I have a working version of Wordpress on my home Synology web server, and I can view the site and post comments etc without any problem.
However, I cannot update any plugins or themes and also can't add any new plugins or themes. I keep getting the error saying "Installation failed: could not copy file..." The name of the file it fails to copy changes each time.
I have verified that I do have FTP access and all my permissions across the files/folders seem to be precisely correct (664 for files, 775 for folders).
The only seemingly significant bread crumb I have found is this: Checking my FTP transfer log files, I see that there are files being added to the correct directories BUT then they are IMMEDIATELY being deleted from those same directories ('put' followed by 'delete'). So it seems like it is connecting to the web server, installing the files, and then immediately uninstalling everything!!
I sincerely appreciate any help!
Thanks,
Bryan
Related
I've got a site that has been hacked for the fourth time now this month. With scripts hosted on autofaucet.org. (sloppy code even, found their names. Some Russian dudes. But that's off topic) I've taken some measurements to prevent a new hack, but alas...
I've installed a clean WP installation on the server, with clean files and a clean DB.
reinstalled the plugins clean
I have All In One WP Security & Firewall plugin for file scanning, firewall, hide inlog page, etc.
Changed all the wordpress passwords.
I've notices the encoded code is being placed in files called assets.php.
I'm curious how a hacker would inject/place the code on the server. How to prevent it better and what questions to ask the webhost company. I've asked them before and they just say it's my fault, update the wp installation and move on. What should they check if the code is injected from their side?
Your log files (of the web server) e.g. /var/log/nginx/access.log with the nginx web server will tell you who it was. Look for the change date/time of the assets.php file. Then check server access logs for IP addresses from that exact time. Then search logs for that IP address. You will find the first accesses by that IP address. That was likely the hack.
Usually Wordpress plugins are to blame as long as you keep the WP site updated. So, you could disable plugins not needed urgently, and disable the others one by one, or all for testing.
As a workaround, you can make the index.php (or other) file under attack read-only. In the past I have worked around particular attacks by chown root.root filetobeattacked.php which usually works (but may hinder updates, so it's a temporary solution). If you are not root on the server (shared hosting) perhaps chmod 444 filetobeattacked.php could work.
I had same issue before. It might be the wordpress core files.
Delete all files except wp-content, then download and replace it with the new wordpress files.
Search for 'autofaucet.org' inside wp-content, and remove if necessary.
Open wp-contents/themes/ then check functions.php - check if any additional code is there on top. Check the last updated files and time inside the theme and plugins.
Export database files and searcg for 'autofaucet.org' and remove if any item found.
My hoster forced me to upgrade my Wordpress site because it was fairly old. I decided to upgrade to PHP 8.1. It caused issues with the website, so I figured I'd rebuild the whole website since it's a simple website. I deleted all the existing files and uploaded the 5.8.2 WordPress install files. Then I changed all the permissions to 0755. I created a fresh database for the install.
At first, the setup would appear. I would go through the install, but when I clicked install after entering all the database info, I got "There has been a critical error on this website." I recreated the .htaccess file to the default and tried again. Now I get this error just hitting the domain, no more setup screens. The site does redirect to the /wp-admin/setup-config.php file. I don't have a wp-config.php file in the directory, just the sample one. I tried creating a wp-config.php with the correct info, but same error. I also tried adding the debug options, increasing PHP memory, etc. Same error. I don't get any error logs.
Does anyone now how to get an error log or can help with ideas on how to create a fresh WordPress site? I did change the PHP versions to older ones, but that didn't work either.
You need to take a backup of your file ,then fallow the fallowing instruction.
Rename your plugin one by one and refresh the website.
this issue due to the unsupported plugin ,that is installed in your wordpress website.
1- Make a backup copy of the files and from the old database
2- After that, download these files on your PC
3- Install WordPress again
4- Replace the wp-content file with the old one
5- Clean the new database and import the old database through phpMyAdmin
I solved that problem installing an older version of Xampp, with previous version of php, MySQL and Apache. I give up version 8.1.1
XAMPP 7.4.27 / PHP 7.4.27
https://www.apachefriends.org/download.html
There was something wrong on the hosting side. The source of the issue was indeed that WordPress could not write to the config file. Even the hoster was unable to delete the files. We ended up deleting the entire root directory and starting from scratch. Now it's all good.
The lesson learned is that one of the sources of the "There has been a critical error on this website." error is that WordPress is unable to write/edit files. It's also why it could not write an error log. WordPress could have been more descriptive here.
I just recently started by creating a EC2 instance on AWS. I used the Amazon Linux package. I changed the PHP settings to include the ability to upload files larger than 200MB. Got phpinfo.php working. Installed phpMyAdmin. Everything looked good.
Next, I installed Wordpress. It worked great. Then I tried installing a theme. Worked great. Then I started installing some plugins for that theme. Something made the site crash. I tried a few things, but since I couldn't go to the sites Wordpress Admin panel, it seemed hopeless. So I decided to start from scratch. I deleted the html directory (including wp-content) and dropped all the wordpress tables. I moved a fresh copy of Wordpress into the html directory, reconfigured the config.php file, and it recreated the Wordpress tables in the database. Seems to work great. When I try to upload a theme, it says:
Connection Information
To perform the requested action, WordPress needs to access your web server. Please enter your FTP credentials to proceed. If you do not remember your credentials, you should contact your web host.
I noticed that wp-content didn't have a uploads directory, so I created one. That seemed to let me upload the theme, but it showed up as a media file. I moved it to the theme directory and that worked. But when I tried to upload a plugin, I got the same message as a above.
What happened when I deleted everything? Or rather, where was information stored that when I reinstalled Wordpress, it didn't create a uploads directory? I am fine with reinstalling Wordpress from scratch, but I don't want to reinstall the whole LAMP stack or redo the AWS instance. Any thoughts?
The issue is that your web server doesn't have the proper permissions to write to your content directory.
The WordPress Codex has some good info for proper file and directory permissions. Ideally, all files should have 644 permissions, and all directories should be 755 (no higher).
If you're still running into issues adding plugins and updating WordPress, you should heed the advice of the following (so that you don't have to enter FTP details into WordPress each time):
Any file that needs write access from WordPress should be writable by the web server. If your hosting set up requires it, that may mean those files need to be group-owned by the user account used by the web server process.
I have two wordpress websites on my dedicated server, and the htaccess files of both websites keeps changing to default one and become 444 chmod.
Even after i fix it and put chmod 444 of mine few days later it changes again on both websites.
Could you please help me make the htaccess files impossible to be overwritten or edited no matter what?
I will appreciate any help,
Thank you
I find my infected file in one of the themes of wordpress, so you have two ways
LogIn to wordpress and delete all the new themes that you are not using.
Go to you your admin page go to folder: wp-content/themes/sydney/404.php
open it and if you see the virus code like if it has +xml or Rewrite wordpress etc delete it.
go through all the themes folder 404.php pages.
change your wp login user name and password.
delete all the infected .htaccess files/remove the infected code and monitor your website the regularly and check ur .htaccess file to make sure you don't get attacked again.
I have resolved this by scanning my ubuntu server using clamAv through SSH.
Here is the command line I used:
clamav -ril /home/user/clamav.txt
The results revealed a backdoor script embedded in one of my old themes which wasn't even activated. I deleted that old theme entirely and rebooted my server then the problem is gone.
Don't waste your time with a WordPress plugin to scan for malware or
backdoor because that is unlikely to locate any virus. Install ClamAV
into your server then scan. If nothing is detected yet?! Install
another anti similar to ClamAV until you succeed to locate the threat.
I'm trying to install WordPress for local use with XAMPP. I started off by installing and unzipping both the XAMPP and WordPress folders. I placed the XAMPP folder in my C:/ drive and my WordPress folder within the "htdocs" folder. After that, I made a new "config" file for my local server based on the "config-sample" file.
Here's where things get tricky: when I try to use the "install.php" file, I am brought to a screen that asks for credentials. I give it some generic credentials and then I submit it in order to install WordPress. However, when I submit the form, the loaded page is completely blank and the URL appears as "localhost/wordpress/wp-admin/install.php?step=2".
When I go into the database, it shows me that WordPress created all of the necessary tables, but didn't create any log-in credentials for me. I was doing some research and there were a couple pages that mentioned the need for increased PHP RAM, but I'm unsure of how to increase the RAM for local use or if it's even a problem. If anyone had an error like this happen to them, I would really appreciate some feedback as to what could be causing this problem.
I had the same exact problem, with an almost blank screen on step-2 passage.
Adding in wp-config.php these lines solved everything:
define('WP_MEMORY_LIMIT', '128M');
set_time_limit(60);
I've installed Wordpress 4.0 from a zip file on XAMPP 1.8.3 on my Win7-32bit PC.
Setting up the DB and all, I got the same "blank screen" at the step 2.
So, I went in to phpMyAdmin, and edited the "wp_users" table on my entry. I modified the user_login and the user_password (using an MD5 converter). Saved the entry and got into the localhost url for wordpress. Got into the log in, and everything seems to be working without any issues.
As a note: I installed a fresh/clean install so there were no custom themes nor plugins.
Hope that helps.