how can i remove weird links from my website - wordpress

i have a website that was developed with wordpress
it was hacked ,I removed the malicious files that I've found on the server
and I got it back but when I search the website on google I found
strange links that I can't open them
photo

Remove url individually form google webmaster tools and it will take time remove it.

You should know that removing malicious files doesn't mean you cleaned up the site. There are many instances where a file will recreate all the malicious files again. Sometimes it can even be above the root of your website root folder. It's best to use a couple plugins to scan the whole site directory. And then check a couple days later if the malicious files return. (if this is the case you are best to actually just switch to a new server or reformat if you have the option as it will get quite expensive to pay someone to clean up your server)
First make sure you have completely cleaned up the hack. Then those pages in Google should get deindex as they won't exist anymore. It's probably not viable to remove every single hack page indexed in Google via webmaster tools as there could be 10s of thousands! (depending on the hack)
Below are a couple good scanners.
https://wordpress.org/plugins/quttera-web-malware-scanner
https://wordpress.org/plugins/sucuri-scanner
I would also recommend some plugins for enhanced security moving forward.
https://wordpress.org/plugins/ninjafirewall
https://wordpress.org/plugins/better-wp-security
https://wordpress.org/plugins/vulnerable-plugin-checker

Related

I have a backup of the Wordpress folder but not the SQL database, is it possible for me to recover the website for local use?

I have a backup of the entire Wordpress folder of one of my old websites but, unfortunately, I forgot to also make a backup of the database for it. It's been years since the website expired so there's no way I can get the SQL file that way, and both Wayback Machine and Google don't seem to have any caches left of it (a tutorial I saw mentioned trying that way).
Is it still possible for me to get the website working for local use?
Yes and no, depending on what you are willing to do.
Is it still possible for me to get the website working for local use? No
If you have no database you will not have access to the Posts, Pages, Users, Options and all of the meta.
Is it still possible for me to get the website working for local use? Yes
If you create all of the database entries again to your satisfaction. You will still have all of the images you can re-upload to recreate the database entries for images. Then just re-create all of the pages and users as needed. Plugins may need to be disabled/reactivated/reinstalled and configured as well as your theme settings.
Try https://web.archive.org/ , you might be in luck there. Without sqldump its not much to do. If you had a cache plugin active, check if you have any snapshots.

Malware on Wordpress Site

I am working on a Wordpress website hosted on Godaddy and struggling with a Malware issue.
Every now and then the webpages start displaying thousands of random links on top of the pages.
When I searched for the texts in the content files, the only place I could find them was in comet cache.
If I delete the cache files, the links go away but again come back after few days.
Can anyone please suggest how can I prevent such a scenario and what all steps I can take to secure my website from such vulnerabilties.
Many thanks in advance.
There's a number of things that could be causing it. Check all of the following to help remove security holes:
Are you running the latest version of WordPress? If not, there could be a known vulnerability that is being exploited.
Are all your plugins up to date? For the same reason as above - a poorly written WordPress plugin can open up security holes.
Do the WordPress files and folders have the correct CHMOD permissions on the server? If not, you're asking for trouble.
I'd recommend any/all of the following as further reading:
http://www.wpbeginner.com/wordpress-security/
https://codex.wordpress.org/Hardening_WordPress
If you don't want to do this work on your own, and you're working with GoDaddy, they offer (and now own) Sucuri which is a security service that will scan and clean your site. You can do this one-time, or pay for a monthly service that will continuously protect and restore your site.

Changes to CSS on WP site not being recognized

So to start off, I'll say that I've disabled the CDN (AWS CloudFront), and all plugins, have deleted my cache and I'm still having problems with this.
I'm making a few changes to a rather "messy" WP site that I didn't build. Anytime I make changes to the CSS, they're not being recognized. If, using firebug, I look at what css file is being used for an element, instead of the regular style.css, I'm seeing a long string that includes a bunch of the enabled plugins and ends with pagespeed.cf.(long-string).css
After doing entering the string into a google search, I get a bunch of hits related to Google PageSpeed Insights, but I'm not sure how the site is interacting with that or causing the block to the original .css file.
Has anyone come across this before and if so, might you be able to explain to me what's going on and how I can go about bypassing this?
As always, thanks in advance for any answers or advice!

Where did utils.php come from, TinyMCE hack

Last Wednesday a variety of the WordPress sites I manage got hacked, they were infected with a Viagra link (malware is so original).
I noticed in the wp-includes directory a file called utils.php (wp-includes/js/tinymce/utils/utils.php), also an addition to my general-template.php for the get_footer function.
This hack seems to only affect Google search results for sites, not the site when directly viewed by entering the URL, i.e your cached site will show a malware infested mess and lose ranking, meanwhile you will wonder why due to the site looking fine when viewed.
My host (TSO Host) have cleaned up the sites, didn't even need to ask, but I have no idea how the infection got there in the first place.
So my question is, does anyone know how the breach happens and what I can do to prevent it, other than the usual security tips?
This happened to a site that I spent weeks cleaning up. I can give you a few pointers:
Go through the Wordpress core files (under wp-admin and wp-includes) and delete all files that you don't see in the default wordpress instillation. I've never seen a plugin create a file in one of those 2 directories. After this, it'd be a good idea to re-install Wordpress, just in case they changed any of the existing files.
After that, change your Wordpress/FTP/SSH passwords as they've likly been cracked. Install WP Better Security. It seems a little annoying at first, but you can monitor everything with it, change the login slug, remove version info hackers can use to find security holes, black-list known hackers, and so much more.
Finally, this last one will take some time. Google your theme and each one of your plugins, and see if Wordpress has stopped using them because they were a security vulnerability. You'd be surprised at how many plugins haves holes. Try to avoid really new plugins, and try to use the same plugin for as many different sites as you can. If you're hosting more than one site on the same server and one of the sites gets hacked, they're all hacked.
It sounds like a pain, and it is a little bit, but after you're done you'll feel so much better knowing that you're in control of everything. Trust me.

Hints and advice when moving a drupal site to another domain?

I want to move a drupal site to another domain and am looking for best practices, gotchas, hint, tips, etc to make sure I get through it smoothly.
Links and comments are appreciated.
You might want to give a try to the Backup And Migrate module.
There is also this handbook page that gives instructions on how to backup your drupal site.
It took me 1-2 hours. I do not have a step-by-step guide (I wish I had written everything down), but it entails updating the configuration files, updating the database (some tables have domain references, but I don't recall which - it could be that this was just for my image references in the Gallery2 database), and doing a cursory search of the content for full domain references in anchor links.
I migrated a Drupal 6 site with about 40 plug-ins, including Gallery2 and Google Maps integration, and I did not run into any major road blocks.
If you (and the authors of the contrib modules you used) did a good job by not putting absolute URL's in the code, it should be dead easy (I do it routinely when migrating the development site to a live production one, for its launch).
Of course I assume that you are doing things sensibly, and for example are not migrating a site from an apache/mySQL server to a nginx/postgres one, maybe also adding the need to prefix your DB tables in the process.
If this is the case, then you simply have to copy your entire file tree and export/reimport your DB.
If you are migrating between two similar architectures then chances are you will only have to change a few things in the settings.php file. The file is well documented. The only two things that I normally have to change are:
DB user/pass
cookies domain
In the file there are also additional configuration options like the possibility to choose the base URL manually in case of problems.
Don't forget to flush the cache once you log in the new migrated site for the first time.
EDIT: Just came to my mind: if you use any, you will also have to update your developer keys to third party API's (for example if you use google maps or google analytics) as these are domain specific.
HTH!
Basically, what mac said (+1)
In addition, I often need to adjust the .htaccess files a bit concerning the rewrite rules. For smaller sites on shared hosting environments, I usually place the drupal installations in subfolders within the document root (e.g. to allow for staging, etc.), 'hiding' the subfolder via URL rewriting. So for every 'move' of a site, I need to fix those rules.
The biggest culprit for me are sites that use modules that have to store absolute URLs in order to do their job (e.g. securepages). For those you should disable them prior to moving the site, adjusting their settings before reenabling.
If you are not sure if some of the modules you use store absolute URLs, it might pay of to extract your database dump locally and search the resulting file for occurrences of 'http://', 'https://' and the likes, as well as for your 'old' domain name (you'll need to exclude the watchdog and cache tables for this).

Resources