Can you use that script to debug the problem: https://nintechnet.com/share/wp-db.txt
- Rename this file to “wp-db.php”.
- Upload it into your WordPress root folder.
- Go to http://YOUR WEBSITE/wp-db.php
- Delete it afterwards.
Version: 2.0.2
Found /www/htdocs/w019f793/kolaleipzig.de/www/wp-config.php.
Opening it for reading.
Looking for DB_NAME, DB_USER, DB_PASSWORD, DB_HOST and $table_prefix:
- DB_NAME: found ‘d031fb11’
- DB_USER: found ‘d031fb11’
- DB_PASSWORD: found (click to view password)
- DB_HOST: found ‘localhost’
- table_prefix: found ‘www_’
Attempting to connect to the DB:
Warning: mysqli_real_connect(): (HY000/1045): Access denied for user ‘d031fb11’@’localhost’ (using password: YES) in /www/htdocs/w019f793/kolaleipzig.de/www/yyy.php on line 125
Connection Error: Access denied for user ‘d031fb11’@’localhost’ (using password: YES)
Exiting.
The password is rejected by the database.
If you click on “click to view password”, do you see the correct password?
no! this is not the correct password! To be honest: what kind of developer working there?
just find out the following:
this is a testsystem for our livesite. thats why in wp-config.php i have the block
define(‘DB_NAME’, “ddddd”);
define(‘DB_USER’, “aaaaaa”);
define(‘DB_PASSWORD’, “ssssss”);
twice.
B U T
the second one is marked with comments /**/ and you plugin has scraped the password and database and user from this (wrong) lines
With simple regexp you can find it and i am sure that are a lot of other possibilities to get this info WITHOUT searching for a string and using it without ANY tests!
You cannot find/exclude comments with regex, that’s unreliable. You’d need to tokenize the code, just like PHP does. But that’s not an option because that’s way too slow. Just move your unused code above the used one, that will solve the problem.
There’s no other way, all WP constants and variables are not even defined when the firewall loads. The file must me read line by line, and can’t be loaded with require/include. For that reason, it has to be fast.
