I wanted to see what this reason could be. When entering my site: https://boonmodels.com/
It doesn't log in, it just downloads some strange files.
I have not touched anything, will it be a problem of a virus or something similar?
the site is made in wordpress.
I hope someone can help me, thanks!
If your site is suddenly downloading files instead of visiting the page, do not open them.
Are you on shared hosting? Either way, contact your hosting provider immediately. Hopefully they have a backup to a time before it was doing this and can restore. They might also be able to confirm what the contents of the files would be without you endangering your own computer.
I used to run into this problem with shared hosting on GoDaddy. I now no longer recommend Wordpress unless you are on your own Virtual Private Server or with a managed hosting service like WPEngine.
Related
I have a website that is running on an AWS server using the Bitnami Nginx and WordPress image.
https://www.athleticclubhk.com/
Recently it got all our ads on Google stopped due to malicious content. Oddly this time, its trickier then your standard malware of infected files. When visiting the site incognito, the first and only the first link click gets redirected using the following code:
window.location.replace("https://cartoonmines.com/scount");window.location.href = "https://cartoonmines.com/scount";
This is being injected on any link, however, upon investigating the loaded code on inspect its not injecting it into the page.
I've tried to hunt down the theme, plugins, core files and found nothing!
I replaced and reinstalled WordPress core files, deactivated all plugins and even swapped the theme - the problem is still there. I can't find any hidden .htaccess file in the entire root directory.
I even used GREP to try to look for anything fishy (any clues here that someone can help with?) nothing so far.
The site is still impacted with this so you can easily load the link ~ i do use malwarebytes to keep myself protected, incase you are opening this directly.
Can anyone help?
The redirection code is implanted to /wp-includes/js/wp-emoji-release.min.js.
How to confirm:
watch the cookies when clicking internal page, a new cookie is being set for tracking first clicks, named ht_rr
save complete webpage locally and try to load it, and check in Chrome dev tools, you'll see that in Console tab it complains about this Javascript file attempting to set the aforementioned cookie
While a temporary resolution of deleting the file will fix things for some time...
There's no excuse for not setting up a proper server stack. Bitnami or other "great stacks" won't cut it security-wise. They exist for "fast", but no "quality" setup, and of course, it's never going to be secure.
The file got created somehow / had write privileges. This indicates a problem with the setup most of the time. Unless you're using some nulled plugins or plugins from bad sources.
Once again, since the website was essentially "pwned", deleting the Javascript file does not mean complete disinfection. To preserve things in a secure state, I would recommend setting things on a clean server environment with strict PHP-FPM permissions aka "lockdown" chmod, and look for write errors to look for infected PHP files.
Check out some guides on the matter of secure NGINX/PHP-FPM setup:
NGINX and PHP-FPM. What my permissions should be?
Best practice secure NGINX configuration for WordPress
NGINX Security Headers, the right way
Just had the same problem and it was Zend Font Plugin, the same that some people mentioned before.
Installed Wordfence and this came out. Deleted the plugin and now the site is working perfectly.
Disable plugins and check again.
Change the database username and password.
Ask the hosting manager to check the host.
I was hosting two of my personal sites/blogs with HostGator for over 10 months. I didn't update my sites that often as I don't get enough time to write content for my sites .So, I decided to host my site through raspberry-pi or pc.
I downloaded full backup and home directory backup. Also, I installed WordPress locally. Now, I want to use my local WordPress setup to launch my sites by using files that I downloaded from HostGator cPanel but I dont know how to do that. Initially I spent sometime to get the solution from google as well as YouTube but directions were not clear. I tried to do it by myself but I was not successful.
Is there solution to this issue? Any help would be appreciated.
Thank you
I would recommend to use a plugin for this.
Try "Duplicator" for example. It creates a backup for you and an installer file.
After downloading these files, you place them in your root directory and navigate to "localhost/installer.php" and everything gets set up as you had.
I'm facing a problem the last couple of days and I can't figure it out. We changed the hosting company and move our website (same domain name) to another hosting provider. After migration, images not loading, and I can see them broken in WordPress's Media Library.
I tried to change the permissions in the upload folder but that didn't worked. SSL is also working as expected. I disabled all the plugins and even changed the theme, but the problem still persists. I re-uploaded all the backup files again to make sure that I wasn't missing something, but the problem haven't been solved.
I also have the support team from the hosting provider that works on the website, but there's been 2 days now and they can't find a way to solve the issue.
In the browser's Search Console I do see the following errors: https://ibb.co/y0KCmHY
I've also checked the DNS settings in CloudFlare to make sure that I have setup everything correctly.
Any help will be much appreciated!
I am no wordpress expert but I think I would first check whether image files in your backup files are not damaged/corrupted.
I would check both your backup files and image files in your new hosting server
(download image files from your new hosting server via FTP)
Sorry I couldn't help you much except where to look at first which you might already know.
From the image that you've provided, what I can tell the status is 404 like you know which means your image is not found. Something wrong with all your image URL. You need to make sure the URL is correct for each image you have.
So I built this client a WordPress site and after if was completed and paid for he decided he didn't like his domain name. So he logged into HostGator and then bought/transferred to a new domain.
Then a day later he calls and wonders why his page isn't loading. I'm able to go into the FTP and save all the wp-content and every file that was originally there... My question is how do I get the WordPress site I built onto the new domain name?
I've read all kinds of tutorials about how to export/import but they require the site you're transferring from to be live.. I can't log into the wp-admin portion because it looks like the domain does not exist anymore.
I'm definitely not a back-end guy.. I've build a few sites off line with xamp but i have no idea what I'm doing when it comes to trying to salvage this site. Any help?
WordPress is flexible to handle situations like moving to another server. First back up your WordPress directory, images, plugins, and other files on your site as well as the database. The detailed steps on how to do it is well documented in the website https://codex.wordpress.org/Moving_WordPress.
I'm working on a project on my localhost for sometime now, and i've recently tried to make it online. My project works perfectly on my localhost, and I can post new articles to wordpress blogs with no problem.
The problem is, after uploading my project to a online web server ( Hostgators Baby Plan ) , I tried to add a new post to one of my wordpress blogs and I got the following error :
faultCode 500 faultString You are not allowed to do that.
The thing is, I've searched everywhere in the past few days in-order to solve this problem and had no luck.
Do you guys think this problem is caused because i'm using a webserver and not a VPS? If you have any other solutions I'll be glad to hear them out.
It might be related to file permissions or something like that.
There is no need to use VPS. I manage my website on a shared server and I've tested WordPress on free hosting services too.
This is probably due to incorrect permissions either on the file structure or the mySQL DB user or something like that. Take a look at this article on the WP codex about file permissions.
Big services like Hostgater usually have an "auto-install" feature for common software like Wordpress (via Softaculous or something similar). I don't know how you migrated your site from your local version to the server but it may be worth installing a fresh Wordpress instance through Hostgator and then simply loading in the wp-content folder and your development database on top of that.