I have been developing this website and we had to use Gravity Form plugin.
There was a time when it went very vulnerable and the website was attacked (a massive crash occurred to the site) ever since the website has never been normal every again. It is extremely slow to download sometimes there are some error messages 503 We have securely monitoring the website, have the wordpress and every plugin updated to the latest version or even delete the one without the recent updates but it seems not enough because if you access the website now you will feel that it's extremely slow.
Is there anybody who has experienced this kind of attacked? (especially, from when you got attacked via Gravity Form plugin)
I would really appreciate you answer.
Scott
As Ed Cottrell mentioned you must rebuild your site.
Make a backup of files and database
Write down which plugins you use
Delete everything (leave only wp-content/uploads)
Install clean WP - it will be best if you use the same version you used
Install all the plugins - the data is still in DB, so you won't have configure them again
If you bought a theme - just download it again and install it. If someone made it for you - check it for some strange eval or some js files you dont's know. When you are sure it's clean put it back on the server.
When everything is done, change user passwords and ftp password.
Use https://wordpress.org/plugins/gotmls/ - it will help to find some nasty code.
Related
When I visit first time on WordPress website, its open another website automatically on first click anywhere, I don't know why its showing this strong text
Of course, it is better to have more details. But if this happened without any actions from your side, I would agree with Michela - it could be some malware on your website.
If you don't know what's going on under the hood, it is hard to cleanup the website completely.
As a first action, I can recommend you to check if your hosting provider have any backups for the website. It is possible that you will be able to restore to the point when the website was clean.
To clean the website by yourself, you can use various Malware Scanner plugins, like Wordfence or other specific. They can check for changes inside Wordpress core or standard repositories + they can check for strange, vulnerable and malicious parts of code. But be careful - if you have some custom code, it is better to check it with the code author.
If you'll be able to cleanup the website, I will highly recommend to go harden the website security. Some classic recommendations may be found in the official documentation - https://wordpress.org/support/article/hardening-wordpress/.
I am working on a Wordpress website hosted on Godaddy and struggling with a Malware issue.
Every now and then the webpages start displaying thousands of random links on top of the pages.
When I searched for the texts in the content files, the only place I could find them was in comet cache.
If I delete the cache files, the links go away but again come back after few days.
Can anyone please suggest how can I prevent such a scenario and what all steps I can take to secure my website from such vulnerabilties.
Many thanks in advance.
There's a number of things that could be causing it. Check all of the following to help remove security holes:
Are you running the latest version of WordPress? If not, there could be a known vulnerability that is being exploited.
Are all your plugins up to date? For the same reason as above - a poorly written WordPress plugin can open up security holes.
Do the WordPress files and folders have the correct CHMOD permissions on the server? If not, you're asking for trouble.
I'd recommend any/all of the following as further reading:
http://www.wpbeginner.com/wordpress-security/
https://codex.wordpress.org/Hardening_WordPress
If you don't want to do this work on your own, and you're working with GoDaddy, they offer (and now own) Sucuri which is a security service that will scan and clean your site. You can do this one-time, or pay for a monthly service that will continuously protect and restore your site.
Good morning,
I have a new client who has been working with an overseas developer and they seem to have simply disappeared. We have tried numerous times to contact them, and I am thinking it is possible something happened to them personally as the site they were working on for the client is still up - and they're nowhere to be found.
The goal was to continue the work they started, as it does seem somewhat extensive - rather than starting fresh. I understand this may sound ridiculous, and apologize for wasting everyone's time if this is simply impossible..
Premise: the site uses wordpress, with the woo-commerce plugin installed - both of which I've used in the past. I have a new wordpress blog and woo-commerce setup for the "new site".
I've been unable to successfully retrieve whatever custom CSS they've written for this, and have really only been able to retrieve the rendered code.
Underlying question:Does anyone have any suggestions for retrieving what has been done on this site, or somehow extracting the work as a theme? We have zero ability to log in to this site via FTP or via the wordpress login. My guess is that I'll have to start the project over from scratch, which naturally would be very disappointing to the client as I am trying to save them some money.
Site in question: http://olshop.filgap.com // http://olshop.filgap.com/shop
Well, with entirely file-based CMS you can easily put the whole directory into version control system to record any changes to the site. The synchronization with the server would be also trivial because it would only involve uploading the files via ftp.
With these benefits in mind, I am a little puzzled about the popularity of databases as the only storage mode, even when the CMS in question is meant to be used by amateurs for small websites.
How does your versioning and synchronization workflow looks like?
What kind of simplified versioning/synchronization workflow would you suggest for a casual, non-tech, WordPress user, to give them the benefit of working locally and encouraging them to have a backup of their site?
Most CMS systems nowadays tend to have some or other backup solution in place to help you. Since Wordpress is a CMS for the masses and also caters for the non-tech population, you're sure to find a plugin that can help you with this. I know it's built-in backup solution just backups posts etc. to XML, but even this does a pretty decent job of restoring over a clean wordpress installation and working fine.
But I found this plugin (which works for Wordpress and Joomla) by asking Google, which most probably is the answer to your question: XCloner
Also in terms of workflow, specifically for Wordpress, don't give the user Admin privileges, but editor or contributor or something, so they can still edit content, etc. but not make changes that could mess up the CMS itself. And maybe this XCloner plugin can do some kind of recurring backup or something. Otherwise, I suggest you move to a LAMP stack hosting environment where you can at least have cron jobs setup to backup your databse and files regularly. Most hosing companies do this in any case at no cost.
Wordpress also keeps revisions of all posts and pages, so if a user doesn't like an update they've made, the full revision history is available. Be sure to check screen options at the top to see that Revisions is checked, if you aren't seeing this option. Kind of a nice built-in.
Can also (depending on host) have scheduled database/file backups through cPanel, in addition to scheduled database backup plugins through WordPress. Some will save remotely or even email the database out.
My client has 1000 WordPress blogs hosted on a server for customers. Each one is in its own domain through cpanel and SuPHP, running in CGI mode on Apache2.2. Now he wants me (I'm the PHP programmer) to get WP-Cache loaded out on each of these blogs and not just activated, but enabled. He also wants the timeout value set to 2 days instead of the default setting.
I have root on LAMP.
What is the preferred way to roll out an update to each blog such that on a page view, it sees if WP-Cache is enabled or not. If not, it needs to copy it out from a central source, activate it, and then enable it along with the different timeout value being used.
A way, maybe not the best way, is to write a script to copy the wp-cache plugin to every wp-content/pulugins folder. Then run another script that will go and modify every DB entry for it enabling it.
If not done correctly this can be devastating as it hits customer db's.
However, one thing to note is wp-cache has a history of killing other plugins. So, if you go in and add this plugin to everyone's wordpress it might hurt there experience if it hurts another plugin they have installed thus increasing support costs as people might be emailing trying to figure out what broke.
I take it this is being done to work on performance issues. Is it possible to maybe do some type of server caching outside of wordpress?
edit: after reading Joes comment I concur with him. Didn't even cross my mind.