Just have a question :)
I have a WordPress site with domainname "site.com". It is on its own server.
On another server I have an admin site located on the subdomain "admin.site.com", and a booking site on "booking.site.com" - they are not i WordPress.
Now my WordPress site gets hijacked, and all browser shows a warning, and I'm removed from Google. But it is not only site.com which is closed, but all my subdomains. Why? And is there a way to separate, so the subdomains not will be close if my WordPress site gets hijacked again?
By close, do you mean removed from Google or non-functional in general?
Google doesn't have a lot of forgiveness when it comes to site issues, so afaik it will block the subdomains if the main domain gets compromised.
If your other sites aren't functional, you might want to check your site.com's htaccess file.
Related
This is a peculiar one.
I work for an agency, and we develop WordPress and JAM Stack sites for our clients.
I have been contacted by the IT team for one of the clients (an NGO), and they flagged something that I have not seen before.
NOTE: I am going to be using example.org as the website, to protect the identity of the client.
Basically, we developed a WordPress site for them, which works great and all, but as it turn outs there is a page on the website which points to a totally different website
The example page is as follows
example.org/news/points-to-different-website/
The news page doesn't exist in anywhere on WordPress system, and neither does it exist as a custom post type.
And another thing, I noticed is when I removed the / at the end of the URL, it shows the custom 404 page developed for the website
example.org/news/points-to-different-website
But as soon as you add the /, it shows a totally different website.
I have checked all the Apache configuration files related to the site, and it is just the normal setup for any WordPress site.
So, I am wondering what could be causing this, and how can one prevent it?
That's a strange issue. Does example.org/news/points-to-different-website/ actually redirect to another full URL, i.e. differentwebsite.com, or is the different site actually at example.org/news/points-to-different-website/?
Try
emptying the trash for both pages and posts, as there could be a conflicting slug that is causing a redirect.
Reset permalinks.
Using PHPMyAdmin, search the database for the URL points-to-different-website and see if there is malware or some kind of a redirect, an iFrame, etc.
This can sometimes happen if the server hostname is not set up correctly.
What can happen is website on the server will show in place of a non-existent site or page from another website on the same server.
If you are using a reseller hosting/shared hosting, then the site could be from another account on the server, the site could also be from another server, for example:
There are 2 servers with the hostnames serverone.myserver.com and servertwo.myserver.com... A site on serverone might show in place of a site or page on servertwo.
We use wordpress and our subdomain sites recently started redirecting to our main site.
Exmaple, sub.example.com/products redirects to https://example.com/products and gets a 404.
I did notice if I add https:// in front of the subdomain it goes to the proper subdomain site. What would cause that? How would I fix that issue? I want the user to be able to put sub.example.com and get the proper site without needing to type in the https part.
The only thing that I remember changing recently was adding the ssl certificate.
Thanks!
I recently experienced this issue. Check for any wordpress plugins forcing HTTPs on any http domains. Or anything on your subdomain forcing https when it isn't an https site.
Here is the existing configuration of my site:
I have a CNAME record www to example.com in Cloudflare DNS settings.
Nothing in .htaccess of the original host server.
WordPress site has its Website and Home address set to http://example.com
I don't have a clear understanding of what Cloudflare does and how it integrates with WordPress. However, I would like to achieve this without making any changes in WordPress. What DNS and Page Rules combo should I configure in order to serve all the URLs ONLY over https without www?
Based on this answer here, I tried changing my DNS settings but it didn't work. And I can't get my head around Cloudflare Page Rules.
In order to accomplish this you should create two Page Rules. One that redirects all traffic to https, and another that directs all www traffic to the root domain.
You can find directions for these Page Rules on this KB article (they are the first two). Or there is a video tutorial as well. If you are already maxed out on Page Rules there is also an option now to purchase additional rules without changing plans.
(I'm from Cloudflare)
My client is moving their site to SquareSpace, but wants to keep the blog portion hosted in WordPress. I'm not sure what their current hosting plan is, but is it generally possible to point "example.com" to SquareSpace, and have "example.com/blog" still exist as a WordPress site?
Thank you!
This can't be done solely through DNS as DNS is ignorant of the path and works only with the domain name. The only way to do this through DNS would be to move the blog from example.com/blog to blog.example.com, then the website can be located on one service at example.com and the blog can still be located on wordpress at blog.example.com.
I would like to know how to share a session between my website non-wordpress and my wordpress blog on the same domain www.mysite.com, so that when a user is logged in to my site he's also logged in to the blog
I installed wordpress as subdirectory on my site, url for my site is www.mysite.com and I access wordpress like this www.mysite.com/wordpressBlog
On my user_login.php in my main site I activated
session_start();
to activate cookies and on my wordpress wp_unregister_GLOBALS() I added
$no_unset = array( '_SESSION', ...
But nothing happen, when I login to my main site I still have to login to the blog
as a matter of fact my site and wordpress blog are on the same domain. I installed wordpress as subdirectory on my site url for my site is www.mysite.com and I access wordpress like this www.mysite.com/wordpressBlog On my user_login.php in my main site I activated
session_start();
to activate cookies and on my wordpress wp_unregister_GLOBALS() I added $no_unset = array( '_SESSION', ...
But nothing happen, when I login to my main site I still have to login to the blog
In order to be able to share a session cookie between both sites, they will have to run under the same domain name (e.g. mysite.com). The following would be a valid configuration if the session cookie has a scope of mysite.com
www.mysite.com
blog.mysite.com
PS. I don't recommend using Cross Scripting hacks to get around this domain scoping issue. It's limited to a domain for security reasons.
[Edit]
I should also point out that it is entirely valid to have your two sub-domains (sites) hosted on different servers
[Edit]
It is difficult to provide a succinct answer to your question because you are using a non-WP site. My best suggestion for you is to post on the WordPress StackExchange where you may get someone who has done this configuration before.
I believe your issues are centred around the scope of your Cookie from WP. Editing your wp-config.php and setting the COOKIE_DOMAIN to use "" may help with your issue as referred to by this WordPress StackExchange post.
Some posts speak of removing this settign entirely. In any case you need a way to debug your HTTP sessions to see what cookies are being sent using which scope, that is why I recommended FireBug. In any case you're still going to have to re-code your non-WP site to recognise the WP cookies so understanding what's going on is important.
I did come across this other post regarding Multisite Domain Mapping that may help with your knowledge, but this is involved WP sites only so not exactly what you need.