I was a happy user of the SecureImage plugin for some months, while at some point few of my friends started to complain that they cannot see my “secure image”, which caused them to loose ability to comment, unless they are registered users.

Initially I did not believe my eyes, but after some research I found a very nasty generic problem in the plugin, which could cause some of these “header already sent” errors, about which the users complain in the plugin’s main page. Unfortunately, these warnings were just the tip of the iceberg – the main and most nastiest problem is when my readers cannot see the secure image: both the browsers (IE and FF) were failing to display it.

It was not easy to find the problem, but I finally nailed it down. The problem is in the plugin’s PNG generation code. When the plugin is asked to generate the PNG image, it does all correctly, but after that it passes the control to the standard WordPress processing, which causes your whole main page’s HTML code to be concatenated after the PNG image’s stream. This caused two problems:

1. Depending on your current site’s contents, your readers may or may not see the PNG image, which will definitely cause them not being able to comment at all (sick!)

2. Your traffic will be increased, because instead of serving 30K (the PNG image average size), it will serve 30K+<the contents of your index.html at the time of the serving>. In my case each image went to about 100K because of this.

The solution of this problem is easy: you just have to replace the “print” command of the image generation:

print $wpdb->get_var(“SELECT img_data FROM $wpdb->secureimage
WHERE img_name = ‘$image'”);

with “die” instead:

die ($wpdb->get_var(“SELECT img_data FROM $wpdb->secureimage
WHERE img_name = ‘$image'”));

This will cause your plugin to stop at the very rigth point just after the image is sent to the client.