Wordpress maintenance mode - wordpress

I'm currently working with a charity who have built a new site in Wordpress. My wordpress knowledge is somewhat lacking. We have a volunteer, who apparently works with wrodpress a lot, doing some SEO work on the site who has installed a number of plugins. We have been receiving a number of complaints from visitors saying to the site that it seems to be in maintenance mode a lot. I don't fully understand how maintenance mode works. Is this something could only be triggered by someone making changes? Is this activity logged in any way? We need to establish if the maintenance mode is being triggered by the volunteer, although he insists it's not him, or by a problem with the site.
Any advice would appreciated?

Wordpress Maintenance
Sometimes, you may have the need to put your website into maintenance mode for upgrades. This would make your website temporarily unavailable to public access. You wouldn’t want errors to pop up when you are running important updates in the background, right?
It is not that only developers can cause this even authors or the people posting posts can cause this issue.
REFER: https://www.elegantthemes.com/blog/tips-tricks/7-mistakes-beginner-wordpress-users-make
He must have been triggered it unknowingly!
This is not logged in anywhere.
Refer this blog for Wordpress mainatainance knowledge
http://www.hongkiat.com/blog/wordpress-maintenance/
Check if this plugin is indtalled https://wordpress.org/plugins/wp-maintenance-mode/

Related

When i visit first time on wordpress website, its open another website automatically on first click

When I visit first time on WordPress website, its open another website automatically on first click anywhere, I don't know why its showing this strong text
Of course, it is better to have more details. But if this happened without any actions from your side, I would agree with Michela - it could be some malware on your website.
If you don't know what's going on under the hood, it is hard to cleanup the website completely.
As a first action, I can recommend you to check if your hosting provider have any backups for the website. It is possible that you will be able to restore to the point when the website was clean.
To clean the website by yourself, you can use various Malware Scanner plugins, like Wordfence or other specific. They can check for changes inside Wordpress core or standard repositories + they can check for strange, vulnerable and malicious parts of code. But be careful - if you have some custom code, it is better to check it with the code author.
If you'll be able to cleanup the website, I will highly recommend to go harden the website security. Some classic recommendations may be found in the official documentation - https://wordpress.org/support/article/hardening-wordpress/.

wordpress menu includes different domain randomly

I'm using Wordpress 4.9.1–en_GB, and have a live site which has been up and live for some months without issue.
48 hours ago it suddenly (or rather I noticed suddenly) started displaying some pages as unformatted (no css) lists of links and text. The links on those pages were to another domain which directed to my site, but which has never been part of my site, and for which there is no direction within the site.
Loading and saving that one page fixed it on that page, and another page which was exhibiting the issue.
I redirected the external domain so that it would not point to my website.
Today it has exhibited the same behaviour, but with a subdomain which points to my site, but which again is not in use. Again saving the page without making any edits 'fixed' the behaviour.
I'm not asking for a fix - but whether anyone has ever experienced a similar problem, or has a pointer towards where to look, and will report back what I find, in the hope it helps someone else if it ever occurs to them.
I didn't originally build the site - it has a load of plugins, not all active and disabling and removing plugins is definitely an option - but not a great one, since the problem is not predictable, so I have no firm way of knowing whether my actions have fixed the issue, and in the meantime my commercial site will not be functioning as desired (which I appreciate is occasionally the case anyway it would seem).
It sits in Amazon EC2.
sorry for the lack of precision, but I am truly stumped.
this sounds like your website may have been breached. to address the conflict of web pages not formatting is usually the ssl not being installed correctly on the server. but if you have a lot of plugins installed it's a huge security issue and the plugins may be causing the domain issue
the plugins may be causing a conflict within each other I would recommend removing the plugins that generally don't get used.
deactivate the plugins in use and reactivate them.
use word fence security plugin to run to a scan on your website.
when I had this problem it was because the ssl was not installed on my server correctly if not that, a breach may be the cause. I hope this helps.
If the issue started within that time frame as stated that makes me more confident that this is an ssl issue. Sometimes an ssl doesn’t install correctly on a server this can cause a conflict with how the layout in css and HTML is affected. this is common in some cases, while it’s happening with the current theme your using, some WordPress themes can bypass the ssl error, I would recommend getting a new ssl from let’s encrypt and removing the one that was auto renewed through let’s encrypt. This could simply fix the problem. If not feel free to share your findings on the issue.

Wordpress not reflecting phpMyAdmin database changes unless I log in

this is I think a really unusual case. A little backstory, I outsourced a PSD to WP project a few months ago, but not currently working with the developer anymore as he stopped replying to my support questions. I'm trying to solve this on my own before I give this to the client, as I have no more budget to hire another developer.
I have two problems, first is I couldn't access the WP dashboard even though my login is an admin account. Been trying to solve this through numerous google searches and blog posts but to no avail, I couldn't fix it.
Here goes my main problem: So I finally found a way how to update the content on the site using the phpMyAdmin backend database. (good thing I know HTML CSS)
I managed to update the content, but when I tested the site using incognito window and other profiles / browsers, the changes from phpMyAdmin does not reflect on the site. I tried logging in, and weirdly, the changes are there. I log out, changes are there.
I just find it really weird and a hassle that I have to log in to see those changes. It's a client facing site, and the changes are really important so I hope someone has experienced this before and can help me out. Thanks in advance.

Where did utils.php come from, TinyMCE hack

Last Wednesday a variety of the WordPress sites I manage got hacked, they were infected with a Viagra link (malware is so original).
I noticed in the wp-includes directory a file called utils.php (wp-includes/js/tinymce/utils/utils.php), also an addition to my general-template.php for the get_footer function.
This hack seems to only affect Google search results for sites, not the site when directly viewed by entering the URL, i.e your cached site will show a malware infested mess and lose ranking, meanwhile you will wonder why due to the site looking fine when viewed.
My host (TSO Host) have cleaned up the sites, didn't even need to ask, but I have no idea how the infection got there in the first place.
So my question is, does anyone know how the breach happens and what I can do to prevent it, other than the usual security tips?
This happened to a site that I spent weeks cleaning up. I can give you a few pointers:
Go through the Wordpress core files (under wp-admin and wp-includes) and delete all files that you don't see in the default wordpress instillation. I've never seen a plugin create a file in one of those 2 directories. After this, it'd be a good idea to re-install Wordpress, just in case they changed any of the existing files.
After that, change your Wordpress/FTP/SSH passwords as they've likly been cracked. Install WP Better Security. It seems a little annoying at first, but you can monitor everything with it, change the login slug, remove version info hackers can use to find security holes, black-list known hackers, and so much more.
Finally, this last one will take some time. Google your theme and each one of your plugins, and see if Wordpress has stopped using them because they were a security vulnerability. You'd be surprised at how many plugins haves holes. Try to avoid really new plugins, and try to use the same plugin for as many different sites as you can. If you're hosting more than one site on the same server and one of the sites gets hacked, they're all hacked.
It sounds like a pain, and it is a little bit, but after you're done you'll feel so much better knowing that you're in control of everything. Trust me.

How Do I Rollout WP-Cache To 1000 WordPress Blogs?

My client has 1000 WordPress blogs hosted on a server for customers. Each one is in its own domain through cpanel and SuPHP, running in CGI mode on Apache2.2. Now he wants me (I'm the PHP programmer) to get WP-Cache loaded out on each of these blogs and not just activated, but enabled. He also wants the timeout value set to 2 days instead of the default setting.
I have root on LAMP.
What is the preferred way to roll out an update to each blog such that on a page view, it sees if WP-Cache is enabled or not. If not, it needs to copy it out from a central source, activate it, and then enable it along with the different timeout value being used.
A way, maybe not the best way, is to write a script to copy the wp-cache plugin to every wp-content/pulugins folder. Then run another script that will go and modify every DB entry for it enabling it.
If not done correctly this can be devastating as it hits customer db's.
However, one thing to note is wp-cache has a history of killing other plugins. So, if you go in and add this plugin to everyone's wordpress it might hurt there experience if it hurts another plugin they have installed thus increasing support costs as people might be emailing trying to figure out what broke.
I take it this is being done to work on performance issues. Is it possible to maybe do some type of server caching outside of wordpress?
edit: after reading Joes comment I concur with him. Didn't even cross my mind.

Resources