If any user modifies the url on browser then on my local server, it gets redirected to original post but on staging server, no such thing happens. Although full setup is same despite only wp-engine. Does wpengine has anything to do with wordpress default redirection? WPEngine exists on staging server, not on local.
For example
URL : /how-to/format
User inserts a string like /how-to/fgdfg/format
On my local server which is xampp setup, the url gets changed to /how-to/format but on staging server, it remains the same i.e. /how-to/fgdfg/format but shows the same post.
Can anybody help me on the same?
It sounds like you want to disable WP's built-in feature of trying to find the page it thinks you're looking for.
Use extreme caution with this as it can have adverse impact.
This answer should help you get started: https://wordpress.stackexchange.com/questions/92103/disable-wordpress-url-auto-complete
Related
I have a website that is running on an AWS server using the Bitnami Nginx and WordPress image.
https://www.athleticclubhk.com/
Recently it got all our ads on Google stopped due to malicious content. Oddly this time, its trickier then your standard malware of infected files. When visiting the site incognito, the first and only the first link click gets redirected using the following code:
window.location.replace("https://cartoonmines.com/scount");window.location.href = "https://cartoonmines.com/scount";
This is being injected on any link, however, upon investigating the loaded code on inspect its not injecting it into the page.
I've tried to hunt down the theme, plugins, core files and found nothing!
I replaced and reinstalled WordPress core files, deactivated all plugins and even swapped the theme - the problem is still there. I can't find any hidden .htaccess file in the entire root directory.
I even used GREP to try to look for anything fishy (any clues here that someone can help with?) nothing so far.
The site is still impacted with this so you can easily load the link ~ i do use malwarebytes to keep myself protected, incase you are opening this directly.
Can anyone help?
The redirection code is implanted to /wp-includes/js/wp-emoji-release.min.js.
How to confirm:
watch the cookies when clicking internal page, a new cookie is being set for tracking first clicks, named ht_rr
save complete webpage locally and try to load it, and check in Chrome dev tools, you'll see that in Console tab it complains about this Javascript file attempting to set the aforementioned cookie
While a temporary resolution of deleting the file will fix things for some time...
There's no excuse for not setting up a proper server stack. Bitnami or other "great stacks" won't cut it security-wise. They exist for "fast", but no "quality" setup, and of course, it's never going to be secure.
The file got created somehow / had write privileges. This indicates a problem with the setup most of the time. Unless you're using some nulled plugins or plugins from bad sources.
Once again, since the website was essentially "pwned", deleting the Javascript file does not mean complete disinfection. To preserve things in a secure state, I would recommend setting things on a clean server environment with strict PHP-FPM permissions aka "lockdown" chmod, and look for write errors to look for infected PHP files.
Check out some guides on the matter of secure NGINX/PHP-FPM setup:
NGINX and PHP-FPM. What my permissions should be?
Best practice secure NGINX configuration for WordPress
NGINX Security Headers, the right way
Just had the same problem and it was Zend Font Plugin, the same that some people mentioned before.
Installed Wordfence and this came out. Deleted the plugin and now the site is working perfectly.
Disable plugins and check again.
Change the database username and password.
Ask the hosting manager to check the host.
I've got a copy of our wordpress instance running inside a Docker container.
Our live instance works well but inside the docker container, I do get a redirect-loop as soon as I try to get access to wp-admin.
I've disabled all plugins, I've cleared my cache and so on but nothing worked so far.
OS is debian, similar to our live system. When I get the redirect-loop, there's no information written in my apache error.log-file.
Oh and this instance is accessible by using a subdomain. I had to rewrite all "www.domain.com" to "sub.domain.com".
If I can provide you with any informations to solve my problem just ask. I have absolutely no idea where to start.
Paddaels
Seems like you missed some records in the database. The best approach is to use a tool like https://interconnectit.com/products/search-and-replace-for-wordpress-databases/
If you download this free tool and upload to your server then it does a batch find-and-replace across every single table in your Wordpress database.
So, for example, replace http://www.example.com with http://sub.example.com
You can do a dry run and it will show you all the replaces that it will make. Once you're happy then click the "live run" button and all the changes are made.
I use this tool all the time when I am moving a site from my local machine to the live server. I also use the exact same approach when migrating a site from http to https
I recently moved my site built in Word Press to another hosting provider and I found the shortcode [woocommerce_my_account] is not working anymore.
Previously, I had a page called account login where I had the shortcode [woocommerce_my_account]. In the settings I set the landing page to be the same page (account login). so, after an user logged in, it was redirected to the same page showing his/her details.
However, in the new hosting provider this is no longer working. After I put the login information and attempt to login it is taking me to wp-login.php page and ask me to enter my login details again.
The URL path that I see in the browser after attempting to login is similar to this <site_name_url>/wp-login.php?redirect_to=http://<site_name_url>/account-login/
Anybody has got to the bottom of this issue? Thank you.
Try adding this to your wp-config.php:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
Make sure you change http://example.com with your own domaine. You can also try to search and replace your domaine in the database if it has changed.
You can also try to clear browser cache and cookies. I had an issue like this before, launched a private navigation and it was working fine.
Try setting define(‘WP_DEBUG’, true);, you may see something going on.
Sometimes, php version makes a difference, try to set the same php version on you new host (google the name of your hosting provider + change php version).
When you move sites/restore databases you often need to save the permalinks again.
go to /wp-admin/options-permalink.php and click "save". This will setup your .htaccess file with the correct information for redirects.
Finally, after all of these days searching and trying different things, the answer for this issue in my case was not related with the Word Press installation itself but, with some software installed on the server called varnish, apparently used to cache the site and improve its performance.
After having a support chat with the hosting provider, they mentioned that varnish is breaking the woocommerce plugin.
At this point, I am not sure if varnish is not compatible with woocommerce or the settings applied on the server using this software make woocommerce not to work properly.
I've made a local version of my companies live website. My problem is that none of the links work and I can't sign into the admin control panel. I think it has something to do with clean-urls module. Any Ideas? The error I'm getting is url request was not found on this server.
If you made a full copy including the database, you must clear all caches, e.g. directly in the database, or using the Devel-Module. If no other settings have changed in the .htaccess, and there is no fixed url given in the settings.php (the $base_url), it should work.
It seems that using the define('RELOCATE') command is a convenient tool to perform site development using a local database and webserver, then to upload into production. Otherwise, its necessary to perform SQL REPLACE commands to update all the URLs in the posts, media and other content.
The Wordpress codex specifically states that it must be removed, but occasionally after removing, the links revert back to the dev server. Is there a reason for removal? it doesn't seem that security should be the issue, perhaps performance?
Thanks,
Jonathan
The reason you remove it is because define('RELOCATE',true); will point every visitor of your site to the admin login.
If you are still getting re-directed to the dev server then you need to re-configure your database.