Theres a few posts out there that say this may be related to php memory or max execution time settings. Can you click the link on your options page that says “Click to view your system’s configuration in a new window” and screenshot it and post a link here?
Thanks!
tim
PHP Version 5.5.9-1ubuntu4.4
System Linux ip-x-x-x-x 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64
Build Date Sep 4 2014 06:54:42
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /etc/php5/apache2
Loaded Configuration File /etc/php5/apache2/php.ini
Scan this dir for additional .ini files /etc/php5/apache2/conf.d
Additional .ini files parsed /etc/php5/apache2/conf.d/05-opcache.ini, /etc/php5/apache2/conf.d/10-pdo.ini, /etc/php5/apache2/conf.d/20-curl.ini, /etc/php5/apache2/conf.d/20-json.ini, /etc/php5/apache2/conf.d/20-mcrypt.ini, /etc/php5/apache2/conf.d/20-memcache.ini, /etc/php5/apache2/conf.d/20-mysql.ini, /etc/php5/apache2/conf.d/20-mysqli.ini, /etc/php5/apache2/conf.d/20-pdo_mysql.ini, /etc/php5/apache2/conf.d/20-readline.ini
PHP API 20121113
PHP Extension 20121212
Zend Extension 220121212
Zend Extension Build API220121212,NTS
PHP Extension Build API20121212,NTS
Debug Build no
Thread Safety disabled
Zend Signal Handling disabled
Zend Memory Manager enabled
Zend Multibyte Support provided by mbstring
IPv6 Support enabled
DTrace Support enabled
Registered PHP Streams https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, tls
Registered Stream Filters zlib.*, bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk, mcrypt.*, mdecrypt.*
The error above could also be caused by someone (probably a bot) trying to directly access http://yoursite.com/wp-content/plugins/wordfence/lib/wfUnlockMsg.php
Accessing the file without having WordPress “include()” it will give that message — the error itself isn’t dangerous, and normal users shouldn’t be going to that page.
It might mean that your web server lets remote users see what files are in directories (ignoring .htaccess), or there is an anonymous FTP server that shows the same files/folders, or there is a bot that knows what files Wordfence contains, and it’s scanning to see if they exist (possibly looking for sites running outdated versions).
I see errors in error_log similar to this once in a while, but usually on WP core files. Usually, it is probably nothing to worry about as long as your core and plugins are up to date — aside from being paranoid about having your site tested by someone with ill intentions (but of course that happens daily on most sites, in one way or another.)
Great information mwrusnak! Thanks for pitching in 🙂
I’m tending to side with his answer on this one. If Wordfence appears to be working correctly, and you are not seeing these repeatedly, I’d be cautious but let it go.
tim
