Update MySQL for dummies?

How are you hosting your site?

Thank you for asking. A more serious problem has arisen first of all. The aforementioned MySQL errors, which I thought were just appearing on my WP login page are actually public on my homepage!

Any person visiting my site is seeing a string of errors (relating to real world login errors) at the top of the page, quite publicly, revealing delicate private login information.

Please advise how to remove and prevent this or to why it is happening?

As to your question.. A standard wp install hosted on a standard hosting service. What specifically do you need to know?

contact your host about these errors because they probably need to update PHP and the MySQL libraries.

I’ll contact them, but they’ll probably take a while to respond, especially at the weekend. In the meantime have you any idea where/what is generating those publicly visible error messages? Because so long as they’re present they’re a security risk.

1. please post a link to your site.

2. check wp-config.php and see if WP_DEBUG is set to true. If so, change it to false.

I’m reluctant to post a direct link because of the security issue but you can easily find the site by adding dot com to my username.

the WP_DEBUG was already set to false.

there’s nothing really secret or dangerous showing. It appears your theme is making its own datbase connections improperly … ” (using password: NO)” is the key on that.

For now,change your theme to twentysixteen and then contact the support folks for the “motionpicture” theme.

Thanks. I know it’s not too revealing but even having a user name public is compromising. I’ve contacted the theme support in advance and await their reply.

There’s nothing obvious (to me) in the setup.php that the error points to, either.

The errors refer to real login attempts made with an incorrect password, which is perhaps what it chooses to display as NO? So I can account for the connection errors as such, just not these manifestations of the error messages?

Could the following be related? It’s from the wp-login.php

I’m purely going on the ‘filter the error messages displayed above the login form’ bit here, being terribly literal. I assume that code is as expected, but could something be interacting with it strangely?

if ( ! empty( $errors ) ) {
			/**
			 * Filter the error messages displayed above the login form.
			 *
			 * @since 2.1.0
			 *
			 * @param string $errors Login error message.
			 */
			echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n";
		}
		if ( ! empty( $messages ) ) {
			/**
			 * Filter instructional messages displayed above the login form.
			 *
			 * @since 2.5.0
			 *
			 * @param string $messages Login messages.
			 */
			echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n"

The errors refer to real login attempts made with an incorrect password, which is perhaps what it chooses to display as NO

no, it means that your THEME is trying to login to the database (and not using the existing wpdb connection) and is not providing a password.

wp-login.php is irrelevant. The issue is with your theme. Did you try twentysixteen as I suggested?

Not yet. The site is so widget driven etc that I thought it might be more efficient just to take the site down until I receive support, which I’m certain won’t be before monday now if at all (the Obox page is ambiguous).

Also, I kinda can’t because, it turns out, even the wp interface is plagued by these intrusive error messages and the options for themes are obscured.

Until you do, we don’t totally know it’s a theme issue.

Okay, well it’s now running twentysixteen. It’s not much cop with my content but you’ll see that the MySQL errors aren’t there. I guess that means it’s the Motion Picture theme, then?

yup; so check with them at https://themeforest.net/item/motion-picture-responsive-wordpress-video-theme/222214/support

We can’t support premium themes here

I think we agree that the theme is publishing the manifest error codes. But I’m still not sure if the connection attempts are something automated by the theme itself or refer to an actual human action, or if making the distinction helps us find what is actually publishing the errors?

My host support offered the following “at some other location, you are trying to connect to db as main mysql user, and its password appear to have changed.”
This, again, is consistent with an actual thing that happened where a third party was given the wrong password. Perhaps that event is coincidence, but it seems related? Even if that in itself is a separate issue to the theme then publishing the resultant errors.

I don’t know if that helps us? Still waiting on Theme support regardless.

As to the original question of upgrading to MySQLi, my hosts confirmed the understanding that MySQL is outdated and that a change to MySQLi could be expected ‘in the future’ but then deferred me to my web developer to look into resolving the concern. But I am my web developer. So I still need those starter tips?