Our drupal 7 site infected with this link :
https://click.clickanalytics208.com/s_code.js?cid=240&v=73a55f6de3dee2a751c3
Our google ads has been blocked by google due to this link.
We made:
All .js files immutable for same link;
Checked all code and database for same link.
But this didn't solve the issue.
Check your database it maybe infected;
Check contrib modules if you check customs;
Check media it may be infected too;
Try to disable all modules and go to standard theme (if it's production and you have opportunity put to maintenance mode).
Try to find not exactly this js, try to find executor of it.
This specific scripts are added within php files, many times hidden within core files. Also, requesting Google to delist your site might help if you got rid of malicious embedded scripts.
Ping me if you need further help.
Related
So I am trying to customize my already running website via custom code
for better user experience etc.
I see a lot of people developing for WordPress via the code editor
and I simply can't find any information on how I can access my website
via a code editor and customize it with customer HTML, CSS, and javascript (or react.js)
and of course, PHP if necessary.
Could anyone please help me where I can find that information?
I would be very grateful!
Not sure exactly what you are looking for, but I go to CPanel on my host and open File Manager. Scroll down to the public_html folder and the web site below that. Select a PHP file and click Edit. Beware, though, that updating the theme will wipe out any changes when taking this approach.
i have a website that was developed with wordpress
it was hacked ,I removed the malicious files that I've found on the server
and I got it back but when I search the website on google I found
strange links that I can't open them
photo
Remove url individually form google webmaster tools and it will take time remove it.
You should know that removing malicious files doesn't mean you cleaned up the site. There are many instances where a file will recreate all the malicious files again. Sometimes it can even be above the root of your website root folder. It's best to use a couple plugins to scan the whole site directory. And then check a couple days later if the malicious files return. (if this is the case you are best to actually just switch to a new server or reformat if you have the option as it will get quite expensive to pay someone to clean up your server)
First make sure you have completely cleaned up the hack. Then those pages in Google should get deindex as they won't exist anymore. It's probably not viable to remove every single hack page indexed in Google via webmaster tools as there could be 10s of thousands! (depending on the hack)
Below are a couple good scanners.
https://wordpress.org/plugins/quttera-web-malware-scanner
https://wordpress.org/plugins/sucuri-scanner
I would also recommend some plugins for enhanced security moving forward.
https://wordpress.org/plugins/ninjafirewall
https://wordpress.org/plugins/better-wp-security
https://wordpress.org/plugins/vulnerable-plugin-checker
I try to fix the website speed for that I visit gtmetrix to check the exact speed and errors from last seven days one error continuously display there its called web fonts, even I try a lot but still didn't find the proper way to resolve this issue.
I tried turning off plugin one-by-one, but that didn't make any difference, so I know it's not a plugin conflict. I'm looking at the font files on the server, so I know they are there. Any ideas what to try next?
Currently, i am using Fetch Wordpress Theme its free, for reference, I provide the web page test result link please advise.
This Issue Happen Because of the Usage Of Plugin Wp-Hide, Once You Use The Plugin Very Carefully Because If You Mis Configure The Page Speed & Web Page Score Effected.
I want to set up a system where a developer can work on a separate server on a wordpress website.
My question is: If in the meantime changes are made to the live site (like plugin updates, new plugins, new posts, new comments, etc), how is one able to import a new feature (e.g. a new page) from the development server on the live site while making sure that previous changes on the live site don't get deleted?
I am looking to understand how this all works. In a sense, I would like to have some kind of version control system.
Thanks in advance :)
You can version control your own code using git. Basically we would init a new git repo and commit changes onto this repository. This can lie separately outside of the core files. i.e you only need to include the wp-content directory and ignore all the other core wordpress files.
Here is a good article on how to do a really good versioning system for a website.
http://toroid.org/git-website-howto
The posts and pages (basically content) in a wordpress site however lies in the database.Any changes made there will be permanent.
The only option is to keep taking regular backups of the content. You can do this by using an automated backup tool.
If you really want to version control your database, here is an article that helps:
https://blog.codinghorror.com/get-your-database-under-version-control/
This one is a tricky one. You cant host a single website on two servers. Just imagine a website having 2 hosted urls..!! No way.. You can never do that.
You better create a new user and give access to him. Look carefully in the settings and be a admin. You will have a chance to approve or reject what the second user changes.
Hope this helps.
I want to move a drupal site to another domain and am looking for best practices, gotchas, hint, tips, etc to make sure I get through it smoothly.
Links and comments are appreciated.
You might want to give a try to the Backup And Migrate module.
There is also this handbook page that gives instructions on how to backup your drupal site.
It took me 1-2 hours. I do not have a step-by-step guide (I wish I had written everything down), but it entails updating the configuration files, updating the database (some tables have domain references, but I don't recall which - it could be that this was just for my image references in the Gallery2 database), and doing a cursory search of the content for full domain references in anchor links.
I migrated a Drupal 6 site with about 40 plug-ins, including Gallery2 and Google Maps integration, and I did not run into any major road blocks.
If you (and the authors of the contrib modules you used) did a good job by not putting absolute URL's in the code, it should be dead easy (I do it routinely when migrating the development site to a live production one, for its launch).
Of course I assume that you are doing things sensibly, and for example are not migrating a site from an apache/mySQL server to a nginx/postgres one, maybe also adding the need to prefix your DB tables in the process.
If this is the case, then you simply have to copy your entire file tree and export/reimport your DB.
If you are migrating between two similar architectures then chances are you will only have to change a few things in the settings.php file. The file is well documented. The only two things that I normally have to change are:
DB user/pass
cookies domain
In the file there are also additional configuration options like the possibility to choose the base URL manually in case of problems.
Don't forget to flush the cache once you log in the new migrated site for the first time.
EDIT: Just came to my mind: if you use any, you will also have to update your developer keys to third party API's (for example if you use google maps or google analytics) as these are domain specific.
HTH!
Basically, what mac said (+1)
In addition, I often need to adjust the .htaccess files a bit concerning the rewrite rules. For smaller sites on shared hosting environments, I usually place the drupal installations in subfolders within the document root (e.g. to allow for staging, etc.), 'hiding' the subfolder via URL rewriting. So for every 'move' of a site, I need to fix those rules.
The biggest culprit for me are sites that use modules that have to store absolute URLs in order to do their job (e.g. securepages). For those you should disable them prior to moving the site, adjusting their settings before reenabling.
If you are not sure if some of the modules you use store absolute URLs, it might pay of to extract your database dump locally and search the resulting file for occurrences of 'http://', 'https://' and the likes, as well as for your 'old' domain name (you'll need to exclude the watchdog and cache tables for this).