Millionairesn

Side note… we usually see the SERVER 500 error, but did see this error once today:

There has been a critical error on this website. Please check your site admin email inbox for instructions.

But no email appears to have been generated and sent to the admin inbox.

Hey Guys,

We’re getting the same error on our servers using your plugin (v3.6.3) but we notice that the image file we’re replacing seems to get updated.

After the update we use the “Regenerate Thumbnails Advanced” plugin to make sure all the thumbnails get updated and things “seem” okay from what we can tell…?

Not sure WHY this error is popping up. It’s been doing it awhile now, saw this, so figured we’d add to the thread. We use Wordfence, WP Super Cache, and WP-Optimize – Clean, Compress, Cache plugins… along with a few others. We’ve tried DEACTIVATING all of them and the plugin still throws the error message.

Don’t see any error logs messages, but then we haven’t tried turning on the WordPress Debug option while testing either.

Any suggestions…? We’ll give things a try, since it would be nice to have it work without the server error. Never know if something else is getting hosed in the process.

Thanks!

We resolved it :o) no need to rack the brain over this one anymore.

Hey Judy… we have no idea what happened, but all is working fine again. Since we first opened this topic we have updated many plugins, including WordFence, and we’ve also moved our site to a newer HostGator account…ugh…the new account has it’s own issues, but that’s another long story.

Anyway, all is working fine now and like so many other software issues we’ve seen over the years, we have no idea what fixed it. At least for now WordFence and everything else, file uploads included, are all working fine.

We’ll cross our fingers that yours fixes itself too.

Sorry for the delay in responding, holiday week and back to school had us busy. We tried to DISABLE the suggested setting you provided above and that did NOT change anything, we still could NOT upload the .JPG files.

Two emails were sent to the address listed above. The first include 4 files that were quick screen captures that related to the error were seeing and then we attached one of our problem files. Unfortunately not the one we referenced in the error messages or the site, so that’s why we sent a second email with the image that was referenced.

Either way, both images are .JPG and won’t upload when Wordfence is active. As noted in the email, let us know if anything else is needed. Thanks!

It’s happened to the original file, as is, and even after renaming it to something else. It also happens with other .jpg files too.

However, when any original file is converted to a .png (which is usually twice the size of the .jpg) the converted files ALL seem to upload just fine.

So it definitely seems to be something with the .jpg file extension.

Odd to say the least. Thanks for your help and let us know if there is anything we should try.

NOTE… switched the Firewall setting back to “Enable and Protecting” and the larger .PNG file once again loaded successfully. So it does look like it has something to do with the .JPG extension.

Hey wfalaa… thanks for responding.

We switched the firewall mode to “Learning Mode” and the same image that was having problems when it was uploaded before, still didn’t completely upload. The following message was in the error.log file:

[16-Aug-2018 20:59:03 UTC] PHP Fatal error: Maximum execution time of 30 seconds exceeded in /home1/<<directory path removed>>/wp-includes/class-wp-image-editor-imagick.php on line 362

Not sure WHY the server is now timing out when Wordfence is active…? The site is on HostGator, always has been, and we’ve never had issues like this before. But that was before migrating to their FREE SSL solution. Although as previously noted, when we DEACTIVATE Wordfence the file does upload…odd?

As for image extension… the 10+ Mb image that uploaded fine was a .PNG, single color with transparent background. The images that are NOT uploading are smaller .JPG files, just over 1 MB, but with lots of colors and FULL backgrounds.

NOTE: we just converted the .JPG image to a .PNG file, it’s size is now 2.6 MB (just over twice the size of the original file) and guess what… it uploaded fine. UGH!

So… maybe it is a file TYPE problem…?

Hopefully that helps identify a fix. Switching images to a different type is doable, but just not preferred since the file sizes jump too much.

Thanks for helping to narrow this down. Let us know if you think there is a fix, so we can get the .JPG files to upload too.

The App ID & Secret Key were added to the plugins configuration setting and the Facebook Sharing Debugger is still showing the same error for me too… UGH!

Side note… the following error message was in the logs multiple times, probably for each image upload attempt:

[09-Aug-2018 19:10:59 UTC] PHP Fatal error: Maximum execution time of 30 seconds exceeded in /home1/<directory info removed>/wp-includes/class-wp-image-editor-imagick.php on line 362

Also another odd thing noticed… a 10Mb file uploads fine each time, yet a 1.1Mb file doesn’t. Maybe the smaller one is timing out because it’s a complete color image and the larger one has a transparent background…just BIG in size.

Looked at some more Wordfence logs and found the following:

Indonesia Jakarta, Indonesia visited https://<<website>>/wp-login.php
2/17/2018 4:51:50 AM (15 hours 11 mins ago)
IP: 114.124.210.13 Hostname: 114.124.210.13
Browser: Chrome version 0.0 running on Win10
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/64.0.3282.167 Safari/537.

and right after that the following was in the log:

United States Medina, United States visited https://<<website>>/?_wfsf=detectProxy
2/17/2018 4:51:58 AM (15 hours 12 mins ago)
IP: 69.46.36.20 Hostname: noc4.wordfence.com
Browser: Chrome version 0.0 running on MacOSX
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.1 (KHTML, like Gecko)
Chrome/21.0.1180.82 Safari/537.1

No idea what this Wordfence site is, but everything in the Wordfence directory on my site that got hacked got updated according to the file/folder timestamps right around 4:51am. And that’s also around the time when the 404html plugin folder was created and the rogue user got created too.

Oh well, for now the Indonesia IP has been blocked and will continue to closely monitor the site.

UGH! Just had an old, rarely used site experience this same hack. NOTE: when I say old I mean an old site, but WordPress and plugins are updated and maintained on a regular basis.

Noticed that the site was compromised when an email from Wordfence indicated that a new user ‘404html’ had a week password. Since this site had only one user and this wasn’t it, I knew something was up. Had to update the password via the ‘user’ table to this new rogue account, logged into WP, created a new admin, then deleted the rogue account and changed all other passwords and keys related to the site.

Also found that the ‘plugin’ directory had a new ‘404html’ folder in it, which antivirus software confirmed had some bad stuff in it. Zipped up the folder for future analysis and then deleted it.

Only other REALLY odd thing I noticed on the site is that the EVERYTHING in the Wordfence folder had a NEW timestamp on it that was really close (as in same date and almost same time) as the ‘404html’ login and directory were setup…? Also close to a timestamp found in a WP table.

All other sites I have and manage have a ‘Last Modified Date’ of Feb 14 for all Wordfence files/folders, which I’m guessing is when it last Auto-Updated to version 7.0.5 — I’m finding it VERY ODD that this one site had the Wordfence files timestamp modified so close to the rogue user that was setup???

Anyway, cleared everything to the best of my knowledge, ran scans, all looks good, and now will be monitoring closely. If anyone else comes across this one, please dump any info you find. Going to keep researching this one. Very interested in how they got in?

Update… plugin only appears to NOT be working on POST pages. It’s working on PAGES, but not on the blog post pages. Tried turning off a couple of the other plugins, but that hasn’t fixed the problem using the share buttons on the POST pages.

A quick test of v5.15 on one post does appear to show that the custom field problem is fixed… :O) Thanks for getting to this so quickly. I’ll do some more playing around with the custom fields to make sure they are all working, but for now ALL looks good with MIDDLE set to NO.

Thanks!