Fix For "Cannot send session cache limiter" Warnings

I’ve found WP Login Security 2 to be an extremely useful plugin and it’s installed on each of the WordPress sites I either run or manage. But like other people, I’ve been bitten by the Cannot send session cache limiter warning message.

You’re absolutely right to point out that people should really disable display_errors in their php.ini file for security reasons but on one site I manage this isn’t an option. This particular hosting provider locks down their PHP environment and even placing a site specific php.ini in the web root is ignored. It’s a pain to see this warning message whenever I’m working in the site’s admin screens so I’ve looked into this in a bit more detail and have come up with a workaround.

Even if a hosting provider locks down php.ini, you’re still able to override the display_errors settings in the code via the ini_set PHP function. So I’ve added some code to the wpls2_new_ip_check function in wp-login-security-2.php that checks to see whether display_errors is enabled and if it is, disables it but only for the duration of the execution of wpls2_new_ip_check and restores the setting back once this function returns.

It’s not the most elegant of work-arounds but in a restricted hosting environment, options are limited. The code is up on GitHub in a Gist if you’re interested. I’ve tested it out on a local machine and on a live production site and it seems to work without impacting the functionality of the plugin or the site. Feel free to take this and adapt it or incorporate it into a future release of the plugin if you think it will help.

Once again, thanks for writing a useful and valuable plugin.

-Gary

http://ww.wp.xz.cn/extend/plugins/wp-login-security-2/