSS and JavaScript
ExpiresByType text/css “access plus 1 year”
ExpiresByType application/javascript “access plus 1 year”
</IfModule>
# Gzip compression
<IfModule mod_deflate.c>
# Active compression
SetOutputFilter DEFLATE
# Force deflate for mangled headers
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding “gzip,deflate” env=HAVE_Accept-Encoding
# Don’t compress images and other uncompressible content
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary
</IfModule>
</IfModule>

# Compress all output labeled with one of the following MIME-types
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE application/atom+xml \
application/javascript \
application/json \
application/rss+xml \
application/vnd.ms-fontobject \
application/x-font-ttf \
application/xhtml+xml \
application/xml \
font/opentype \
image/svg+xml \
image/x-icon \
text/css \
text/html \
text/plain \
text/x-component \
text/xml
</IfModule>
<IfModule mod_headers.c>
Header append Vary: Accept-Encoding
</IfModule>
</IfModule>

# END WP Rocket

<ifModule mod_headers.c>
Header always set Content-Security-Policy “upgrade-insecure-requests;”
</IfModule>

# BEGIN WordPress
# The directives (lines) between “BEGIN WordPress” and “END WordPress” are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Options -Indexes`

• This reply was modified 3 years, 5 months ago by Steven Stern (sterndata).

I have tried to recreate the issue on my site but have been unable to do so with the All in one settings.
There are a few plugins creating various rules in your .htaccess.
Can you try deactivating all of your other plugins to see if there is a conflict?
If after deactivating your plugins the problems goes away, can you reactivate your plugins one by one until you find the offending one?
If this doesn’t find the cause of the issue, could you ask your hosts for your php error logs?