Title: Bug login Last modified: April 3, 2025 --- # Bug login * [Andreas](https://wordpress.org/support/users/stylingagenten/) * (@stylingagenten) * [1 year, 2 months ago](https://wordpress.org/support/topic/bug-login/) * šŸž **Bug Report: PHP TypeError in Login Security Module (Wordfence)** * **Hi Wordfence Team,** * Weā€™ve encountered a recurring critical error on our WordPress site related to the **Wordfence Login Security module**, triggered during user login or registration attempts. * **Error in logs:** * `Uncaught TypeError: array_key_exists(): Argument #2 ($array) must be of type array, string given in /wp-content/plugins/wordfence/modules/login-security/classes/ controller/permissions.php:440` * This error appears multiple times in the log and causes a **ā€œThere has been a critical error on this websiteā€** message to users. It seems the second argument passed to `array_key_exists()` is unexpectedly a **string instead of an array**. * šŸ§Ŗ **Context:** - WordPress 6.x (latest) - WooCommerce installed and active - No custom login code ā€“ using default WooCommerce login/registration - Error triggered after repeated login attempts by an existing user (`xx_xx@hotmail. com`) * šŸ“Œ **Temporary fix:** Disabling the Wordfence Login Security module immediately stops the error. However, this is not a sustainable solution due to the security implications. * **Suggestion:** Add a type check before calling `array_key_exists()` to avoid the fatal error: * `if (is_array($permissions) && array_key_exists('some_key', $permissions)) { //...}` * If you see any other solution, please tell me. * Best regards, * Andreas * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fbug-login%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/) * (@wfpeter) * [1 year, 2 months ago](https://wordpress.org/support/topic/bug-login/#post-18397977) * Hi [@stylingagenten](https://wordpress.org/support/users/stylingagenten/), thank- you for your detailed message. * I havenā€™t seen `array_key_exists()` throwing that error on **permissions.php** before, although previous cases with that file were related to switching a multisite to a regular site. Sometimes array/string errors have been triggered by unexpected data from another plugin so we may need to see a list of those to learn more. * You can send a diagnostic report toĀ **wftest @ wordfence . com** by finding the link at the top of theĀ **Wordfence > Tools > Diagnostics**Ā page. Then click on**ā€œ Send Report by Emailā€**. Please add your forum username where indicated andĀ _respond here after you have sent it._ * **NOTE:**Ā It should look as follows ā€“ Screenshot ofĀ [Tools > Diagnostic > Send by Email](https://www.wordfence.com/wp-content/uploads/2021/09/diagnosticsendbyemail.png) * Many thanks, Peter. * Thread Starter [Andreas](https://wordpress.org/support/users/stylingagenten/) * (@stylingagenten) * [1 year, 2 months ago](https://wordpress.org/support/topic/bug-login/#post-18398898) * Hi Peter, * Thanks for your reply! * Weā€™ve done some further investigation based on the error and backtrace. The issue seems to occur **only for users that were created before we enabled Multisite**, and only on our Multisite-enabled WooCommerce site. Users created after the Multisite setup donā€™t seem to trigger the issue. * We queried the `wp_usermeta` table and confirmed that for affected users, the meta key `wordfence_ls_permissions` does **not exist** at all. This causes the` $permissions` variable in `permissions.php` to become a `null` or an empty string, which leads to the fatal error: * `array_key_exists(): Argument #2 ($array) must be of type array, string given` * We believe the bug could be avoided by adding a type check before calling `array_key_exists()`ā€” e.g. wrapping it with `is_array()` to avoid assumptions about the data type. This only affects accounts where `wordfence_ls_permissions` is missing or malformed. * Weā€™ll go ahead and send you the diagnostic report via email as requested, and will include this forum username, I see that I added **[@andreas](https://wordpress.org/support/users/andreas/)** as username * Thread Starter [Andreas](https://wordpress.org/support/users/stylingagenten/) * (@stylingagenten) * [1 year, 2 months ago](https://wordpress.org/support/topic/bug-login/#post-18398932) * Hi, * Here is also the error log: * ```wp-block-code 2025-04-04T06:04:17+00:00 Critical Uncaught TypeError: array_key_exists(): Argument #2 ($array) must be of type array, string given in /[REDACTED_PATH]/wp-content/plugins/wordfence/modules/login-security/classes/controller/permissions.php:440Additional context{"error": {"type": 1,"file": "/[REDACTED_PATH]/wp-content/plugins/wordfence/modules/login-security/classes/controller/permissions.php","line": 440},"remote-logging": true,"backtrace": ["","#0 /[REDACTED_PATH]/wp-content/plugins/wordfence/modules/login-security/classes/controller/permissions.php(440): array_key_exists()","#1 /[REDACTED_PATH]/wp-content/plugins/wordfence/modules/login-security/classes/controller/users.php(195): WordfenceLS\Controller_Permissions->does_user_have_multisite_capability()","#2 /[REDACTED_PATH]/wp-content/plugins/wordfence/modules/login-security/classes/controller/users.php(660): WordfenceLS\Controller_Users->can_activate_2fa()","#3 /[REDACTED_PATH]/wp-includes/class-wp-hook.php(324): WordfenceLS\Controller_Users->_user_row_actions()","#4 /[REDACTED_PATH]/wp-includes/plugin.php(205): WP_Hook->apply_filters()","#5 /[REDACTED_PATH]/wp-admin/includes/class-wp-users-list-table.php(520): apply_filters()","#6 /[REDACTED_PATH]/wp-admin/includes/class-wp-users-list-table.php(415): WP_Users_List_Table->single_row()","#7 /[REDACTED_PATH]/wp-admin/includes/class-wp-list-table.php(1712): WP_Users_List_Table->display_rows()","#8 /[REDACTED_PATH]/wp-admin/includes/class-wp-list-table.php(1639): WP_List_Table->display_rows_or_placeholder()","#9 /[REDACTED_PATH]/wp-admin/users.php(814): WP_List_Table->display()","#10 {main}","thrown"]} ``` Viewing 3 replies - 1 through 3 (of 3 total) The topic ā€˜Bug loginā€™ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 3 replies * 2 participants * Last reply from: [Andreas](https://wordpress.org/support/users/stylingagenten/) * Last activity: [1 year, 2 months ago](https://wordpress.org/support/topic/bug-login/#post-18398932) * Status: not resolved