Fatal error activating the plugin

  • After several fatal errors in file scanning and seeing that there was no way to fix it, I decided to uninstall the plugin and reinstall it.

    At that time, the plugin does not allow to activate it again due to fatal error.

    Fatal error: Uncaught Error: Call to undefined function iThemesSecurity\Encryption\sodium_crypto_aead_xchacha20poly1305_ietf_encrypt() in **************************wp-content/plugins/better-wp-security/core/lib/encryption/User_Encryption_Sodium.php:54 Stack trace: #0 **************************wp-content/plugins/better-wp-security/core/lib/class-itsec-lib-encryption.php(346): iThemesSecurity\Encryption\User_Encryption_Sodium->encrypt('test-string', 0) #1 **************************wp-content/plugins/better-wp-security/core/lib/class-itsec-lib-encryption.php(130): ITSEC_Lib_Encryption::set_test_string('MSluO2YpfDQ/e0E...') #2 **************************wp-content/plugins/better-wp-security/core/setup.php(148): ITSEC_Lib_Encryption::save_secret_key('MSluO2YpfDQ/e0E...') #3 **************************wp-content/plugins/better-wp-security/core/setup.php(21): ITSEC_Setup::setup_plugin_data() #4 **************************wp-content/plugins/better-wp-security/core/core.php(592): ITSEC_Setup::handle_activation() #5 **************************wp-includes/class-wp-hook.php(307): ITSEC_Core::handle_activation('') #6 **************************wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters('', Array) #7 **************************wp-includes/plugin.php(476): WP_Hook->do_action(Array) #8 **************************wp-admin/plugins.php(194): do_action('activate_better...') #9 {main} thrown in **************************wp-content/plugins/better-wp-security/core/lib/encryption/User_Encryption_Sodium.php on line 54

Viewing 15 replies - 1 through 15 (of 24 total)

  • Hi NIMBADA,

    The sodium_crypto_aead_xchacha20poly1305_ietf_encrypt() function is a PHP function that only exists in PHP >= 7.2.0 or PHP 8.

    According to the iTSec plugin 8.1.3 Changelog:

    Important: iThemes Security now requires PHP 7.3 and WordPress 5.9 or later.

    What PHP version is the site running on?

    On activation the plugin actually checks the PHP version being used. So you should not run into any fatal errors when the PHP version requirement is not met.

    +++++ To prevent any confusion, I’m not iThemes +++++

    • This reply was modified 2 years, 1 month ago by nlpro.
    • This reply was modified 2 years, 1 month ago by nlpro.
    Thread Starter NIMBADA.

    (@borjamerino)

    Hi!

    In PHP we are using PHP 8.0.23 and WordPress latest version.

    Previously we were using 7.4.30 PHP on both of them, it throws the same error. The same thing happens in both versions.

    Ok, it could be the sodium extension is not configured in your PHP env.

    It appears that meeting the iTSec plugin PHP version requirement is no guarantee the sodium extension is available.

    So to prevent any sodium related fatal errors the iTSec plugin should probably also check for the PHP sodium extension to be available.

    • This reply was modified 2 years, 1 month ago by nlpro.

    @chandelierr

    Can you confirm that the iTSec 8.1.3 release will automatically attempt to add the ITSEC_ENCRYPTION_KEY constant to the wp-config.php file upon plugin activation ?

    It looks like this may result in a fatal error when the PHP version requirements are met but the sodium PHP extension is not available/loaded.

    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @borjamerino, thank you for reaching out. I have relayed this issue to our developers and will get back to you as soon as I receive feedback.

    @nlpro updating to 8.1.3 won’t automatically add the ITSEC_ENCRYPTION_KEY to the wp-config.php file unless the user runs the Setup Encryption Key tool.

    Plugin Support chandelierrr

    (@shanedelierrr)

    @borjamerino would you please provide the ff details for the report?
    – Browser
    – PHP Version
    – WordPress Version
    – Plugin Version

    Thread Starter NIMBADA.

    (@borjamerino)

    Thank you very much for your help. I tried to install it in several ways, in the two indicated PHP versions, and the result was the same. I can’t activate the plugin.

    – Browser: Google Chrome 106.0.5249.119
    – PHP Version: 7.4.30 and 8.0.23
    – WordPress Version: 6.0.2
    – Plugin Version: Last version

    @shanedelierrr

    updating to 8.1.3 won’t automatically add the ITSEC_ENCRYPTION_KEY to the wp-config.php file unless the user runs the Setup Encryption Key tool.

    It sure does on activation of a new (non update) iTSec 8.1.3 plugin install.

    • This reply was modified 2 years, 1 month ago by nlpro.
    • This reply was modified 2 years, 1 month ago by nlpro.
    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @borjamerino, would you please reach out to [email protected] and mention my username, as we would like to get your Site Health Info for this issue?

    Thread Starter NIMBADA.

    (@borjamerino)

    @shanedelierrr Thank you very much, I just sent an email.

    Thread Starter NIMBADA.

    (@borjamerino)

    HI @shanedelierrr

    The response received by email is confusing. It seems they haven’t bothered to read what’s going on.

    Hi,

    You can temporarily disable Security Pro’s features by adding the code below to your wp-config.php file above the “That’s all, stop editing! Happy blogging.” comment. Note you’ll need to remove it to re-enable the features of Security Pro.

    define(‘ITSEC_DISABLE_MODULES’, true);

    If entering that code does not allow you to log in then the Security plugin will not be the cause of the lockout. If you need assistance entering the code above you can see how to edit the wp-config.php file in this article.

    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @borjamerino, thanks for the update. I’ve re-assigned your ticket and replied there.

    Hi NIMBADA,

    It seems WordPress includes a sodium_compat library which kicks in when the PHP sodium extension is not available.

    Assuming you don’t have the PHP sodium extension available, sodium_compat should prevent the fatal error from happening.

    Oh by the way, using the PHP sodium extension is preferred due to performance.

    Anyway, if you make any progress in solving this issue, the community would very much like to hear about it ??

    Thread Starter NIMBADA.

    (@borjamerino)

    After the first investigations with the Ithemes support, I have this as a novelty:

    extension: yes
sodium_crypto_box: yes
sodium_crypto_box_details: internal
compat_loaded: no
sodium_crypto_aead_xchacha20poly1305_ietf_encrypt: no

sodium support	enabled
sodium compiled version	2.0.23
libsodium headers version	1.0.11
libsodium library version	1.0.11

    I am not sure if everything that should be active is active.

    For now I do not have a response from support, as soon as I know something more, do not doubt that I will share it.

    Thank you very much!

    • This reply was modified 2 years, 1 month ago by NIMBADA..
    Plugin Author Timothy Jacobs

    (@timothyblynjacobs)

    Hi @borjamerino,

    As @nlpro mentioned, WordPress does include the sodium_compat library which should ensure that the needed PHP functions are always defined. However, the compatibilty library isn’t always loaded which is causing this fatal error.

    We’ve opened a Core Trac ticket to fix this issue. However, we’ll also be updating iThemes Security to account for this scenario in the next update.

    In the meantime, you can also reach out to your hosting provider and ask them to update the libsodium library to the latest version. v1.0.11, what you have installed, is many years outdated.

Viewing 15 replies - 1 through 15 (of 24 total)
  • The topic ‘Fatal error activating the plugin’ is closed to new replies.