Website not accessible after update to better-wp-security

Hi @andreasnoll ,

Can you confirm this is happening while using PHP 8.2?

+++ To prevent any confusion, I’m not SolidWP +++

php_version: 8.0.30

WP version: 6.3.2

Thank you for the feedback. Since this issue seems to happen in PHP 8.0, 8.1 and 8.2 at least we can rule out this is a PHP 8.2 compatibility issue.

(PHP 8.2 compatibility was introduced in the 9.0.0 plugin release).

Based on the info provided so far, it seems to be some sort of autoloader issue. Rest assured this will be looked into.

Since I’m not able to reproduce the issue I’ll await feedback from SolidWP.

• This reply was modified 1 year, 5 months ago by nlpro.

Hi there,

I appreciate the information. This has been escalated to the development team, and we are working on replicating and resolving this as soon as possible! I’ll get back to you if I get a significant update from our developers.

Thank you!

Hey folks!

We’re all trickling into the offices around here (we’re distributed all over the world, but a heavy concentration in the US and West coast), but trust me when I say that we are paying attention, and looking for a way to replicate this issue. So far there’s only this handful of users reporting the issue, and with over 100,000 folks having updated over the last 24 hours, we’re still working hard to try and isolate what specifically is causing the problem.

Here’s what we need from y’all, as we try to isolate the problem:

Please add the system info (I’m specifically looking for what other plugins and what theme) for sites that are throwing this error.

Please bear with us as we continue to try and replicate a problem. The first step to resolving it is to be able to reproduce it in a test environment, and so far we haven’t been able to do that.

Configuration for https://no-stop.de:

` wp-core

version: 6.3.2
site_language: de_DE
user_language: de_DE
timezone: Europe/Berlin
permalink: /%postname%/
https_status: true
multisite: false
user_registration: 0
blog_public: 1
default_comment_status: closed
environment_type: production
user_count: 21
dotorg_communication: true wp-paths-sizes

wordpress_path: /www/htdocs/w0178452/no-stop.de
wordpress_size: 16,25 GB (17446194642 bytes)
uploads_path: /www/htdocs/w0178452/no-stop.de/wp-content/uploads
uploads_size: 3,33 GB (3578273722 bytes)
themes_path: /www/htdocs/w0178452/no-stop.de/wp-content/themes
themes_size: 7,23 MB (7579298 bytes)
plugins_path: /www/htdocs/w0178452/no-stop.de/wp-content/plugins
plugins_size: 180,50 MB (189266922 bytes)
database_size: 567,52 MB (595092965 bytes)
total_size: 20,32 GB (21816407549 bytes) wp-dropins (3)

advanced-cache.php: true
db.php: true
object-cache.php: true wp-active-theme

name: Andreas Noll based on Weaver Xtreme (andreas-noll)
version: 1.0
author: Michaela Steidl - WP Bistro
author_website: https://wp-bistro.de/
parent_theme: Weaver Xtreme (weaver-xtreme)
theme_features: core-block-patterns, widgets-block-editor, automatic-feed-links, title-tag, post-thumbnails, customize-selective-refresh-widgets, html5, responsive-embeds, post-formats, wp-block-styles, align-wide, editor-styles, editor-style, dark-editor-style, custom-logo, custom-header, custom-background, menus, infinite-scroll, widgets
theme_path: /www/htdocs/w0178452/no-stop.de/wp-content/themes/andreas-noll
auto_update: Deaktiviert wp-parent-theme

name: Weaver Xtreme (weaver-xtreme)
version: 6.3.0
author: Bruce Wampler
author_website: //weavertheme.com/about
theme_path: /www/htdocs/w0178452/no-stop.de/wp-content/themes/weaver-xtreme
auto_update: Deaktiviert wp-themes-inactive (1)

Twenty Twenty-Three: version: 1.2, author: Das WordPress-Team, Automatische Aktualisierungen deaktiviert wp-mu-plugins (1)

Health Check Troubleshooting Mode: author: (undefined), version: 1.9.1 wp-plugins-active (41)

Add Categories to Pages.: version: 1.2, author: a.ankit, Automatische Aktualisierungen aktiviert
Asset CleanUp: Page Speed Booster: version: 1.3.9.3, author: Gabe Livan, Automatische Aktualisierungen aktiviert
Black Studio TinyMCE Widget: version: 2.7.2, author: Black Studio, Automatische Aktualisierungen aktiviert
Broken Link Checker: version: 2.2.2, author: WPMU DEV, Automatische Aktualisierungen deaktiviert
Category Posts Widget: version: 4.9.15, author: TipTopPress, Automatische Aktualisierungen aktiviert
Classic Editor: version: 1.6.3, author: WordPress Contributors, Automatische Aktualisierungen aktiviert
Classic Widgets: version: 0.3, author: WordPress Contributors, Automatische Aktualisierungen aktiviert
Disable Comments: version: 2.4.5, author: WPDeveloper, Automatische Aktualisierungen aktiviert
Easy Table of Contents: version: 2.0.56.1, author: Magazine3, Automatische Aktualisierungen aktiviert
EWWW Image Optimizer: version: 7.2.1, author: Exactly WWW, Automatische Aktualisierungen aktiviert
Fixed Widget: version: 6.2.3, author: Thomas Maier, Max Bond, Automatische Aktualisierungen aktiviert
Health Check & Troubleshooting: version: 1.7.0, author: The www.remarpro.com community, Automatische Aktualisierungen aktiviert
Hustle: version: 7.8.2, author: WPMU DEV, Automatische Aktualisierungen aktiviert
Ivory Search: version: 5.5.2, author: Ivory Search, Automatische Aktualisierungen aktiviert
jQuery Updater: version: 3.7.1.1, author: Ramoonus, Automatische Aktualisierungen aktiviert
Matomo Analytics - Ethical Stats. Powerful Insights.: version: 4.15.2, author: Matomo, Automatische Aktualisierungen aktiviert
Matomo Marketplace for WordPress: version: 1.0.11, author: Matomo, Automatische Aktualisierungen aktiviert
Media Cleaner: version: 6.6.7, author: Jordy Meow, Automatische Aktualisierungen aktiviert
Page Builder by SiteOrigin: version: 2.26.1, author: SiteOrigin, Automatische Aktualisierungen aktiviert
Page Menu: version: 5.1.4, author: Rohit Kumar, Automatische Aktualisierungen aktiviert
PHP Compatibility Checker: version: 1.6.2, author: WP Engine, Automatische Aktualisierungen aktiviert
Post Types Order: version: 2.1, author: Nsp Code, Automatische Aktualisierungen aktiviert
Redirection: version: 5.3.10, author: John Godley, Automatische Aktualisierungen aktiviert
Remove Google Fonts References: version: 2.6, author: Bruno Xu, Automatische Aktualisierungen aktiviert
Schema & Structured Data for WP & AMP: version: 1.21.1, author: Magazine3, Automatische Aktualisierungen aktiviert
Shortcodes und Snippets für no-stop.de: version: 1.0, author: Michaela Steidl, Automatische Aktualisierungen deaktiviert
SiteOrigin CSS: version: 1.5.8, author: SiteOrigin, Automatische Aktualisierungen aktiviert
SiteOrigin Premium: version: 1.51.0, author: SiteOrigin, Automatische Aktualisierungen deaktiviert
SiteOrigin Widgets Bundle: version: 1.55.1, author: SiteOrigin, Automatische Aktualisierungen aktiviert
Smart Custom 404 error page [404page]: version: 11.4.4, author: Peter Raschendorfer, Automatische Aktualisierungen aktiviert
TablePress: version: 2.1.8, author: Tobias B?thge, Automatische Aktualisierungen aktiviert
The Post Grid: version: 7.2.11, author: RadiusTheme, Automatische Aktualisierungen aktiviert
The Post Grid Pro: version: 7.2.7, author: RadiusTheme, Automatische Aktualisierungen deaktiviert
UpdraftPlus - Backup/Restore: version: 1.23.10, author: UpdraftPlus.Com, DavidAnderson, Automatische Aktualisierungen aktiviert
W3 Total Cache: version: 2.5.0, author: BoldGrid, Automatische Aktualisierungen aktiviert
Weaver Xtreme Plus: version: 6.2, author: Bruce Wampler, Automatische Aktualisierungen deaktiviert
Weaver Xtreme Theme Support: version: 6.3.1, author: wpweaver, Automatische Aktualisierungen aktiviert
WP-Optimize - Clean, Compress, Cache: version: 3.2.20, author: David Anderson, Ruhani Rabin, Team Updraft, Automatische Aktualisierungen aktiviert
Yoast Duplicate Post: version: 4.5, author: Enrico Battocchi & Team Yoast, Automatische Aktualisierungen aktiviert
Yoast SEO: version: 21.4, author: Team Yoast, Automatische Aktualisierungen aktiviert
Yoast Test Helper: version: 1.17, author: Team Yoast, Automatische Aktualisierungen aktiviert wp-plugins-inactive (1)

Solid Security Basic: version: 9.0.0, author: SolidWP, Automatische Aktualisierungen deaktiviert wp-media

image_editor: EWWWIO_Imagick_Editor
imagick_module_version: 1690
imagemagick_version: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org
imagick_version: 3.5.0
file_uploads: File uploads is turned off
post_max_size: 200M
upload_max_filesize: 200M
max_effective_size: 200 MB
max_file_uploads: 20
gd_version: 2.2.5
gd_formats: GIF, JPEG, PNG, WebP, BMP, XPM
ghostscript_version: 9.50 wp-server

server_architecture: Linux 5.4.0-164-generic x86_64
httpd_software: Apache
php_version: 8.0.30 64bit
php_sapi: fpm-fcgi
max_input_variables: 3000
time_limit: 600
memory_limit: 512M
max_input_time: 60
upload_max_filesize: 200M
php_post_max_size: 200M
curl_version: 7.68.0 OpenSSL/1.1.1f
suhosin: false
imagick_availability: true
pretty_permalinks: true
htaccess_extra_rules: true
current: 2023-10-18T14:36:21+00:00
utc-time: Wednesday, 18-Oct-23 14:36:21 UTC
server-time: 2023-10-18T16:36:19+02:00 wp-database

extension: mysqli
server_version: 10.5.22-MariaDB-1:10.5.22+maria~ubu2004-log
client_version: mysqlnd 8.0.30
max_allowed_packet: 67108864
max_connections: 500 wp-constants

WP_HOME: undefined
WP_SITEURL: undefined
WP_CONTENT_DIR: /www/htdocs/w0178452/no-stop.de/wp-content
WP_PLUGIN_DIR: /www/htdocs/w0178452/no-stop.de/wp-content/plugins
WP_MEMORY_LIMIT: 40M
WP_MAX_MEMORY_LIMIT: 512M
WP_DEBUG: false
WP_DEBUG_DISPLAY: true
WP_DEBUG_LOG: false
SCRIPT_DEBUG: false
WP_CACHE: true
CONCATENATE_SCRIPTS: undefined
COMPRESS_SCRIPTS: undefined
COMPRESS_CSS: undefined
WP_ENVIRONMENT_TYPE: Nicht definiert
WP_DEVELOPMENT_MODE: undefined
DB_CHARSET: utf8
DB_COLLATE: undefined wp-filesystem

wordpress: writable
wp-content: writable
uploads: writable
plugins: writable
themes: writable
mu-plugins: writable

@andreasnoll, thank you for that information!

Per our developer, this issue is typically due to new files not being copied over completely during the update. To confirm whether this is the case, please check the following:
– check if the?core/modules/core/User_Query_Extension.php?file is?missing?from your installed Solid Security folder
– check if the?vendor-prod/composer/autoload_classmap.php?file is missing this line:
'iThemesSecurity\\Modules\\Core\\User_Query_Extension' => $baseDir . '/core/modules/core/User_Query_Extension.php',?

If any of them are missing, we’d recommend manually installing a fresh copy of the plugin via FTP to try and resolve the issue. Please follow these steps:

1. Using FTP/SFTP/Hosting File Manager, access your site’s files and go to /wp-content/plugins/.
2. Rename the Solid Security Basic folder to something like “_better-wp-security“.
3. Download the renamed plugin folder as a backup and delete the folder from your site’s files after downloading.
4. Download the latest version of Solid Security Basic here and unzip it.
5. Upload the latest Solid Security Basic plugin in the?/wp-content/plugins/?directory.
6. Once done, you can go to your site’s WordPress Plugins page and activate Solid Security Basic.
7. Lastly, check if the issue persists.

I hope this helps, and please let us know how it goes!

Hey folks!

In talking with our lead developer, we’re still unsure exactly what could cause this error in the wild, but from reading it, it sounds like the core/modules/core/User_Query_Extension.php file is missing for some reason in your installs. Can you check to see if that file is present or not?

If it’s not, you could try uninstalling and deleting the plugin, and reloading it from a fresh ZIP.

If it *is* there, then we need to figure out why your site *thinks* it isn’t. Solid Security calls for that file within the vendor-prod/composer/autoload_classmap.php file, on line 337. So you might check to see if that file has that line (it looks like this)

'iThemesSecurity\\Modules\\Core\\User_Query_Extension' => $baseDir . '/core/modules/core/User_Query_Extension.php',

Like I said, we’re still trying to track it down, and haven’t been able to isolate what specifically is making that file either not be there or *seem* to not be there.

We’ll keep you posted.

Oh, dang. Shane already replied! Oh well, you get it twice. ??

core/modules/core/User_Query_Extension.php
is existing

vendor-prod/composer/autoload_classmap.php
is existing

'iThemesSecurity\\Modules\\Core\\User_Query_Extension' => $baseDir . '/core/modules/core/User_Query_Extension.php',

is the line (might be 337) I found

Shocked to see my error report was identical and that my finding before anyone else’s where taken off here. I respect we have to create a new case but if its the same issue why do we have to repeat ourselves. I can see it isn’t a plugin conflict but something wrong with the way the plugin updates from the old to the new. Others on here seem to be having serious issues after updating as well.

It has really annoyed me that I am trying to support the issue and get a rubbish email to say you have to start your own thread and don’t respond on another even when its the same issue. Mind boggling process when the error was identical and nothing to do with the site setup. If that was the case then your previous plugin wouldn’t have worked as well.

Sad to say I wont be sticking around after this response/action. I was only trying to help due to it being an issue.

Good luck to others getting it sorted. I may come back in the future to see how things are going. Hopefully the support then is not as brutal.

Hi @poppydev,

We genuinely appreciate the time you’ve invested in reporting your findings about this issue, and I understand your frustration about the comment being deleted. The reason why a WP.org support moderator removes it is to ensure that each ticket receives the specific support and attention it needs. While the issue might be similar, individual websites have unique aspects, so it’s best to start a new thread as stated by the forum’s guidelines: I have the same problem! Can I just reply to someone else’s post with “Me too”?

If it isn’t much of a hassle, I’d love to submit your findings to the existing report, and I would encourage you to create a new thread. Please don’t worry, our development team is staying on top of this issue to get this resolved as fast as we can.

Thanks!

• This reply was modified 1 year, 5 months ago by chandelierrr.

Hi @andreasnoll, thank you for looking into the files! I’ll report this to our team. Could you also confirm if FTP-ing a fresh copy of the plugin resolves the error?

Right – so you remove my notes when im trying to be helpful giving you valuable information on all the steps I took to help you… Not professional at all.

Its ok – I’ll find a better product.

Hi @spidrweb, please note a WP.org support moderator removed the comment, but I’m happy to let you know that I’ve already added your findings to the existing report since yesterday. We appreciate the information you forwarded, and we’re working hard to resolve this issue.

Thanks!