Someone is changing my wordpress site URL to their ad spam URL. I changed it from php my admin and it was fixed, the hacker inserted a java script to every wordpress post and pages to redirect all posts and pages to their ad page, I deleted all of them. Then I installed wordfence security plugin, scanned the entire website, found some malicious codes and deleted everything. Then I changed my cpanel and wordpress password. I am using my own VPS so I also changed my root password, but still just after 12-24 hours, I can see that the wordpress site URL has been changed. I fix it and again it becomes changed.
I have mentioned what I have done, what else I can do to prevent this? Please any suggestion will be appreciated...
Your website has most probably been exploited, and the exploit is still active, as a backdoor for that Hacker..
I would check the access logs for your web requests, and especially POST requests!
which might show where is the hacker logging in via.. some Theme or Plugin that was exploited most probably.
If your web host does daily backups, it might even be worth reverting back to previous days to remove any changes... -- remember if you revert back any posts/changes from that day onwards will disappear.
Related
I'm just wondering if anyone might of been had the same experience as me before? I have just migrated a WordPress site (running on an older version of WordPress) to a new dedicated server.
My website loads up perfectly fine, however, when my users are logging in or trying to access the WooCommerce Checkout page, there browsers are returning the "Site did not send any data".
The strangest thing is, some people can log-in, others can't. I've advised my users to try deleting there browser cache and I've setup a tempoary log-in link (Incase the old log-in link my users was seeing was being cached from when my site operated on my previous server)
I've disabled all caching plugins, but in the Network tab, I'm still seeing a few elements being cached, I'm not too sure if this could be WP CLI cache which is perhaps operating in the background?
Ultimately, I'm just trying to get my head around how to solve th "Website did not send any data" error - It's been around 4 days since the server migration completed and previously, users had no trouble at all logging in and navigating the website.
Here's what I've tried so far:
Reset the htaccess file
Disabled caching plugins (Third-party plugins)
Installed Really Simple SSL to ensure all my website paths are being redirected to HTTPS
Changed my PHP handler to SuExec
Disabled server-side cache
Reset permalinks (Changed my permalink setting from Post Name to Plain, and vice versa)
But quite a few of my users are still reporting the same error, whilst other users can access and navigate my website perfectly fine.
Has anyone experienced a similar issue before?
Thank you!
Our site was working properly for a month or so and all of a sudden it won't work unless you are logged into the site backend [/wp-admin]. You can see the issue here - https://hema-filler.com/.
While not logged in, it strips off the domain name from the CSS/Image/JavaScript requests and you can see that in the screenshot -
I'm only administering this site and not the developer. If you came across this kind of an issue before or if you know why this is happening, please post back.
This site is in Azure/Linux, on the latest WordPress version.
As far as I can see from the errors, your domain name is missing from the URL of the requests to the static content, which is why it is not loading properly. Please check your siteurl and homeurl inside your wp_options table in your database. If the issue still persists, then I would recommend checking with your hosting provider's support team. If they lack support, then I would recommend switching to managed WordPress hosting.
I have an issue in a WordPress site on Hostgator where the htaccess file keeps disappearing. Before you get all, "Check your plugins, dummy" I have the same install of this site running on a completely separate Hostgator account and it's running fine. Furthermore, I have a local instance which, again, is running fine. So if it was a plugin, the issue would be replicated on the other instances, but it's not.
My suspicion is someone who has access to the hosting account is tampering with it. While that sounds paranoid, I can't rule anything out because htaccess files don't just delete themselves.
The bandaid fix has been to just reset permalinks once the site goes down. Annoying, but simple. What might be even neat would be to set my server 404 page to a php script that, when accessed, hits an endpoint I set up in WordPress to programmatically flush the rewrite rules, thus restoring the htaccess page, and then the 404 tries to forward them on again. However, the suggestions on how to do this say putting the error page definitions in the htaccess page. Which doesn't do me much good if the htaccess page is being deleted.
How stupid is this idea? Please let me know in comments.
I'm open to other solutions, but I'm waiting on my hosting support to figure out how the file is being deleted because I assume others with the account info of tampering.
I recently moved my site built in Word Press to another hosting provider and I found the shortcode [woocommerce_my_account] is not working anymore.
Previously, I had a page called account login where I had the shortcode [woocommerce_my_account]. In the settings I set the landing page to be the same page (account login). so, after an user logged in, it was redirected to the same page showing his/her details.
However, in the new hosting provider this is no longer working. After I put the login information and attempt to login it is taking me to wp-login.php page and ask me to enter my login details again.
The URL path that I see in the browser after attempting to login is similar to this <site_name_url>/wp-login.php?redirect_to=http://<site_name_url>/account-login/
Anybody has got to the bottom of this issue? Thank you.
Try adding this to your wp-config.php:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
Make sure you change http://example.com with your own domaine. You can also try to search and replace your domaine in the database if it has changed.
You can also try to clear browser cache and cookies. I had an issue like this before, launched a private navigation and it was working fine.
Try setting define(‘WP_DEBUG’, true);, you may see something going on.
Sometimes, php version makes a difference, try to set the same php version on you new host (google the name of your hosting provider + change php version).
When you move sites/restore databases you often need to save the permalinks again.
go to /wp-admin/options-permalink.php and click "save". This will setup your .htaccess file with the correct information for redirects.
Finally, after all of these days searching and trying different things, the answer for this issue in my case was not related with the Word Press installation itself but, with some software installed on the server called varnish, apparently used to cache the site and improve its performance.
After having a support chat with the hosting provider, they mentioned that varnish is breaking the woocommerce plugin.
At this point, I am not sure if varnish is not compatible with woocommerce or the settings applied on the server using this software make woocommerce not to work properly.
I have a wordpress site which is acting strange lately. It seems like the database is spontaneously rolling back a few hours from time to time. I have noticed it happen at least four times.
When I updated to wordpress 3.5, after a short time, maybe 30-60 minutes I noticed the nag to upgrade was back. I ran the upgrade a second time, even though I was certain that I had already upgraded.
I added a new category and changed a widget on one of my sidebars, only to find that my changes were gone the next day and I had to redo them.
I added a post yesterday, linked to it in various places and then returned several hours later to find the post missing. I rewrote the post from memory and put it back on the site.
This morning when I went to the site, the original post was back and the one that I had recreated from memory was gone. The post's id number was the same as the previous day. I think there was also a draft post that disappeared and reappeared as well.
One last clue which may or may not be related is that when I go to a page on the blog that should generate a 404 message I get a single piece of text which says: "defaced by t3ll0" I noticed this recently, within the last few weeks. I'm not sure how long it has been like that.
I ran Sucuri Scanner, and it found no evidence of malware. Any suggestions of how to troubleshoot this? Could this be a problem with my database rather than wordpress?
UPDATE: It appears that the primary problem I was noticing was because of two versions of the site being up simultaneously. The DNS settings had not been updated to the new site. I'm still investigating if the site was hacked.
You got hacked. "defaced by t3ll0" is the clue. Someone has control of your site and your hosting account.
Work your way through these resources and follow all instructions to completely clean your site or you may be hacked again. See FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress « WordPress Codex.
Change all passwords. Scan your own PC for spyware that may have grabbed your login and password.
http://sitecheck.sucuri.net/ is a good resource, but it scans for malware and not accounts that were hacked and are not being used to distribute malware or have spam links.
Tell your web host you got hacked; and consider changing to a more secure host: Recommended WordPress Web Hosting
You have not applied security may be at number of places.
1. File permissions, folder permissions.
2. Upload folder permissions.
3. Execute permissions.
Now, if you are not a developer how would you check for these vulnerabilities?
I am suggesting you to take a backup of your DB(Export it). Get rid of the existing WP core and reinstall it from fresh.
Delete all plugins and install them all from fresh sources.
If you have used a custom theme then get the backed up version of it and delete the current one as there is a deface to it.
And you can check for a lot of vulnerabilities with plugins like this: http://wordpress.org/extend/plugins/better-wp-security/
Rename your administrator account. Harden your password. Remove write permission from .htaccess and wp-config.php file.