I get an alert from wordfence that one of the Wordpress core files has changed. Its about wp-login.php
Some lines about cookies were #commented since the 23th. See image.
I asked my hoster about it if they did it, because i have a running support ticket about woocommerce,varnish and cookies with them.
But they say they don't know.
Now i'm wondering are there plugins that edit core files? and what is the #commented code about?
So that i have a better understanding where i'm standing in this situation. I dont think i'm hacked. But any advice would be helpful.
compared files wordfence screenshot
Related
I have seen lots of critical errors on my WordPress website. I attached a screenshot below that shows some of these issues. Please look at this and provide some suggestions so that I can fix this problem.
Thank you so much.
Depends how badly broken your site has become.
What is it doing to make you think it's been hacked? Is it just the warnings in the Wordfence scan report?
Before going much further you should for sure grab a backup of your database, wp-config.php, and the contents of the directories wp-content/themes, wp-content/uploads, and wp-content/plugins. Might be a good idea to make a separate backup of the entire WordPress installation directory.
Since you can still access the administration panel, might as well change your password just to be safe. Are there multiple users for your WP installation?
What changes have been made if you click "Details" button in the Wordfence scan?
If you're sure changes to the wp-core files are due to a hack, you can try to repair them using Wordfence's repair feature--it'll restore them to their base WordPress version. But if significant differences are showing for dozens of core files, might be a good idea start over with a clean installation of WordPress.
You'll also want to track down what allowed these malicious changes to be made (has an unknown IP logged into your administration panel recently? Are you using a plugin with a known security issue?), or it'll just happen again.
All I know is there is a script causing a dump on wp-login.php. I had the host do a restore, I changed the password, I disabled all plugins but it still keeps on dumping and now all my space is full. I can delete the core files but that fills up quickly. If there is anyone here willing to help me in exchange for some work, I'm open.
As for the malware scan, nothing comes up, I've tried, wordfence and a few others as well as have InMotion due to a scan.
There's still potential that malware could linger in other places.
Thanks
I would recommend getting a fresh copy of the Core and fresh copies of all plugins, then check each plugins support forums for vulnerabilities, that may point towards a culprit. Also check your theme support for the same.
Essentially replace everything but .htaccess, wp-config and any custom theme code.
I’m using the latest version of Wordpress (4.7.4).
I have something very weird going on in my Dashboard. Not sure when this started.
Can’t say for sure it started with the latest version of Wordpress or not.
My Dashboard became completely useless.
It’s like it’s showing me a flashback of a Dashboard from a few days or hours ago:
Comments I’ve deleted in the Dashboard (hitting “trash”) are suddenly back there, awaiting my moderation.
Plugins I’ve deactivated or even deleted are all back there and according to Dashboard still running (while in my FTP folder they’re certainly gone).
The plugin page cannot be trusted anymore as it shows some plugins are activated that aren’t and vice versa. I have to check on my actual website to confirm which ones are running.
Updates aren’t shown correctly. Once I’ve updated a plugin, a few minutes later it shows me again that there’s a new update.
As you can tell it’s all pretty much the same phenomenon.
It’s as if I’m seeing an older version of my Dashboard.
Not sure what else is broken.
The only other thing I noticed is that even on my actual blog I still see a comment. Blog post says “1 comment”, but the actual comment doesn’t show up.
At first, this all sounds like a “cache problem”.
But I’ve already turned off all caching:
No caching plugin installed
Turned off server caching via htaccess
Disabled leverage browser caching
Emptied my own browser cache
Other things I tested:
Turn off all plugins.
Switch to the standard Wordpress theme “Twenty Twelve”
I tried WP_DEBUG, but nothing related shows up.
I researched the internet, but nobody has described a similar problem, so I suppose this is not a common Wordpress issue.
The issue remains.
Unfortunately I’m not a developer and don’t know too much about the Wordpress codex etc.
But to me it sounds that the mistake is definitely not in the plugin or theme folder.
The problem is that I’ve reached the point where I really cannot turn off plugins via Dashboard properly anymore. It’s so annyoing!
My questions are:
Is it safe to assume that this is related to the Wordpress core
files?
What files exactly are in “charge of” the Dashboard?
Should I just try to re-download the newest Wordpress version and replace a few files (if so which ones)?
Should I do a clean Wordpress re-install or would that be too drastic?
Any other suggestions?
EDIT:
Additionally I tried now:
I manually downloaded the newest version of Wordpress and did just as
described on the Wordpress.org website. I manually replaced wp-admin,
wp-include folders and all root files. The issue remains...
The way my Dashboard is right now, I really can’t use it.
Please advice!
I contacted my host service again.
They just gave me the same line to insert into my .htaccess file and I told them I already tried it and it didn't work.
I then showed them my .htaccess file and they deleted the whole part that concerned their server caching.
Now server caching is completely off and everything works again.
Still not sure why this previously never caused issues.
In the end, it had nothing to do with Wordpress.
I hope this answer will help people who run into similar problems.
My Wordpress is extremely slow due to a request I have. I tried removing some plugins but no luck. I am using WP-rocket for caching.
Here is my analysis on pingdom where it says a request with xxxx/?version=4.7.3 is slowing down everything
How can I resolve this?
Many thanks
Turn off all caching while you are testing. Disable all plugins and see if is still there. If it is still there, it might be from the theme. Switch to another theme and test again. If it was gone after deactivating all plugins, turn them on one by one and test again to see which one adds it.
Another thing to do is to download your whole folder of your site on your computer and then using a free grep program to search for the domain name dentiste-urgence.ca and see if it is mentioned in any files.
This might also be caused by malware. Install the free security plugin WordFence and scan your site for malware.
Hi the website of a friend was hacked.
Many files have gotten code injections. His programmer deleted all these.
Now the situation is, that the site (wordpress with shop plugin) is still running realy slow sometimes. Sometimes it goes fast.
Now after searching the web for: "troubleshooting code injections", "find code injections" and stuff like that, I have no idea to troubleshoot the problem, because his programmer has no local backup and changed all files so I cant look for recently changed files at all.
What would be the way of choice to get the problem?
Possible Solution or Suggestions:
Use these very famous virus scanning and detecting website
By using above site you will come to know if virus still exist or not.
Suggestions:
As you said you are using wordpress so it will be very easy to detect virus.how?
Use following security plugins for scanning core files.
All In One WP Security & Firewall
wordfence
Lastly
To hacker's or malware lives in follow important files of wordpress
Check all theme files specially
header.php
footer.php
index.php ( mostly infected )
also do a upgrade of wordpress so it will make sure that core files are not modified.
thanks
hope it helps