"Fatal error" showing database name & password…

Hi Roberto666

This is not really caused by Centrora, the error shows up becasue the PHP configuration ‘display_errors’ is set to ON in the php configuraiton, and also, the PDO class show all errors (which is by default the PHP PDO setting). To resolve it, first please change the php configuration display_errors = OFF, this way, if there is error when running the application, the error will NOT show up.

to do this, please either change it in your php.ini:

display_errors = off

or add the following to your .htaccess if your PHP is running as a PHP module

php_flag display_errors off

We will add a hardcode to disable the display_errors as well for all website in the next release.

Also, we will investigate why you will have the ‘Too many connections’ errors as well.

Hi Roberto666

We also added codes to force the display_errors to OFF in our codes for all websites using Centrora Security to ensure that, even if your PHP has set the display_errors to ON, we will override it and force it to OFF so the error will not show up to your visitors.

To resolve the database connection issues, please try to increase the maximum database connection to your mysql configuraiton file, e.g.

please increase the max_connections in your mysql.conf file. This will help sorting out the connections issues.

Hope this helps. ??

Hi Roberto666

BTW, the codes to force display_errors to OFF for all websites even if your website has configured it to ON, is added in vesion 4.3.4. Please update Centrora Security plugin.

One last thing is, the checking of display_errors is in the Secuirty Audit seciton of the plugin, e..g

/wp-admin/admin.php?page=ose_fw_audit

At the bottom of the page, there is a section called ‘System Security Audit’ that checks if the display_errors is turned on, and if so, we will show a warning messages, Please enure all options are green in that section to enhance security.

Thank you for your quick answer.

I changed the php.ini by myself but it wasn’t changable throught the Centrora panel (it just told me to change the php.ini file by myself…). But, even after changing the php.ini, the Centrora panel still tell me that “setting display_errors is ON”, even if now, it is desactivated with the php.ini. Normal?

About the too many connections, unfortunatly I don’t have access to the mysql configuration file…
I hope this won’t happen again, I was a bit scared when seing my personal DB connection informations shown publicly… I still think this should not have happened with a default configuration, the damages could habe been very serious.

Anyway, thank you for your quick and detailled answer, appreciated. I’ll tell you if anything happens.

Regards.

Hi Roberto666

Thank you for your feedback, for the php.ini, if you need our help, please send a ticket to our support desk here so we can take a look and see if we can help:

https://www.centrora.com/support/scp

For the error messages in PDO, if the display error is on and the php configuration has set the error to be shown as stack, all the error messages will show up, so in our last release, we force the display_errors to be off when running Centrora. If after changing this it still shows ON in the audit page, it needs to change in the php,ini, which is the most common way to change the PHP setting.

Please feel free to send us a ticket so we can help you resolve it and ensure the errors will not show up your visitors in the future, which is, indeed, a serious risk.

Issue resolved by disabling display errors in php.ini, and also in the plugin it forces this to be disabled.