Fatal Error due to null value into function in pluggable.php file

Hi all!

I want to thank you in advance for any help anyone can provide!

I have a WordPress & Elementor website on my own domain. I hadn’t been on for quite a while to check things. Recently when trying to login to the backend, I got a critical error. I managed to gain access via my host, and tried various troubleshooting, such as deactivating plugins, which didn’t work. I then followed a tutorial, added/changed a couple of lines so that the debug mode was switched on. Next time, attempting to login I got a more detailed message which I’ll copy below. I have anonymised the pathway as I’d prefer not to mention the specific site if possible.

Fatal error: Uncaught TypeError: hash_equals(): Argument #1 ($known_string) must be of type string, null given in /home3/public_html/pathway/wp-includes/pluggable.php:2577 Stack trace: #0 /home3/public_html/pathway/wp-includes/pluggable.php(2577): hash_equals(Object(SensitiveParameterValue), Object(SensitiveParameterValue)) #1 /home3/public_html/pathway/wp-content/plugins/wp-spam-shield-pro/wp-spam-shield-pro.php(262): wp_check_password(”, NULL, NULL) #2 /home3/public_html/pathway/wp-includes/class-wp-hook.php(324): hu_auth_signon(Object(WP_Error), ”, ”) #3 /home3/public_html/pathway/wp-includes/plugin.php(205): WP_Hook->apply_filters(Object(WP_Error), Array) #4 /home3/public_html/pathway/wp-includes/pluggable.php(618): apply_filters(‘authenticate’, NULL, ”, ”) #5 /home3/public_html/pathway/wp-includes/user.php(106): wp_authenticate(”, ”) #6 /home3/public_html/pathway/wp-login.php(1311): wp_signon(Array, true) #7 {main} thrown in /home3/public_html/pathway/wp-includes/pluggable.php on line 2577

I don’t understand whether this is referring to one issue or many.

It mentions a specific line in the pluggable.php file, which I then went to check. This line is part of the function which starts

if ( ! function_exists( ‘wp_check_password’ ) ) :

and the specific line (2577) is:

$check = hash_equals( $hash, md5( $password ) );

Looking online this seems correct, so it just seems to be the value being passed to this which is wrong (null). Unfortunately I don’t know enough about WordPress and particularly the backend files to know where this value comes from. I don’t particularly understand php in general.

I thought it may be helpful to list all my plugins (either current or former) in case one of these changed something.:

* Caldera Forms
* Elementor
* Elementor Pro
* ElementsKit Lite (left deactivated)
* GDPR/CCPA Cookie Consent Banner (left deactivated)
* Jetpack (deactivated)
* Local Google Fonts
* MainWP Child
* Right Click Disable Original
* ShortPixel Image Optimizer
* The Bluehost Plugin
* UpdraftPlus – Backup/Restore
* WordPress Importer (left deactivated)
* Yoast Duplicate Post (left deactivated)

I noticed in the error message reference to another plugin (wp-spam-shield-pro) but have no recollection of having this.

If anyone has any suggestions about what I need to do/change that would be amazing.

Once again, huge thanks to anyone who reads or helps.

I work long hours, so may not respond quickly, but will do so when I can.

1 Comment
  1. Caldera forms was abandoned 2 years ago. Don’t use old plugins, as they’ll cause problems like this, as well as potential security issues.

    I’m guessing Spam Shield Pro is also out of date.


This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer