I'm using Wordpress 4.9.1–en_GB, and have a live site which has been up and live for some months without issue.
48 hours ago it suddenly (or rather I noticed suddenly) started displaying some pages as unformatted (no css) lists of links and text. The links on those pages were to another domain which directed to my site, but which has never been part of my site, and for which there is no direction within the site.
Loading and saving that one page fixed it on that page, and another page which was exhibiting the issue.
I redirected the external domain so that it would not point to my website.
Today it has exhibited the same behaviour, but with a subdomain which points to my site, but which again is not in use. Again saving the page without making any edits 'fixed' the behaviour.
I'm not asking for a fix - but whether anyone has ever experienced a similar problem, or has a pointer towards where to look, and will report back what I find, in the hope it helps someone else if it ever occurs to them.
I didn't originally build the site - it has a load of plugins, not all active and disabling and removing plugins is definitely an option - but not a great one, since the problem is not predictable, so I have no firm way of knowing whether my actions have fixed the issue, and in the meantime my commercial site will not be functioning as desired (which I appreciate is occasionally the case anyway it would seem).
It sits in Amazon EC2.
sorry for the lack of precision, but I am truly stumped.
this sounds like your website may have been breached. to address the conflict of web pages not formatting is usually the ssl not being installed correctly on the server. but if you have a lot of plugins installed it's a huge security issue and the plugins may be causing the domain issue
the plugins may be causing a conflict within each other I would recommend removing the plugins that generally don't get used.
deactivate the plugins in use and reactivate them.
use word fence security plugin to run to a scan on your website.
when I had this problem it was because the ssl was not installed on my server correctly if not that, a breach may be the cause. I hope this helps.
If the issue started within that time frame as stated that makes me more confident that this is an ssl issue. Sometimes an ssl doesn’t install correctly on a server this can cause a conflict with how the layout in css and HTML is affected. this is common in some cases, while it’s happening with the current theme your using, some WordPress themes can bypass the ssl error, I would recommend getting a new ssl from let’s encrypt and removing the one that was auto renewed through let’s encrypt. This could simply fix the problem. If not feel free to share your findings on the issue.
Related
Just an FYI, I'm an amateur blogger who doesn't know much about coding.
I've been facing a problem recently and I don't know what to do.
My website homepage shows up blank, with just links (http://shlokamariwala.com/)
I've tried to check for any errors in my backend but all seems to be working fine!
I've also uninstalled all plugins to check, but that didn't make a difference.
Please let me know how to go about this! I'm happy to provide any specific additional information needed. Also, since I'm not very well versed in coding, I apologise for my use of lay-man terms in advance!
If I get to your website, most content is not coming from your domain, but is loaded from https://secureservercdn.net/50.62.198.97/qxw.3db.myftpupload.com/.
Also your own site is not using SSL (https), but insecure http.
Many browsers and most anti spamer browser plugins like privacy badger or uBlock Origin will refuse to load this.
Another point may be that you are using canvas data, but also this is blocked by default in modern browsers.
Maybe take a look in the wordpress server site settings and check your servername.
My coding knowledge is super basic but Hostinger's support sent me to this platform to hopefully find a solution.
Situation: I have successfully installed the SSL certificate but I keep losing the padlock because of mixed content. I checked Whynopadlock for the issues, it gave me two images as 'soft failures'. I deleted those from my Wordpress library. I've installed Really Simple SSL, Force SSL and tried Search & Replace. I've changed the url in Elementor but I keep getting these errors.
Please, can someone help me, with some clear info as my coding knowledge is limited to making some minor changes in css.
Thanks so much in advance!
In your homepage, there are 3 images that are still loading under http instead of https. These images are:
http://cortijolamorera-com.preview-domain.com/wp-content/uploads/2020/03/ligature-symbols_2-11-0_quote_225_13_bdc3c7_none.png
http://cortijolamorera-com.preview-domain.com/wp-content/uploads/2020/03/Algemeen7-scaled.jpeg
http://cortijolamorera-com.preview-domain.com/wp-content/uploads/2020/03/evie-shaffer-728405-unsplash-edited.jpg
All these images appear to load from lazysizes.js. The easiest way would be to delete these photos from the media library and upload them again. Otherwise, you can either check your setting in the lazysizes plugin or search and replace the urls from within the database.
I have a site with a static home page which is just one of the pages. Ive been working on the site for several weeks. Today, when I went to clear the cache to see if some links were updated, the home page switched to displaying Posts (which is the other setting under the Settings->Reading) I went to settings and sure enough display Posts is checked. No one else, that I know of has the password to this site. Does anyone know why this happened or how I can prevent it from happeneing again?
There are so many variables to consider, but it has to be a direct database manipulation. So:
Someone did in fact change it, but no one knows who
A plugin or theme changed it. Unlikely, but certainly possible. Search your plugins/theme changelog and/or support threads for similar reported issues
One thing you could do is install the plugin Stream. This logs all (well, nearly every) database manipulation and tells you when, where, and who. This way, if it happens again, you can immediately pinpoint it.
I have the same problem on different WordPress based websites.
I developed some of them, while others are made by someone else.
They don't have that much in common: completely different websites, different themes/plugins and so on.
Recently in these websites, I've been experiencing this problem: WordPress is caching the backend in a really tough way and, after saving any edits, I have to force a refresh with ctrl+f5 to actually see the edits I made before.
After some digging I can assure that:
it doesn't seem to depend on the webserver (same problem on nginx and on apache)
it doesn't depend on varnish or wp caching plugins (it happens also on website without any cache solutions)
it happens just in some new wp releases, I'm not experiencing this problem on older websites
it doesn't depend on my pc/browser configuration because my colleagues are experiencing the exact same problem on their pc
Anyone who had the same problem and was able to find a solution?
EDIT: It actually happened also on a fresh WordPress installation. Once I created a page, I went back to the page list by clicking on the menu item and I couldn't see the page in the list. After forcing a page refresh the newly created page was there as it was supposed to be before.
Last Wednesday a variety of the WordPress sites I manage got hacked, they were infected with a Viagra link (malware is so original).
I noticed in the wp-includes directory a file called utils.php (wp-includes/js/tinymce/utils/utils.php), also an addition to my general-template.php for the get_footer function.
This hack seems to only affect Google search results for sites, not the site when directly viewed by entering the URL, i.e your cached site will show a malware infested mess and lose ranking, meanwhile you will wonder why due to the site looking fine when viewed.
My host (TSO Host) have cleaned up the sites, didn't even need to ask, but I have no idea how the infection got there in the first place.
So my question is, does anyone know how the breach happens and what I can do to prevent it, other than the usual security tips?
This happened to a site that I spent weeks cleaning up. I can give you a few pointers:
Go through the Wordpress core files (under wp-admin and wp-includes) and delete all files that you don't see in the default wordpress instillation. I've never seen a plugin create a file in one of those 2 directories. After this, it'd be a good idea to re-install Wordpress, just in case they changed any of the existing files.
After that, change your Wordpress/FTP/SSH passwords as they've likly been cracked. Install WP Better Security. It seems a little annoying at first, but you can monitor everything with it, change the login slug, remove version info hackers can use to find security holes, black-list known hackers, and so much more.
Finally, this last one will take some time. Google your theme and each one of your plugins, and see if Wordpress has stopped using them because they were a security vulnerability. You'd be surprised at how many plugins haves holes. Try to avoid really new plugins, and try to use the same plugin for as many different sites as you can. If you're hosting more than one site on the same server and one of the sites gets hacked, they're all hacked.
It sounds like a pain, and it is a little bit, but after you're done you'll feel so much better knowing that you're in control of everything. Trust me.