I'm working on a Wordpress instance with some plugins.
Everything works great after it starts serving 404 code. Seems to be random because everything works fine and in some moment the rewrite rules seems to break and the links stops working.
Sometimes it is happening when I update a content (we are using custom content types with this plugin https://wordpress.org/plugins/custom-content-type-manager/) but sometimes without touch anything (for example a weekend in the middle of the night).
We have been checking all the solutions we found but nothing works. The htaccess has the correct permissions and it is rewriting well the urls.
After debuging Wordpress, the problem seems to be that for some reason, it is reseting the rewrite rules to other than the correct ones (here you can find both dumps, the one when the site serves 404 first, and the second one with the correct rules https://es.forums.wordpress.org/topic/permalinks-error-404?replies=5#post-53705).
Also, we check what was the wp-cron running but we didn't find any plugin that touch the rules (I am not sure if WP doed anything with the rules periodically).
Thanks in advance.
Germán
I'm seeing this with a multisite install. It seems to correspond to codebase changes in WP core.
Related
I have build a Wordpress site which is running on multiple (sub-)domains using the Plugin: WordPress MU Domain Mapping.
I have been out of WP-Development but had to update those sites. On the main site everything went great. After a few seconds, the site was updated.
The 3 mapped sites however are having a few problems.
After digging into the code i figured that no CSS or JS is being loaded anymore (404 Not Found)?
I can't seem to find the problem that causes this. What has changed so drastic that all those links are being thrown off?
Anyone able to point me in the right direction?
I'm happy to provide functions.php, header.php or anything else that could help to locate the problem.
In the end it was WordPress MU Domain Mapping.
Although at some points it was deactivated it still set the primary domains and caused funny redirects.
Got all pages running in directories now and just need to solve the mapping to sub-domains without the plugin (which should be a core-feature) since 4.5
I've made a Wordpress webpage which works well, except one specific addres.
When I'm entering all pages, posts etc everything seems fine, but when I try to access specific address (like http://page.com/foo, and only this one) it drops me to redirection loop, and stops on address such like http://page.com/foo////////////////////.
I've checked some things:
htaccess-es which may have some influence are OK (only specific 301's exists and standard Wordpress redirection pattern)
I'm using redirection plugin ("301 Redirects") but bug exist even if I'm turning plug off
On hosting site (ovh) there is not such thing that can make a problem
Where I should try to find the reason? I'm out of ideas.
So I've got PageSpeed on top of Nginx serving a pretty simple Wordpress install.
This problem seemed to coincide with upgrading to Wordpress 4.2.2; however, after downgrading to 4.1.5 to see if this was the issue, it turned out not to be the case.
Normally I wouldn't blame PageSpeed, but using ?PageSpeed=off in the URL fixes the issue completely. And just to be clear -- there's no cache in the admin area.
Another odd thing is that it only seems to effect Pages (as opposed to Posts) in the CMS, so it seems like PageSpeed might have some conflict with scripts/styles/something specific to Pages.
I am currently baffled, so any suggestions are appreciated.
Open the file "pagespeed.conf" search for:
ModPagespeedRewriteLevel PassThrough
uncomment this line and change it to:
ModPagespeedRewriteLevel CoreFilters (is save for most websites)
if this line above not helps try to change into:
ModPagespeedRewriteLevel OptimizeForBandwidth (stronger guarantee of safety)
see also the online reference about this subject at PageSpeed: https://developers.google.com/speed/pagespeed/module/config_filters?hl=nl
so I'm working on a wordpress site (found at nsuited.com) and my problem is that the checkout is causing a redirect loop. I have searched the internet for this problem and it mostly seemed to be related to forcing ssl or using an https wordpress plugin. I am doing neither, and everything was running fine until randomly the redirect started occurring. There's way too much code to post it all, but if there is anything specific you'd like to see let me know. I have tried changing the woocommerce checkout page, which then allowed me to access the checkout page as a page itself but I could not actually checkout from it. If I try to go to whatever page is set to checkout, BAM redirect loop again. I'm at a huge loss and have not been able to find any significant leads from debugging. Please help :(
EDIT: Also pertinent information - I recently moved my installation from a subfolder to root, though the checkout page was working since I moved installations
Problem solved.
I had tried this before without succes:
Add
define('WP_MEMORY_LIMIT', '96M');
to the file "wp-config.php". When I added it initially, I put it at the end to no avail. Put it as the very first line of code for glory.
I got a problem that's driving me up the wall: I made a Wordpress Blog, using the Gantry framework for layout en several different widgets and plugins. Everything works fine in FF, Safari, and Chrome, but trying to open the site with IE 8 the browser crashes or in the best cases I get a message that the tab has been closed and reopened due to an error; after which the site is loaded fine. I try finding out what happens during the opening of the page, but the debug panel of IE doesn't point out any error!
Does anybody have clue on what the problem might be?
The website is: http://www.danielevecchiotti.it/
I suffered from the same attack today, so I investigated a bit:
That injection is done through the hole in one of the plugins, most likely through the outdated contact-form-7 plugin. Check if you have this folder in your wp-content/plugins directory - even if it is not activated in Wordpress, the very presence of it there is a potential security threat as the attacker can use the direct URL of the plugin faulty file to access it.
(source: http://wewatchyourwebsite.com/wordpress/2011/11/wordpress-websites-infected-through-outdated-contact-form-7-plugin)
Patching the hole: if you use this plugin, update it to the latest version which is not vulnerable. If you don't use it and just keep it deactivated (like I did), you can remove it at all.
It is also a good idea to prevent people from accessing your plugins directly. You can create a wp-content/plugins/.htaccess with the following content:
<Files *.php>
deny from all
</Files>
This might not work with every configuration, but usually plugins are only accessed in the code, not with HTTP calls so that shouldn't do harm to visitors' experience.
Restoring your site: If you don't have backup of your *.php files to restore them all from by overwriting your current ones, you need to search for every file containing the string specific to the malicious code, e.g. "eva1fYlbakBcVSir". Then you need to edit all those files - for every file, remove a long line from it's end.
Or if you're proficient with command line and, say, perl, you can build a regular expression to do the work for you.
What was the purpose of the attack? Obviously there were links to some Java plugin added to your site's pages by those code snippets. The plugin added is believed to be the following: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Exploit%3aJava%2fCVE-2010-0840.KM&threatid=2147649278
However, I didn't manage yet to decipher the injected code fully - it's very well messed up and the reverse engineering is hard. So I can't tell for sure that apart from showing that Java plugin to visitors the exploit was doing nothing like reading users' passwords or removing some files (unlikely, but possible).
I can't find any information about that as well, looks like nobody traced the consequences fully yet.
Please share if you know more.
I finally found the problem: the site has been HACKED!
I noticed the index.php and wp-blog-header.php files modified on a strange date and time. Downloading the two files I found they had been compromised: a whole section of unreadable code had been added. Uploading the original PHP files the above problem was solved.