I've enabled the wp-network site function, put the rule in wp-config.php and also modified the .htaccess file and enabled the subdomains. The subdomains working fine but the plugins tab from wp-admin panel is not showing up. I can activate or deactive the plugins due to this and also subdomain sites dashboards not showing.
First, inspect elements in dashboard and see if there is any problems in the console, and try to solve it if exists.
Second, Log out, clear your browser cache and cookies, restart your browser and take another look.
If you still don't see it, and you think you are logged in as an administrator, go to users > all users and see what it lists as the "role" for your username.
That's the far I know without seeing the issue.
Related
I have a website that is running on an AWS server using the Bitnami Nginx and WordPress image.
https://www.athleticclubhk.com/
Recently it got all our ads on Google stopped due to malicious content. Oddly this time, its trickier then your standard malware of infected files. When visiting the site incognito, the first and only the first link click gets redirected using the following code:
window.location.replace("https://cartoonmines.com/scount");window.location.href = "https://cartoonmines.com/scount";
This is being injected on any link, however, upon investigating the loaded code on inspect its not injecting it into the page.
I've tried to hunt down the theme, plugins, core files and found nothing!
I replaced and reinstalled WordPress core files, deactivated all plugins and even swapped the theme - the problem is still there. I can't find any hidden .htaccess file in the entire root directory.
I even used GREP to try to look for anything fishy (any clues here that someone can help with?) nothing so far.
The site is still impacted with this so you can easily load the link ~ i do use malwarebytes to keep myself protected, incase you are opening this directly.
Can anyone help?
The redirection code is implanted to /wp-includes/js/wp-emoji-release.min.js.
How to confirm:
watch the cookies when clicking internal page, a new cookie is being set for tracking first clicks, named ht_rr
save complete webpage locally and try to load it, and check in Chrome dev tools, you'll see that in Console tab it complains about this Javascript file attempting to set the aforementioned cookie
While a temporary resolution of deleting the file will fix things for some time...
There's no excuse for not setting up a proper server stack. Bitnami or other "great stacks" won't cut it security-wise. They exist for "fast", but no "quality" setup, and of course, it's never going to be secure.
The file got created somehow / had write privileges. This indicates a problem with the setup most of the time. Unless you're using some nulled plugins or plugins from bad sources.
Once again, since the website was essentially "pwned", deleting the Javascript file does not mean complete disinfection. To preserve things in a secure state, I would recommend setting things on a clean server environment with strict PHP-FPM permissions aka "lockdown" chmod, and look for write errors to look for infected PHP files.
Check out some guides on the matter of secure NGINX/PHP-FPM setup:
NGINX and PHP-FPM. What my permissions should be?
Best practice secure NGINX configuration for WordPress
NGINX Security Headers, the right way
Just had the same problem and it was Zend Font Plugin, the same that some people mentioned before.
Installed Wordfence and this came out. Deleted the plugin and now the site is working perfectly.
Disable plugins and check again.
Change the database username and password.
Ask the hosting manager to check the host.
I am not able to edit the Wordpress site at all. The dashboard looks like its not loading css. But also the links are not working, each time I press anything on the bare-looking dashboard, it takes me to Page not found. I am facing this issue because I changed the admin password from phpMyadmin using cPanel. From that moment, this is all messed up. It would be awesome if I get a solution for this. (Ps. I do have a backup of the site but it is old, so it does not have a lot of changes done recently, so I cannot roll back to old version
If you are using any cache plugin, then deactivate it, clear your browser cookies, also try to access it from different IP from another place.
Also, check this link for a better understanding.
...I gave in to the nagging message from Jetpack last week to turn on "Protect" and the day after, I found myself unable to log in to the admin dashboard. (I'm not 100% certain that Jetpack is at fault here, but it's the most obvious thing that changed.)
Symptom is that wp-admin is not available for any of my sub-sites.
I've tried the usual things (IP whitelist, adding IP to the config file, disabling the suspicious plugin, disabling all the plugins) but the behavior remains the same.
Any login attempt will fail, and I'll see a redirect to the login page. Here's the URI pattern for the redirect:
http://myclientsite.domain.us/wp-login.php?redirect_to=http%3A%2F%myclientsite.domain.us%2Fwp-admin%2F&reauth=1
I thought to address it at the database level, but inspecting the database, I do not see any user table. (I'm led to believe that the user table should be global to the installation and contain user info for all sites)
So my two questions are:
How can I find the user table for my site? I've logged in to the database directly both with the wordpress user account and with the root account. Don't see the table in either case.
What can I change about the installation that would allow me to at least access the admin functions and disable the offending plugin?
To get into wp-admin, you can disable all plugins by renaming the plugins folder that is in the wp-content folder.
In this case, I finally stood up a new multisite instance and imported a safe backup (using Updraft Plus to backup and restore in this case).
I did not resolve the lockout issue, but I found the answer to another mystery I was wrestling with. The user table WAS present, but my superficial understanding of phpMyAdmin kept me from seeing it. (Shoulda used the mysql cli client)
It turns out that in the table browser on the left hand margin (navigation panel), the table list is paged, and I was looking only at the first page.
So each subordinate site has table name prefixes that look like wp_X_ where X is the subdomain index within the multisite structure. The "primary" site has data in tables that simply use wp_ and that's the one that hosts the user table.
For me then, the trick was to notice that in the phpMyAdmin navigation panel, I could page to the next set of tables and there was the table I needed.
Problem description
When I try open W3 Total Cache settings page I got the following error:
You do not have sufficient permissions to access this page
This is the only one plugin that I cannot edit. It's installed on multisite page and it's activated for the whole network. I can normally delete it and activate / deactivate for the whole network. The error occurs when I'm trying to open settings page on one of the pages within this network.
I'm using localhost - just so you know but I'm quite sure that it does not change anything in this case.
Solving attempts
I have checked user capabilities and user_level in database (they are set to administrator and "10").
I tried reloading APC and PHP-FPM (found this while googling). I have tried clearing browser cache and opening site in incognito mode.
I have tried reinstalling plugin, deactivate it and activate again (multiple times).
You need to change your permissions of the wp-contents and all folders within it.
Try 774, if that doesn't work try 775.
This should fix your issue, let me know if you have any issues.
I recently moved my site built in Word Press to another hosting provider and I found the shortcode [woocommerce_my_account] is not working anymore.
Previously, I had a page called account login where I had the shortcode [woocommerce_my_account]. In the settings I set the landing page to be the same page (account login). so, after an user logged in, it was redirected to the same page showing his/her details.
However, in the new hosting provider this is no longer working. After I put the login information and attempt to login it is taking me to wp-login.php page and ask me to enter my login details again.
The URL path that I see in the browser after attempting to login is similar to this <site_name_url>/wp-login.php?redirect_to=http://<site_name_url>/account-login/
Anybody has got to the bottom of this issue? Thank you.
Try adding this to your wp-config.php:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
Make sure you change http://example.com with your own domaine. You can also try to search and replace your domaine in the database if it has changed.
You can also try to clear browser cache and cookies. I had an issue like this before, launched a private navigation and it was working fine.
Try setting define(‘WP_DEBUG’, true);, you may see something going on.
Sometimes, php version makes a difference, try to set the same php version on you new host (google the name of your hosting provider + change php version).
When you move sites/restore databases you often need to save the permalinks again.
go to /wp-admin/options-permalink.php and click "save". This will setup your .htaccess file with the correct information for redirects.
Finally, after all of these days searching and trying different things, the answer for this issue in my case was not related with the Word Press installation itself but, with some software installed on the server called varnish, apparently used to cache the site and improve its performance.
After having a support chat with the hosting provider, they mentioned that varnish is breaking the woocommerce plugin.
At this point, I am not sure if varnish is not compatible with woocommerce or the settings applied on the server using this software make woocommerce not to work properly.