All I know is there is a script causing a dump on wp-login.php. I had the host do a restore, I changed the password, I disabled all plugins but it still keeps on dumping and now all my space is full. I can delete the core files but that fills up quickly. If there is anyone here willing to help me in exchange for some work, I'm open.
As for the malware scan, nothing comes up, I've tried, wordfence and a few others as well as have InMotion due to a scan.
There's still potential that malware could linger in other places.
Thanks
I would recommend getting a fresh copy of the Core and fresh copies of all plugins, then check each plugins support forums for vulnerabilities, that may point towards a culprit. Also check your theme support for the same.
Essentially replace everything but .htaccess, wp-config and any custom theme code.
Related
I have a real problem on my cpanel I do not understand all my sites and my applications have not worked since this morning, try to restore without success I have tried everything, I am afraid to watch help me.
when I check the files of my site and application there are unknown files that create themselves all the time even when I delete completely when I update it comes back alone and it affects the operation of my site and application
I don't know if I was really hacked, or if it's an extension problem, or it's a quota or php problem but nothing's going well here are some images of the unknown folders, I've already written to support they say they will delete the hosting and create a new one when I can't afford it right now
According to your screenshot, you have really messed up your WordPress Core. Firstly, fix your .htaccess and 'delete the folders'. Additionally, you can always reinstall WordPress Core to fix any problems that might have happened from a Malware action.
However, there has been a rise in WordPress Database Malware as well, so you might wanna look in that as well.
I have seen lots of critical errors on my WordPress website. I attached a screenshot below that shows some of these issues. Please look at this and provide some suggestions so that I can fix this problem.
Thank you so much.
Depends how badly broken your site has become.
What is it doing to make you think it's been hacked? Is it just the warnings in the Wordfence scan report?
Before going much further you should for sure grab a backup of your database, wp-config.php, and the contents of the directories wp-content/themes, wp-content/uploads, and wp-content/plugins. Might be a good idea to make a separate backup of the entire WordPress installation directory.
Since you can still access the administration panel, might as well change your password just to be safe. Are there multiple users for your WP installation?
What changes have been made if you click "Details" button in the Wordfence scan?
If you're sure changes to the wp-core files are due to a hack, you can try to repair them using Wordfence's repair feature--it'll restore them to their base WordPress version. But if significant differences are showing for dozens of core files, might be a good idea start over with a clean installation of WordPress.
You'll also want to track down what allowed these malicious changes to be made (has an unknown IP logged into your administration panel recently? Are you using a plugin with a known security issue?), or it'll just happen again.
I noticed that on a wordpress site I'm going to take over the following scripts are found on multiple pages:
When the page is displayed here is what I see:
This seems incredibly scammy, does anyone know what this is?
I am going to delete all of those and restrict access to the website in the meantime
Thank you
One of two things likely happened. Either you are serving flash and have a really old version on your computer - OR - your website has been compromised and injected with some sort of malware.
Are the unusual scripts showing up in the content or the theme files? If they are showing up on the content, that means someone has added these scripts to the database, and it will require a bit of cleanup (or a restore to a previous version). If the scripts are showing up in actual .php files, then someone has gained access to the file system on the server.
You should re-install WordPress entirely to ensure all core files are clean, and then go through plugins and themes to ensure all malicious code has been removed.
Also, it would be good to find out how this happened, to attempt to stop it from happening again.
My Wordpress is extremely slow due to a request I have. I tried removing some plugins but no luck. I am using WP-rocket for caching.
Here is my analysis on pingdom where it says a request with xxxx/?version=4.7.3 is slowing down everything
How can I resolve this?
Many thanks
Turn off all caching while you are testing. Disable all plugins and see if is still there. If it is still there, it might be from the theme. Switch to another theme and test again. If it was gone after deactivating all plugins, turn them on one by one and test again to see which one adds it.
Another thing to do is to download your whole folder of your site on your computer and then using a free grep program to search for the domain name dentiste-urgence.ca and see if it is mentioned in any files.
This might also be caused by malware. Install the free security plugin WordFence and scan your site for malware.
Been having a bit of a problem with my site regarding our caching method and my php code not refreshing or flushing.
To start, my site is a WordPress site on a dedicated Nginx webserver. I used W3 Total Cache for the initial caching setup. Everything was set up to cache through Memcached.
(I should note, my website is somewhat of a 'guest' on this server, which is bit of a semi-community donation semi-sponsored server that runs some other things. The admins are skilled but also volunteers. I have their full support for fixing things, but they don't have time to troubleshoot my very odd issue (especially because I asked for caching to get turned on for the site myself). If we had some hints on what to go on it would make things easier for us than taking shots in the dark ;) So any suggestions are welcomed.)
At some point we noticed that changes to php pages and Wordpress & Plugin updates were not working at all, while the code on the server reflected updates, the pages still processed through the older php code.
This presented a couple unique issues. W3 Total Cache stores it settings in php files. Other php files, when deleted, stop working, but when they are restored to the server, memcached still insists on using its ultra-old memcached copy. The W3 Total Cache settings, whether i removed or altered the settings php files, would NOT stop running everything through cached memcached data.
The server admin attempt rebooting memcached and then flushing it. Neither of those seemed to have any effect. All the other basic settings seem to be set-up correctly.
We can, of course, still add new plugins, all the data that comes from the database works just fine.
At least one other site on the server that is not wordpress also uses memcached with no issues.
Any help is appreciated, should be able to provide further information if it is needed.
Do you have apc.stat = 0 in your settings? Does restarting php engine help?
This is going to sound really obvious but you didn't mention it so:
Did you try turning off the Total Cache plugin entirely to confirm you can see the changes when caching is disabled?
Until you've done that and made sure you get the results you expect, there's no way to know that memcached is really the problem.