Jili88 casino Login register Philippines download.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved ionainteractive
(@ionainteractive)

2 years, 10 months ago
We’ve encountered a problem with the Wordfence plugin in a medium-sized multi-site installation. Our admins are not able to manage site users because memory is exhausted and a fatal error thrown when simply clicking to the WordPress “Manage Users” page.

It doesn’t matter how high the memory limit we set, the page will eventually timeout when trying to list users who manage several sites in the network because of something that’s happening in the “2FA Status” column that your plugin adds to the list table.

Through debugging, we’ve tracked the culprit down to your Controller_Permissions::get_all_roles method. The ostensible purpose of this method is to retrieve the super-set of roles for a user. (It’s called by Contoller_Users::does_user_role_require_2fa to determine whether these roles require 2FA.) The problem with the approach here seems to be that your methodology which calls “switch_to_blog”, “new \WP_User”, and “restore_current_blog” repeatedly is causing some sort of memory leak or is otherwise too inefficient a way to calculate its result.

May we propose revisiting this method to do something much faster and more direct, e.g. querying all the values in the usermeta table matching “%_capabilities” or cycling through the get_blogs_of_user blog IDs to fetch the roles directly from the usermeta table?

Here’s an example that is working great for us:
```
foreach (get_blogs_of_user($user->ID) as $id => $blog) {
	$blog_roles_meta_key = $wpdb->get_blog_prefix($id) . "capabilities";
	$blog_roles = maybe_unserialize($wpdb->get_var("
		SELECT meta_value
		FROM {$wpdb->usermeta}
		WHERE user_id = '{$user->ID}'
		AND meta_key = '$blog_roles_meta_key'
	"));
	if (is_array($blog_roles))
		$roles = array_merge($roles, array_keys($blog_roles));
}
```

Viewing 1 replies (of 1 total)

Plugin Support wfpeter
(@wfpeter)

2 years, 9 months ago

Hi @ionainteractivem, thanks for getting in touch and providing a lot of detail.

When you say “medium-sized” multi-site, how many sites does a single user belong to? Also, how high did you set the memory limit during your testing? It’d just be good to know that information for our replication/troubleshooting work. It’s great news that you have a solution working in the mean time though so thank-you for sharing.

We have tested on a fairly large multi-site installation, so feel that memory should be increased enough to handle it, unless memory is increasing constantly due to an issue with a loop but this isn’t immediately apparent to us in our tests.

switch_to_blog and restore_current_blog invoke the switch_blog hook. It is possible something outside of Wordfence is handling that hook and introducing problems. It may be hard to reproduce every combination of possible Central installation along with possible effects of other plugins and user roles. However, if you have a fairly consistent list of plugins that appear in most of the sites you manage this may be useful to us. This can be done by sending an example site diagnostic to us, but wanted to check before asking in case all of the sites are very different from each other.

Peter.

Viewing 1 replies (of 1 total)

The topic ‘Login Security module breaks multi-site user management’ is closed to new replies.