ellmann creative

Yeah, we already reached out to them, as it’s clear that this is something only they can help with.

Thank you for your time.

The output was empty, so I modified it:

<?php

ini_set('display_errors', 1);
error_reporting(E_ALL);

echo ">> Create object\n";
$redis = new Redis;

echo ">> Connect\n";
$redis->connect('127.0.0.1', 6379);

echo ">> Auth\n";
$redis->auth( 'MY_PASSWORD' );

echo ">> Ping\n";
var_dump($redis->ping());

echo ">> Complete\n";

Output is:

>> Create object
>> Connect

Fatal error: Uncaught RedisException: Connection refused in /test-redis.php:10
Stack trace:
#0 /test-redis.php(10): Redis->connect('127.0.0.1', 6379)
#1 {main}
  thrown in /test-redis.php on line 10

… so it looks like you’re, sadly, right.

I can confirm that my dashboard shows a connection to 127.0.0.1:6379, it says that it’s connected, and there’s a pretty graph (which I don’t understand) after a few moments.

I’ve managed to debug the wp-cli issue. Here’s the output of that command (note: I have sanitised the paths):

$ php ~/wp-cli.phar redis status
RedisException: Connection refused in /path/to/website/public-default/wp-content/object-cache.php:631
Stack trace:
#0 /path/to/website/public-default/wp-content/object-cache.php(631): Redis->connect('127.0.0.1', '6379', 1, NULL, NULL, 1)
#1 /path/to/website/public-default/wp-content/object-cache.php(480): WP_Object_Cache->connect_using_phpredis(Array)
#2 /path/to/website/public-default/wp-content/object-cache.php(173): WP_Object_Cache->__construct(true)
#3 /path/to/website/public-default/wp-includes/load.php(701): wp_cache_init()
#4 /path/to/website/public-default/wp-settings.php(131): wp_start_object_cache()
#5 phar:///wp-cli.phar/vendor/wp-cli/wp-cli/php/WP_CLI/Runner.php(1271): require('/path/to...')
#6 phar:///wp-cli.phar/vendor/wp-cli/wp-cli/php/WP_CLI/Runner.php(1192): WP_CLI\Runner->load_wordpress()
#7 phar:///wp-cli.phar/vendor/wp-cli/wp-cli/php/WP_CLI/Bootstrap/LaunchRunner.php(23): WP_CLI\Runner->start()
#8 phar:///wp-cli.phar/vendor/wp-cli/wp-cli/php/bootstrap.php(77): WP_CLI\Bootstrap\LaunchRunner->process(Object(WP_CLI\Bootstrap\BootstrapState))
#9 phar:///wp-cli.phar/vendor/wp-cli/wp-cli/php/wp-cli.php(27): WP_CLI\bootstrap()
#10 phar:///wp-cli.phar/php/boot-phar.php(11): include('phar:///path/to...')
#11 /wp-cli.phar(4): include('phar:///path/to...')
#12 {main}
Status: Not connected
Client: PhpRedis (v5.2.2)
Drop-in: Valid
Disabled: No
Ping:
Connection Exception: Connection refused (RedisException)
Errors: [
    "Connection refused"
]
PhpRedis: 5.2.2
Predis: Not loaded
Credis: Not loaded
PHP Version: 7.4.19
Plugin Version: 2.0.18
Redis Version: Unknown
Multisite: No
Filesystem: Working
Global Prefix: "wp_"
Blog Prefix: "wp_"
WP_REDIS_HOST: "127.0.0.1"
WP_REDIS_PORT: "6379"
WP_REDIS_PASSWORD: ????????
Global Groups: [
    "blog-details",
    "blog-id-cache",
    "blog-lookup",
    "global-posts",
    "networks",
    "rss",
    "sites",
    "site-details",
    "site-lookup",
    "site-options",
    "site-transient",
    "users",
    "useremail",
    "userlogins",
    "usermeta",
    "user_meta",
    "userslugs",
    "redis-cache"
]
Ignored Groups: [
    "counts",
    "plugins",
    "themes",
    "blog-details",
    "blog-id-cache",
    "blog-lookup",
    "global-posts",
    "networks",
    "rss",
    "sites",
    "site-details",
    "site-lookup",
    "site-options",
    "site-transient",
    "users",
    "useremail",
    "userlogins",
    "usermeta",
    "user_meta",
    "userslugs",
    "redis-cache",
    "blog_meta",
    "wordfence",
    "wordfence-ls"
]
Unflushable Groups: []
Drop-ins: [
    "Redis Object Cache Drop-In v2.0.18 by Till Krüss"
]

• This reply was modified 3 years, 6 months ago by ellmann creative.
• This reply was modified 3 years, 6 months ago by Yui.

Okay. It seems wp-cli doesn’t like the fact that I have wp-config.php actually reference the configuration somewhere else (there’s a require_once directive that points to the actual wp-config.php file). The error I’m getting is

Error: Strange wp-config.php file: wp-settings.php is not loaded directly.

Anything else I can try?

• This reply was modified 3 years, 6 months ago by ellmann creative.

How would I go about doing that? I mean, CLI execution has its own settings, does it not? I have no clue how to extract that information.

Do let us know if you address it, because we’re disabling the plugin for now (as it’s failing WP cron for us).

As for the stack trace, I am unable to provide more of it. The messages I receive are clipped, and they don’t go into the website’s normal error log. I can confirm that the process does include my wp-config.php file (which has the required configuration parameters), but that’s all.

I would suggest the REDIS cache perhaps should not be used during any wp-cron-related activities. Perhaps it can detect this and skip execution entirely?

Nevermind — problem found.

My FTP client was ignoring the /thumbs directory when listing files…

Closing.

For the record, while adding a rule to prevent emails being sent to spam does indeed work, I still get a big, fat grey banner about how this message isn’t in spam because I specifically added a rule for it.

Just wanted you to know that your email messages, when not coming from a rock-solid trusted source, are considered “spammy” by Google. And to be honest, I can kinda see why — HTML-only content, no content boundaries, and it claims to be related to WordPress/has wp-admin links… it sure looks like spam and/or phishing on paper. Service providers have flagged ‘spam’ for less in the past.

Just letting you know, so that you could perhaps look into how to possibly improve upon this, instead of hiding behind “we’re not responsible for Google”. I doubt you can eliminate the problem, but perhaps you could alleviate it? Maybe adding a text-only component to the e-mails would be enough to drop the detection rates just below the spam threshold?

Sure thing.

Alternatively, you could add fields for “soft redirect” or “javascript redirect” to another URL, if you feel that allowing JavaScript outright could be a security issue. Something like Redirect to url: and Timeout in seconds: would probably work just as well.

Would it be possible to request this functionality? Perhaps a second field that would take JS code, and wrap it in <script> tags?

Here’re another two:

X-Spam-Flag: NO
X-Spam-Score: 1.875
X-Spam-Level: *
X-Spam-Status: No, score=1.875 tagged_above=-10 tests=[ALL_TRUSTED=-1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HK_RANDOM_ENVFROM=0.626, NAC_869=1, NAC_REMOVAL=1] autolearn=disabled

X-Spam-Flag: NO
X-Spam-Score: 1.986
X-Spam-Level: *
X-Spam-Status: No, score=1.986 tagged_above=-10 tests=[ALL_TRUSTED=-1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HK_RANDOM_ENVFROM=0.626, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, NAC_869=1, NAC_REMOVAL=1, T_REMOTE_IMAGE=0.01] autolearn=disabled

Unfortunately I’ve no clue what NAC or NAC_REMOVAL is, because all searches lead me to N-Acetylcysteine and nipple-sparing breast cancer removal…

Also note: these are set as “X-Spam-Flag: NO” but they still end up in GMail’s “Spam” folder.

So, on messages that get classed as spam, we’re seeing this:

score=7.409 tagged_above=-10 tests=[ALL_TRUSTED=-1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HK_RANDOM_ENVFROM=0.626, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635, MIME_HTML_ONLY=0.1, NAC_869=1, NAC_REMOVAL=1, TO_NO_BRKTS_HTML_ONLY=1.999, URI_WPADMIN=2.799] autolearn=disabled

That seems like a pretty high result, and the fact that it’s being tagged as “multiple domains” is a direct result of sending via PHPMailer/mail() instead of having a designated account for it (it then goes through the system with two e-mails — one being wordfence@, the other being the mail for our hosting’s account).

Seems that it coming from WP-ADMIN and being HTML_ONLY are also major contributors here.

Wait, wait, wait…

This needs investigation, but we haven’t set all installations with Post SMTP. I would need to check if the alerts that’re classed as “spam” are perhaps all coming from the installations where we have NOT done that… Additionally, wherever we’ve set Post SMTP, Wordfence is correctly using that configured e-mail and, from what I recall, those seem to be fine…

Please stand by as I investigate this over the next few days.

• This reply was modified 3 years, 8 months ago by ellmann creative.