Title: WP phpMyAdmin crashes WordPress Last modified: January 13, 2023 --- # WP phpMyAdmin crashes WordPress * [Michael](https://wordpress.org/support/users/michael8888/) * (@michael8888) * [3 years, 4 months ago](https://wordpress.org/support/topic/wp-phpmyadmin-crashes-wordpress/) * If the plugin dir is not writeable WP phpMyAdmin crashes WordPress. This is the error message from the WordPress debug log: * PHP Fatal error: Uncaught Error: Call to undefined function WpPhpMyAdminExtension__e() in /../wp-content/plugins/wp-phpmyadmin-extension/index.php:712 * Requiring write permissions on the plugin dir is a bad anyway, especially for such a security sensitive plugin. * Even worse is the idea to copy the MySQL password in cleartext into a text file to the Linux tmp folder. What is the purpose of this? Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Author [ttodua](https://wordpress.org/support/users/ttodua/) * (@ttodua) * [3 years, 4 months ago](https://wordpress.org/support/topic/wp-phpmyadmin-crashes-wordpress/#post-16369342) * Thanks for notes: 1) as noted in plugin readme too, it is advised to enable & use phpMyAdmin plugin on production servers only for the session you are doing your work, after that you are advised to deactivate. Not for the reason that there is a known vulnerability/issue, but for the reason of possible / unexpected vulnerability that is not know to public at this moment. * 2) can you please tell, which code/where it copies cleartext file to tmp dir? phpMyAdmin only stores password in its `config.php` and does not copy to OS tmp dir * Plugin Author [ttodua](https://wordpress.org/support/users/ttodua/) * (@ttodua) * [3 years, 4 months ago](https://wordpress.org/support/topic/wp-phpmyadmin-crashes-wordpress/#post-16369352) * btw, about `__e` function – thanks it was a bug, needs to be replaced with `__` submitting fix now. re-install the plugin from ground from wp.org. - This reply was modified 3 years, 4 months ago by [ttodua](https://wordpress.org/support/users/ttodua/). * Thread Starter [Michael](https://wordpress.org/support/users/michael8888/) * (@michael8888) * [3 years, 4 months ago](https://wordpress.org/support/topic/wp-phpmyadmin-crashes-wordpress/#post-16369573) * If you launch phpMyAdmin from WP phpMyAdmin a couple files are created in /tmp. You can identify them by the owner (www-data). One of them contained the MySQL password. I don’t think that phpMyAdmin creates these files. Must be your plugin. * Plugin Author [ttodua](https://wordpress.org/support/users/ttodua/) * (@ttodua) * [3 years, 4 months ago](https://wordpress.org/support/topic/wp-phpmyadmin-crashes-wordpress/#post-16371598) * if you could provide the sample file/format of content (of course, with removed actual password or file path, replaced with dummy words/path) I could identify. also, are the files deleted thereafter on their own, or they are being left there? - This reply was modified 3 years, 4 months ago by [ttodua](https://wordpress.org/support/users/ttodua/). * Plugin Author [ttodua](https://wordpress.org/support/users/ttodua/) * (@ttodua) * [3 years, 4 months ago](https://wordpress.org/support/topic/wp-phpmyadmin-crashes-wordpress/#post-16371614) * I’ve revised and might say that seems to be expected: - see the doc here [https://docs.phpmyadmin.net/en/latest/config.html?highlight=signon#example-for-signon-authentication](https://docs.phpmyadmin.net/en/latest/config.html?highlight=signon#example-for-signon-authentication) which says about example-signon script (that is being used for authentication) - here is actual code : [https://github.com/phpmyadmin/phpmyadmin/blob/c95b64afebf1980a1dc6e1013f52f5b3d96e2f10/examples/signon.php#L22](https://github.com/phpmyadmin/phpmyadmin/blob/c95b64afebf1980a1dc6e1013f52f5b3d96e2f10/examples/signon.php#L22) this function “session_save_path” does that probably. * Thread Starter [Michael](https://wordpress.org/support/users/michael8888/) * (@michael8888) * [3 years, 4 months ago](https://wordpress.org/support/topic/wp-phpmyadmin-crashes-wordpress/#post-16372225) * I no longer have the files and I already uninstalled the plugin. * I don’t see in the code that a password is stored in a file. I have been using phpMyAdmin for many years on many systems and it never showed this behavior. I would know because we have a monitoring solution that sends an alert if new files appear in the system. * You can easily find the files. Navigate to /tmp or the temp folder configured on your Linux system (not in your WordPress folder). Type ls -al. There should be several files created the by the web server user. One of those files contains the password. The files are created when you open phpMyAdmin from the plugin and the files stay there even when you disable plugin. * I guess your plugin uses these files to automatically authenticate the user. By the way, it would be much better if the user had to authenticate first with username and password. * Plugin Author [ttodua](https://wordpress.org/support/users/ttodua/) * (@ttodua) * [3 years, 4 months ago](https://wordpress.org/support/topic/wp-phpmyadmin-crashes-wordpress/#post-16388216) * I will try to review it whenever time permits. * Thanks for noting this finding. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘WP phpMyAdmin crashes WordPress’ is closed to new replies. * ![](https://ps.w.org/wp-phpmyadmin-extension/assets/icon-128x128.png?rev=2234810) * [WP phpMyAdmin](https://wordpress.org/plugins/wp-phpmyadmin-extension/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-phpmyadmin-extension/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-phpmyadmin-extension/) * [Active Topics](https://wordpress.org/support/plugin/wp-phpmyadmin-extension/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-phpmyadmin-extension/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-phpmyadmin-extension/reviews/) * 12 replies * 2 participants * Last reply from: [ttodua](https://wordpress.org/support/users/ttodua/) * Last activity: [3 years, 4 months ago](https://wordpress.org/support/topic/wp-phpmyadmin-crashes-wordpress/#post-16388216) * Status: not resolved