Adding new site to MainWP Dashboard causes unintentional automatic WordPress core updates (Part 2)

This is the sequel to the past discussion below.

Last time we couldn’t identify the cause. After that I found the conditions to reproduce the problem, so I did some investigation and figured out how this happens.

Conditions:

• WordPress auto-update of the child site is disabled by define('WP_AUTO_UPDATE_CORE', false); in wp-config.php.
• /wp-admin/admin-ajax.php is blocked in the nginx configuration of the child site.

Observation:
When the child site is added to MainWP Dashboard under these conditions, MainWP sends a POST request to /wp-admin/admin-ajax.php of the child site, but the request is blocked by nginx. I found that MainWP sends the identical request again to the site (home) URL of the child site right after that, and wp_maybe_auto_update() function is to be executed because wp_doing_ajax() returns false near the end of /wp-includes/update.php.

Thus I guess that preventing or reverting add_action( 'wp_maybe_auto_update', 'wp_maybe_auto_update' ); at the second request is necessary somewhere in the site registration processes of MainWP.

This is the backtrace of PHP functions until wp_maybe_auto_update is executed.

[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-includes/class-wp-hook.php: line 309
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-includes/class-wp-hook.php: line 333
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-includes/plugin.php: line 476
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-includes/update.php: line 254
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-content/plugins/mainwp-child/class/class-mainwp-system.php: line 89
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-content/plugins/mainwp-child/class/class-mainwp-child-stats.php: line 535
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-content/plugins/mainwp-child/class/class-mainwp-child-stats.php: line 223
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-content/plugins/mainwp-child/class/class-mainwp-connect.php: line 138
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-content/plugins/mainwp-child/class/class-mainwp-child.php: line 312
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-includes/class-wp-hook.php: line 309
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-includes/class-wp-hook.php: line 333
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-includes/plugin.php: line 476
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-settings.php: line 598
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-config.php: line 123
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-load.php: line 50
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/wp-blog-header.php: line 13
[14-Mar-2024 10:39:42 UTC] /var/www/wordpress/index.php: line 17

If my explanation is too brief or unclear, please let me know. I’ll be happy to add more details.

Edited to correct the mistake.
wrong: line 92 of /wp-admin/includes/update.php
right: near the end of /wp-includes/update.php

Hey @an2009

Thanks for the detailed report.

The development team will go over it and we will update you as soon as we have more information.

Hi @an2009

The development team looked into it, and there was indeed an issue with the MainWP child plugin.

In the wp_version_check(), action 'wp_maybe_auto_update' was called.
So, we remove the action before calling the version check.

remove_action( 'wp_maybe_auto_update', 'wp_maybe_auto_update' );

If you wish, I can send you a pre-release version of the MainWP Child plugin if you wish to test it out on your system.

Hi Bojan,

Thank you for your quick support. It’s excellent.
Yes, I would be happy if you could send it to me. Thank you in advance for your time.

Hi @an2009

I’ve just sent you the pre-release version of the MainWP Child plugin.

Do let us know if that fixes the issue for you.

Hi Bojan,

I’ve tried the pre-release version of the plugin and confirmed that it solved the problem. No update occurred.
Thanks for your support. I’m glad that the issue has been resolved.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.