Replies: 0
🐞 Bug Report: PHP TypeError in Login Security Module (Wordfence)
Hi Wordfence Team,
We’ve encountered a recurring critical error on our WordPress site related to the Wordfence Login Security module, triggered during user login or registration attempts.
Error in logs:
Uncaught TypeError: array_key_exists(): Argument #2 ($array) must be of type array, string given in /wp-content/plugins/wordfence/modules/login-security/classes/controller/permissions.php:440
This error appears multiple times in the log and causes a “There has been a critical error on this website” message to users. It seems the second argument passed to array_key_exists() is unexpectedly a string instead of an array.
🧪 Context:
- WordPress 6.x (latest)
- WooCommerce installed and active
- No custom login code – using default WooCommerce login/registration
- Error triggered after repeated login attempts by an existing user (
xx_xx@hotmail.com)
📌 Temporary fix:
Disabling the Wordfence Login Security module immediately stops the error. However, this is not a sustainable solution due to the security implications.
Suggestion: Add a type check before calling array_key_exists() to avoid the fatal error:
if (is_array($permissions) && array_key_exists('some_key', $permissions)) { // ... }
If you see any other solution, please tell me.
Best regards,
Andreas