Sudden Website Title Change and Order Email Notification not Working - wordpress

I am not sure about my what happened to my site but the site title suddenly change to
+ADw-/title+AD4-Hacked By Mister Spy +ACYAJg Souheyel.+ADw-DIV style+AD0AIg-DISPLAY: none+ACIAPgA8-xmp+AD4
and my order email is not working properly. Anyone got same problem?
Do you think what happened to my site? Any Solution to this?

Ah, the clue is this: "Hacked By Mister Spy".
You got hacked because you are using an old version of WordPress. That's very typical; when running WordPress, keep it and all themes/plugins updated in order to stay safe and secure.
Since version 3.7, WordPress will automatically update itself with security fixes when they are released by WordPress. FYI, these security updates are not full updates to the latest version; they are patches, and you will still see advisories to fully update to the latest full version.
To correctly clean your site and hosting account of the hack, carefully follow https://codex.wordpress.org/FAQ_My_site_was_hacked .
Then take a look at the recommended security measures in https://codex.wordpress.org/Hardening_WordPress and http://codex.wordpress.org/Brute_Force_Attacks

Related

Weird Caching Issue - WordPress + Ultimate Member + WP Engine + Cloudflare

I am facing a very weird caching issue on my site. The site is hosted on WP Engine with Cloudflare setup. Here is the complete scenario when the user tried to access the site.
When the user upgrades to pro after successful payment, then all the pro listing should be visible to them OR I can say they can access pro listing. But after successful payment when a user tries to access the pro listing it shows you need an upgrade to pro. After hard refresh 2 to 3 times. It works normally.
Note:
I have already reached out to the support team. They are working
on it. I am just want to prepare my self for plan B :)
My site does not have any caching plugin.
I have already bypassed the caching from Cloudflare for that page.
I have added Cache Level to Bypass in page rules. Let me know if I need to add anything else to the page rules.
I am sure it is a caching issue. I am open to suggestions on how to fix that.
Thanks!
you can use wp-super cache plugin.
and you need to clear your browser cache.
I am using wp-engine. when I faced like that, I used wp-super cache plugin.
if the plugin is not working, you are working on different place.
check your file path, please. live site or staging site... because you might make a mistake..

Wordpress not reflecting phpMyAdmin database changes unless I log in

this is I think a really unusual case. A little backstory, I outsourced a PSD to WP project a few months ago, but not currently working with the developer anymore as he stopped replying to my support questions. I'm trying to solve this on my own before I give this to the client, as I have no more budget to hire another developer.
I have two problems, first is I couldn't access the WP dashboard even though my login is an admin account. Been trying to solve this through numerous google searches and blog posts but to no avail, I couldn't fix it.
Here goes my main problem: So I finally found a way how to update the content on the site using the phpMyAdmin backend database. (good thing I know HTML CSS)
I managed to update the content, but when I tested the site using incognito window and other profiles / browsers, the changes from phpMyAdmin does not reflect on the site. I tried logging in, and weirdly, the changes are there. I log out, changes are there.
I just find it really weird and a hassle that I have to log in to see those changes. It's a client facing site, and the changes are really important so I hope someone has experienced this before and can help me out. Thanks in advance.

Wordpress maintenance mode

I'm currently working with a charity who have built a new site in Wordpress. My wordpress knowledge is somewhat lacking. We have a volunteer, who apparently works with wrodpress a lot, doing some SEO work on the site who has installed a number of plugins. We have been receiving a number of complaints from visitors saying to the site that it seems to be in maintenance mode a lot. I don't fully understand how maintenance mode works. Is this something could only be triggered by someone making changes? Is this activity logged in any way? We need to establish if the maintenance mode is being triggered by the volunteer, although he insists it's not him, or by a problem with the site.
Any advice would appreciated?
Wordpress Maintenance
Sometimes, you may have the need to put your website into maintenance mode for upgrades. This would make your website temporarily unavailable to public access. You wouldn’t want errors to pop up when you are running important updates in the background, right?
It is not that only developers can cause this even authors or the people posting posts can cause this issue.
REFER: https://www.elegantthemes.com/blog/tips-tricks/7-mistakes-beginner-wordpress-users-make
He must have been triggered it unknowingly!
This is not logged in anywhere.
Refer this blog for Wordpress mainatainance knowledge
http://www.hongkiat.com/blog/wordpress-maintenance/
Check if this plugin is indtalled https://wordpress.org/plugins/wp-maintenance-mode/

DNN 6.2 URL hacked

I am running one of my client's websites on DotNetNuke 6.2. Yesterday I noticed that the menu links for the website appear to have been hacked.
So when I click on a link which is supposed to go to: www.wossname.com/search.aspx
It instead takes me to: http://www.wossname.comlley.com.auomnern.edumd400b40cn/Search.aspx
So basically I think that someone has hacked the URL generation bit of DNN and added some malicious code to our DNN installation. I am aware that I should upgrade to the latest version of DNN but I am looking for a short term fix to keep the site running in the interim.
Is their any solution to this?
Sorry about asking an off topic question. I was under the impression that it would be a scripting issue and would be related to code. Anyway I just happened to check the database and noticed that multiple aliases are being created. So if you are having a similar problem simply delete those aliases and you should get the site running in the interim. Of course do update your version of DNN ASAP!

Can Wordpress automatic update harm my website?

Recently I got to know that my Wordpress site is automatically updating itself when a new version of Wordpress is available. I know that this automatic feature is available in
Wordpress since sometimes back. But I have some questions about this
1) Can this be risky in any case?
2) Doesn't it a matter the way how we have installed Wordpress? (e.g plugins and security settings)
3) Does Wordpress have a way to recover our website if anything happen?
4) Don't they keep any backup before do the update?
Could you please give me your answers to the above?
I'll answer each of your questions to the best of my knowledge:
1) Can this be risky in any case?
The automatic updates are mostly security updates. Though you can never be 100% sure it doesn't break anything, security updates don't deprecate functions or change much on how the CMS works. This means that nearly every plugin and theme can still use the same functions without issue.
2) Doesn't it a matter the way how we have installed Wordpress? (e.g plugins and security settings)
This ofcourse matters, to some extend. But if a site is working in Wordpress 3.8.3, it will still work in Wordpress 3.8.4. If a site however uses functions that will be deprecated, you might have problems when upgrading from 3.8 to 3.9. However, major updates aren't done automatically, and still need to be done manually, giving you the opportunity to make a backup beforehand.
3) Does Wordpress have a way to recover our website if anything happen?
No, it doesn't. You CAN however turn of the automatic updates. But, as stated at question 1, the risks aren't very big with the security updates.
4) Don't they keep any backup before do the update?
No they don't. It is your own responsibility to keep backups of your website.
I hope this answers your questions. If something is unclear, please let me know in the comments, and I'll look into it for you.
If your themes and plugins use functions from Codex then I think your are much safer. Make sure the plugins and themes are using functions to get directories and URI's through functions defined by Codex, what I mean to say is:
use: get_template_directory_uri();
instead of xyz.com/wp-content/themes or even home_url('/wp-content/themes'); and other things like that.
yes sometime it can create a mess and it won't allow to admin to login.
most command questions asked are
Can't login after automatic update
login failed after wordpress update.
here is a very quick fix for all of them.
http://onl9class.com/solved-cant-login-after-wordpress-update/
Here is all answer of your questions, please check below:
1. Can this be risky in any case?
The automatic updates are good for security purpose but some times it will break our function work in website because some plugin developer will not update own code according to wp updates so it would be good you can manually updates all things after checking plug-ins compatibility with new version.
2. Doesn't it a matter the way how we have installed Wordpress?
No it always matter, because some times wordpress core developer changes the function and they will be depreciate in new version so it would be good, always take backup of website and manually do the updates.
3. Does Wordpress have a way to recover our website if anything happen?
No, but you can install wp plugin and schedule it to take backup in each week.so you can at-least get the latest backup of website. I always use the back up plugin in my websites.
4. Don't they keep any backup before do the update?
No they don't take backup of website. but wp always show notification when you start update please take backup.
Thanks

Resources