Problem with Page has redirected JavaScript - wordpress

I did an audit of my website and it sends me this message
"Page has redirected JavaScript"
Issue details
Some pages on your website link to JavaScript files via a redirect.
This forces web browsers and search engine crawlers to make an additional HTTP request in order to reach the destination JS file URL. On a vast scale, this can increase page loading times for your website.
How to fix
Review the pages that have a link to the redirecting URL and replace this link with the direct link to the destination JS file.
If you decide to keep links to redirecting URLs that do not belong to your website, make sure that the destination files are relevant.
And I get several links like these:
https://script.crazyegg.com/pages/scripts/0012/9265.js
https://s7.addthis.com/ with randoms numbers
Has anyone had a similar problem who can help me to see how to solve the problem?

It sounds like you have some pages that are actually loading a remote JS file, which then redirect to another page on your website.
Why this is happening is anyone's guess - maybe you have a plugin installed that is doing it intentionally as part of it's functionality. I would start by disabling plugins one at a time (ideally on a staging environment) until the problem goes away, and then you'll know who the culprit is and make a decision.

Related

Website is showing another website on non-existent website page

This is a peculiar one.
I work for an agency, and we develop WordPress and JAM Stack sites for our clients.
I have been contacted by the IT team for one of the clients (an NGO), and they flagged something that I have not seen before.
NOTE: I am going to be using example.org as the website, to protect the identity of the client.
Basically, we developed a WordPress site for them, which works great and all, but as it turn outs there is a page on the website which points to a totally different website
The example page is as follows
example.org/news/points-to-different-website/
The news page doesn't exist in anywhere on WordPress system, and neither does it exist as a custom post type.
And another thing, I noticed is when I removed the / at the end of the URL, it shows the custom 404 page developed for the website
example.org/news/points-to-different-website
But as soon as you add the /, it shows a totally different website.
I have checked all the Apache configuration files related to the site, and it is just the normal setup for any WordPress site.
So, I am wondering what could be causing this, and how can one prevent it?
That's a strange issue. Does example.org/news/points-to-different-website/ actually redirect to another full URL, i.e. differentwebsite.com, or is the different site actually at example.org/news/points-to-different-website/?
Try
emptying the trash for both pages and posts, as there could be a conflicting slug that is causing a redirect.
Reset permalinks.
Using PHPMyAdmin, search the database for the URL points-to-different-website and see if there is malware or some kind of a redirect, an iFrame, etc.
This can sometimes happen if the server hostname is not set up correctly.
What can happen is website on the server will show in place of a non-existent site or page from another website on the same server.
If you are using a reseller hosting/shared hosting, then the site could be from another account on the server, the site could also be from another server, for example:
There are 2 servers with the hostnames serverone.myserver.com and servertwo.myserver.com... A site on serverone might show in place of a site or page on servertwo.

Audit website my pages have HTTPS URL links to an HTTP URL

I have an wordpress website https://tricourilemele.ro . When doing an audit, my Security Score is showing an high issue: HTTPS URL links to an HTTP URL..
Looking at page source (in fact on all pages) i find these http://gmpg.org/xfn/11 and anther link - which in is in fact a page i made http://tricourilemele.ro/tricouri-personalizate/
Well... i found that http://gmpg.org/xfn/11 in my header is given by my theme - Storefront, even so it had many updates, they never changed that to https.
I tried with a plugin search / replace but i couldn't do any improves .more. i was afraid to try something else. I do not know many related to databases or so..
My problem is ...How could i change those 2 links from http to https?
Please, be
Thank you,
Marius
You'll need to find whatever file gmpg is in, and update the url to https. And then change the url accordingly for the site you created.

Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure stylesheet error in Wordpress site

Instead of genuine Mixed Content issue this seemed like more of a Wordpress issue hence posting here to find a resolution.
I have everything setup to work with https, though there is no valid certificate yet. here is the home page url https://tourpoule.nl. The home page loads but with Mixed content errors which seem to be generated by core Wordpress or theme functions. Attaching image:
Database does not have any url which would start with http://. I already have replaced them using search and replace script.
There is nothing in htaccess file except basic Wordpress setup code. I tried renaming it as well. I cleared all types of cache but still it does not work. The site is using twentytwenty theme and if I comment out css and javascript enque lines, some of the errors disappear but styles and scripts do not load(that is normal I know).
In the view source of page it shows mixed urls, some with https and style and javascript urls without https. see below:
Interestingly if I click a stylesheet url i.e. http://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0 it redirects to https://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0
I am not sure what is going on and have got struck. I am not able to reach the client so that we can discuss turning ssl redirection off in nginx for this domain where it is redirecting everything to https if it is not https. Not sure if that is causing issue (I believe it is not as it has nothing to do with Wordpress mechanism to generate urls). Any help or direction is greatly appreciated.
I can see your website is still unsecured, for what it's worth, get yourself letsencrypt ssl.
Back to you question, go to your database, open the wp_options table, change the siteurl item to https://tourpoules.nl and also change the home item to https://tourpoules.nl.
If you have used search and replace DB master script or plugin it will not update inside meta files as well as and check for the function file have you Enqueue with https://
So will be better if you download SQL file and replace with below:
From:
http://new.tourpoules.nl
To
https://new.tourpoules.nl
and re-upload again

Wordpress - instance always generates page that switches to external site

I'm getting an issue where WordPress always serves me a page that takes me to an external site.
Whether I try to visit a URL on mylivesite.com, page content is always as follows (keyword= varies according to the URL I type in):
<nofollow><noindex>
<script src="http://externalsite.com/?jquery&source=mylivesite.com&
keyword=ksjdhskjfhjksfsdf"></script></noindex></nofollow>
This happens only on the live site and not on my localhost site (which should be a very close copy of the live site).
I looked through the MySQL database using string search and couldn't find
any matches to externalsite.com.
I grep'ed the entire tree of hosted files and no matches either.
Can't see any nefarious looking rules in
wp_options.rewrite_rules.
Tried to disable all plugins (except W3TC) by renaming directories within wp-content/plugins, which I think has worked.
.htaccess is the standard WordPress bootstrap.
The installation is an individual domain running its own instance of WP.
This effect prevents me accessing wp-admin on the live site.
Any ideas about what layer or setting might cause this to happen?
The site had been hacked. This was causing it to redirect to an external site after most page requests.
Cleanup guide for hacked sites: http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
Thanks to all who provided help.

Something is creating strange URLs in Wordpress Website

I have a problem with a Wordpress based website. Something is creating strange URLs. I know about those URLs, because Google Webmaster Developer try to Crawl them and the Crawler gets a 404 error (Not found). I have that problem in different websites:
In the first one the URLs looks like spam:
http://xxxx.com/wp-content/w3tc/apple-iphone-3gs-8gb-black-manual
In the other website the URLs make sense based on the content, but they are not valid URLs:
http://xxxx.com/portfolio/pool-view-suite-bathroom/
In other website, it's creating URLs that looks like valid, but with a ".html" in the final
If you try to access those URLs, you will get a 404 error. Curiously, when you look the "Linked By" tan in Google Developer Tools, you will see that is linked by another strange URL o there is no linked from. And that URLs are not in the sitemap, I checked it.
Thank you!
the first one is a trojan without a doubt. Quite usually, you'll find them in index.php, footer.php, header.php . If in doubt, check with an online tool like Sucuri
Once you isolate it, it's very important to know how you have it. While most people thinks they have been "hacked", in most cases you uploaded it by yourself from your own computer, so be sure to scan it thoroughly.
About the other cases, sounds more like an htaccess issue, but based on the first case, quite probably it's caused by this trojan as well. Ask your host to check the site, it's in their best interest to do it so. But assuming it's just htaccess, try this: go to Settings --> Permalinks and change the permalinks structure to anything else than what you have now. Don't hit the submit button yet. In the meanwhile, BACKUP your htaccess file and then delete it. Hit submit on the permalinks page an a new .htaccess file will be created. Try your site now. If it works, it was just a simple htaccess issue. If not, something else, going from a trojan to a server misconfiguration to anything in between
Maybe the domain was used before and you are seeing past valid urls which are now 404, or maybe these are incorrect, inbound spammy links which you would want to be 404. Duff links can be found anywhere on the internet and so no reason to think your site is generating them.

Resources