Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 2 years ago.
Improve this question
I upload my website backup on my hosting, website database setup successfully but i am getting this error...This page isn’t working www.example.com is currently unable to handle this request. HTTP ERROR 500 .
I am not understanding what is the issue, if i Upload fresh wordpress then it's working fine. Please let me know the solution for this.
`
Internal server errors (error 500) are often caused by plugin or theme function conflicts, so if you have access to your Dashboard, try deactivating all plugins. If you don’t have access to your admin panel, try manually resetting your plugins (no Dashboard access required). If that resolves the issue, reactivate each one individually until you find the cause.
If that does not resolve the issue, try switching to the Twenty Seventeen theme to rule-out a theme-specific issue. If you don’t have access to your Dashboard, access your server via SFTP or FTP, or a file manager in your hosting account’s control panel, navigate to /wp-content/themes/ and rename the directory of your currently active theme. This will force the default theme to activate and hopefully rule-out a theme-specific issue.
If that does not resolve the issue, it’s possible that a .htaccess rule could be the source of the problem. To check for this, access your server via SFTP or FTP, or a file manager in your hosting account’s control panel, and rename the .htaccess file. If you can’t find a .htaccess file, make sure that you have set your SFTP or FTP client to view invisible files.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I have tried to install some plugins on WordPress and when I try to download them the message “Installation failed: There has been a critical error on your website. Please check your site admin email inbox for instructions.Learn more about debugging in WordPress. ” keeps displaying. Any ideas on how I can fix this.
note : now i use mamp program on 7.2.14 php version because when i try to use 7.3.7 version the apache server not working.
My site now works however I can’t install any plugins or themes .
Please check your plugins folder in the wp-content directory. Make sure it exists there with proper naming convention.
An easy method to resolve the issue is by deleting the plugins folder.
Access your cPanel File Manager
Go to the root directory of your site and then /wp-content/.
Delete the plugins folder.
Go to your Admin Dashboard.
Go to plugins and try to install the plugin you want to download.
The error should resolve now. If you have any more queries related to this issue or the above method doesn't work for you, then let me know.
If you are not familiar with SSH, open your cPanel >> cPanel file manager then your WordPress installation directory then open the error_log file, which will give you more information about the error. If you see the error related to the plugin then rename the plugin name (e.g plugin_back). it’s much easier to rename the plugin name. Visit the site and log-in. If the issue still persists then edit your wp-config.php from WordPress’s root folder then turn on debug mode so you can find more details about the issues you are facing. Check the snapshot for enabling the debug mode.
https://prnt.sc/qvuy9q
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 1 year ago.
Improve this question
I have a WordPress website running, but recently my website has been hacked. It is not even possible to enter my website: if I browse to my website it is redirected to some other website.
I have try to clean up the code and checked for any script inject but I couldn't locate the malicius script. How can I overcome this?
I have tried to remove the unwanted Plugin
I have tried to update all the plugins.
I have tried to clean up all the files like functions.php,
header.php, footer.php but there is no use of it and I couldn't
locate the injected scripts.
You can scan the web-site on the local machine using software ai-bolit https://revisium.com/aibo/
create backup web-site
Download on local machine
unpack archive in folder ai-bolit
Notice: Do not unpack the archive into a directory with space character. For example,
C:\Documents and Settings\Michael\Downloads\aibolit-for-windows-en\ - will not work
C:\aibolit\ai-bolit-for-windows-en\ or d:\mysites\aibolit-for-windows\ - will work
For security website scan on your own
Unpack the backup archive of your website or place files which you want to check into the "site" folder
Run start.bat (for common check) or start_paranoid.bat (for "paranoid" check) to scan website files for viruses and hacker's scripts
Scanner will create AI-BOLIT-REPORT.html file upon completion
For malware analysis or website infection analysis by security experts ("paranoid" mode + quarantine file)
1. Unpack the backup archive of your site or place files which you want to check into the "site" folder
2. Run scan_and_quarantine.bat
3. AI-QUARANTINE-XXXXX.zip file and report AI-BOLIT-REPORT will be created upon completion (XXXXX is replaced by date and time numbers)
4. Send the file AI-QUARANTINE-XXXXX.zip to ai#revisium.com with the subject "Check the Report" for free malware analysis.
The archive will contain everything experts need for analysis.
First of all, install a wordpress security plugin ex. Wordfence. It will help you locate the malicious file in your public_html foolder and also lets you know if any of your file was modified.
Secondly, check your domain settings in your host. You can check to verify whether your domain is being redirected to other site.
Check and do the below list.
check the file edition date inside file manager or FTP.
check .htaccess
check wp-config.php
check the content text inside posts and pages.
check inside uploads folder.
Add Wordfence plugin
Add Anti-malware security plugin
I faced a similar issue.
When accessing the website directly from the browser, it's working well and no redirect happens but when opening the website from Google search results, it redirects to another malicious website only the first time the URL opened. In the second time, no redirect happened.
After some digging, there was a plugin installed and hidden (not being displayed in plugins list) called zend-fonts-wp.
Using Freesoul Deactivate Plugins I disabled this plugin from being loaded and delete it permanently from plugins folder. I also deleted two database tables injected by this plugin called wp_wusers_inputs and wp_wzen_time_table.
Attackers use several ways to redirect the user
Redirect users through malicious codes which they inject into the
website
Attackers might also execute .php codes
Attackers can add themselves to your website as ghost admins
By inserting codes in .htaccess/wp-config.php files
By inserting JavaScript in WP plugin files
Check these files for the following malicious codes:
Index.php
Index.html
-.htaccess file
Theme files
Footer.php
Header.php
Functions.php
Helpful resources - https://www.getastra.com/blog/911/wordpress-hacked-redirect-wordpress-website-redirecting-to-malicious-pages/
https://www.getastra.com/blog/911/wordpress-files-hacked-wp-config-php-hack/
I had faced the same problem got the solution worked fine with 3 simple steps.
step 1. backup/zip all your files and folder of wordpress site
step 2. donwload and extract fresh wordpress (do not install)
step 3. replace wp-config.php and wp-content folder from the backup or was created in step 1.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 11 months ago.
Improve this question
My site worked fine just a few hours ago. And I have not touched it since then. However, as of now, every single page except for the homepage is showing the following message:
404 Not Found
The resource requested could not be found on this server! Powered By
LiteSpeed Web Server LiteSpeed Technologies is not responsible for
administration and contents of this web site!
The homepage seems to work fine. I can't see any changes and I also scanned it with http://sitecheck3.sucuri.net/ and it returned nothing. I do however, have a plugin called Better WP Security installed and it says that there have been some "Bad login attempts" just before that and that all my WP core files has been modified.
I am not sure what to do now as I don't know how to confirm whether I have been hacked or not.
Could it be my host's fault? Found a thread in a forum with a similar issue:
http://www.ukbusinessforums.co.uk/threads/404-not-found-the-resource-requested-could-not-be-found-on-this-server.291094/
I solved this problem by another simple way...
On a Dashboard - go to Settings, then Permalinks and click Save Changes.
It works perfectly for me.
It sounds like your .htaccess file has been nuked somehow. A plugin attempting to edit it might have corrupted it (I've seen it before). In any case, download a fresh copy of WordPress and re-upload the .htaccess file into the home directory. Alternatively, you can change your permalinks settings to have it generated automatically.
If your site got hacked, typically you will see some hidden divs and malicious script tags injected into your page and/or within your database. If this happens, you need to restore your most recent backup of your files and database. The files on the server should all be considered compromised and a known clean copy must be used.
I had the same problem and saving the permalinks configuration solved for me. As stated here, it happens because there is no .htacess file or that file is corrupted, but I would like to add an observation, at least in my case I didn't have a htacess file because I took a backup from another server and forgot to enable the option to show hidden dot files, thus ending up not including the htacess file in the backup package.
Check the permission given to .htaccess file it must be 755 7=rwx 5=r-x 5=r-x
Permission Action chmod option
======================================
read (view) r or 4
write (edit) w or 2
execute (execute) x or 1
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I'm finding out that developing my Wordpress child theme and website on my Bitnami local server was a HUGE mistake.
There's apparently no easy way to move it to a live 3rd-party host online.
I've exported the bitnami_wordpress database (careful to select all the tables), then imported it into a new database on my hosting account.
I've installed wordpress, and then replaced the wp-content folder with my own.
I've adjusted the wp-config file.
Still, I lose all my pages. I lose all my media library. My widgets are no longer populated. And weirdly enough only SOME of my CSS seems to work.
And judging from the disparate and spotty "solutions" that I've found on the web, the only real solution seems to be (you guessed it): use Bitnami cloud hosting. However, I'm already a Bluehost customer.
I've even tried 3 plugins so far, and none worked. After all the work I've put into developing the child theme and populating it, this is a real nightmare.
Can anyone tell me what I'm doing wrong? (In simple terms - I don't know php...) I'm completely lost at this point.
I had a similar problem. To get my particular site working, I added the following code to my configuration file:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
After adding the lines, my CSS and uploaded images came back.
Don't forget to replace example.com with your site's domain name.
I found that code at: http://codex.wordpress.org/Changing_The_Site_URL.
Actual user results may vary.
Move all files with wp-admin, wp-content, wp-includes into your host.
Delete wp-config.php file.
Go to site URL EX: example.com and go through typical installation procedure.
Go to your database in your host and delete those 11 tables which have made.
Now you should export the local database and you should open it in any text editor and search and replace your local URL with new one.
Ex: localhost with example.com, then import it to your database of real server.
Now It should work.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I am currently managing several of my own sites. Their htaccess files are repeatedly being overwritten to redirect users coming from google searches etc to russian spam sites. I have changed all my passwords, tried every conceivable combination of permissions and contacted my hosting supported and still have no solution. The only way to remove it is to manually rewrite the htaccess to its normal state, which I do, but the malicious conditions are just put in again.
My questions:
Is there any foolproof way to prevent this? I know that the thumb.php used in wordpress had a bug to allow people to do this, but my install of wordpress has no theme or plugin with thumb.php in any form.
In case there is no solution, is there anyway I could write a small php script to overwrite the htaccess file with the non infected version every 5-6 minutes to minimize the chances of it affecting my users?
Thanks
UPDATE: It happened again. This time, I cross checked the time at which the new htaccess file was created with the access logs and found one ip that matched closely. According to 2 online IP tracking tools, the IP is situated in Weehawken, New Jersey, USA. The IP was accessing some of my really old PHP files. As they were no longer in major use, I deleted all of them. Waiting to see if it still continues, and looking at how they accessed the files in the first place to replace them.
If you've been hacked, you most certainly have a backdoor installed - reinstall all wordpress installations from scratch after changing your password and you should be fine. As for the attacks, I'd recommend to set the htaccess-files to readonly for the time being and set up a monitoring system to alert you on redirects.
If the breaches continue, install a traffic sniffer or check the access logs. I do not mean to be rude, but if you do not know how to handle a security breach, you might be better off letting someone else secure your system for you, before someone puts some really nasty stuff on your servers.
Is there any foolproof way to prevent this? I know that the thumb.php used in wordpress had a bug to allow people to do this, but my install of wordpress has no theme or plugin with thumb.php in any form.
It depends on how they are doing this. You may want to check that nothing else, especially a remote php filemanager, has been uploaded and whether it's being accessed whenever .htaccess is being rewritten. You can probably find that in your webserver logs. Look for php files that are being accessed (perhaps by a Russian IP?) that don't look like they belong to wordpress or whatever other web application you have set up. The filename could be wsh.php or some other benign name like image.php. There could be more than one scattered amongst your document root.
Also make sure that your directory permissions aren't writable by any user. This would allow another user on your hosted machine (if you are using shared hosting) to simply copy files into your directories.
In case there is no solution, is there anyway I could write a small php script to overwrite the htaccess file with the non infected version every 5-6 minutes to minimize the chances of it affecting my users?
If they're diligent enough, they can just delete this script. Or write a script themselves to upload the bad .htaccess every 5 or 6 minutes. You need to find out how they're rewriting your .htaccess file, and how they managed to do this in the first place and prevent it from happening again.