Pop-up ad in wordpress blog, suspected malware attack - wordpress

My website is www.thetechgears.com,a pop-up window opens up in the site leading to perfectmatch.com, but I am sure I haven't installed any ad-code, especially pop-up of this kind. I tried to figure out the location of the code but failed.
While the pop-up loads I could see some URL like anrdoezrs.net loading, this could be a hint in tracing.
Is the code located within database or somewhere else?

Check your .htaccess file in the root of your WordPress installation. Normally, when your wordpress has been compromised attackers inject code into the .htaccess file, which will redirect your site to other sites.
If your .htaccess file is clean, then check your index.php and header.php in your theme folder and also the index.php in your root folder.

I tried to figure out the malware ad-code, but couldn't locate it. So, I just re-installed everything and made the installation more secure by using WordPress security plugins like "All In One WP Security", "Better WP Security" and "Wordfence Security"
But be cautious while tweaking settings of these plugins, as over-tweaking may lock-out the site for admins too. Before installing, take a backup of your .htaccess file

Related

Wordpress always redirects to /wp-login.php

i have a problem with one of my wordpress websites. Every time i want to open to home url it automatically redirects me to the /wp-login.php with this strange url:
https://example.at/wp-login.php?redirect_to=https%3A%2F%2Fexample.at%2F&reauth=1
Also i can't use the "Back to example.at" Link under the login window.
Site & Home URL are set correctly, also there is no redirection set in any plugin or in the .htacces. Also all safety plugins are disabled.
Does anyone already had this strange problem?
Make sure that your website plugins works good.
For first disable all plugins or rename /wp-content/plugins folder then check your website. If problem solves rename back the plugins folder and try to rename plugins directories step by step and find problematic plugin.
Try change the main theme and recheck problem, look at your main theme function.php file content, if you see the obfuscated codes, delete this codes and recheck website.
Delete wp-include, wp-admin folders and reupload from offical wordpress.org last version archive,
Install Wordfence av plugin and scan your website files. maybe you have injected codes.
check your .htaccess file, try to reset it.
Check your server and wordpress requirements. Change the php version to 7.2.
Disable your cahce plugins (if you have).
Try to debug your website with this steps.

How to locate index.html / index.php in cPanel

I am editing a wordpress website. My client had a team working on editing it and they simply used the Wordpress editor to make changes. When I log in to cPanel, I see a 'coming soon' page in the index.html file. But the changes that the design team made cannot be located in any file. Also, when I access the website with a http, it shows the website (even when it's not supposed to be launched) and when I access the website with a https, it shows the welcome page. I don't know how two different pages are displayed by just changing the transfer protocol. How do I edit the theme?
If it is a WordPress website, the index file should be under this directory:
/website-root/wp-content/themes/ <- then the theme folder.
The theme, that's active on your website should be mentioned under Appearance > Themes. If you're not sure which one it is in /themes directory, look for the title here.
As you have cPanel, you should have an access to .HTACCESS file for your account. You can set index/default page for your website from .HTACCESS file. Please add the following code:
DirectoryIndex MyFileName.html // Replace MyFileName.html with your actual index file name.
HTTP and HTTPS should show the same contents. Please clear browser cache or verify your website from any alternate system or server.

Moving Wordpress site subdirectory errors

I have just moved my testing development subdirectory worpdress installation to my root folder using the WP-Clone plugin.
The problem now is my main site (previously mysite.com ) shows (mysite.com/site) now. and the subdirectory is shwoing in all my links
I have tried going to settings and removed the /site from wordpress URL and Site address URL.
But it broke my site and disabled me from accessing my wp-login.php .
I fixed it by editing my wp-config.php and adding :
define('WP_HOME','https://mysite.com/site');
define('WP_SITEURL','https://mysite.com/site');
and now my website works perfectly. But it still shows mysite.com/site and i am unable to edit my URL and Siteaddress from my wp dashboard anymore.
How do I Remove my website subdirectory (/site) and still have it work and not break my site's themes and all? How do I go about this? Really really appreciate any help! Thanks!
By adding those constants to wp-config.php you're overruling any setting in the database. That's why you can't edit them in the admin panel.
So the first step is to change those constants to:
define('WP_HOME','https://domain.com');
define('WP_SITEURL','https://domain.com');
Then delete your htaccess file. (.htaccess in your root folder).
Once you've done this navigate to http://domain.com/wp-login.php
Login to your site and go to Settings -> Permalinks. Hit save which will regenerate your htaccess file.
Finally you'll need to update existing links. I'd suggest installing a plugin called 'Velvet Blues Update URLs'.

Editing .htaccess without FTP access through Wordpress

I have no access to my FTP but I'm able to edit the web through Wordpress. Is there any way I could perhaps generate the .htaccess file through the admin framework? I know there might be a plugin to do that, but bear in mind I have no FTP access and the plugins require it to be installed.
I need the .htaccess file to redirect the user to another site.
I know this might strike you as weird and stupid, but this is due to the company's central decision to keep the site hosted by, I guess, a "friendly" hosting company. There's no way of recovering the login/password for FTP, so this might be the only solution.
Please, try posting constructive comments only, no "contact the hosting company". If I could, I would.
If your hosting company has set up wordpress correctly, then there is no way to do this, because unix permissions should make .htaccess read-only to the owner of the web server.
If the company has not done this, and if you have a way to change the templates, you might have success by creating a template that contains php code to open and write the .htaccess file.
Sample code to be put at the top of the header.php:
echo 'Current dir: ',getcwd(),"<br>\n";
if ($handle=opendir('.')) {
while (($file=readdir($handle))!==false) {
$ok=(is_writable($file) ? "ok" : "can't write");
echo "file '$file': $ok<br>\n";
}
closedir($handle);
}
This is to test you're in the root directory of your wordpress installation. It should give you the current directory, a list of all files in that directory (expect .htaccess, index.php, and various wp-* files), and their writability.
Once you've checked everything is correct, add
file_put_contents('.test', "RewriteEngine On\nRewriteRule ^(.*)$ site.com$1 [R=301,QSA,L]\n");
echo("<code><pre>-------- included file starts here\n");
include(".test");
echo("-------- included file ends here</pre></code>\n");
to the php code. This writes to a test file and includes it so you can check if everything is ok. When you've checked the file contents, replace .test with .htaccess.
WARNING: You should be VERY sure about the content of .htaccess. file_put_contents doesn't append the new string, it overwrites the whole file. Once you've written a bad .htaccess file, you might not be able to ever change it again, because the web server will redirect you to the new site instead of executing the script on the old site.
I am sorry for your situation. What is the hosting company (will keep this in mind if I ever use them). To try to help:
Do you have access to CPanel? Most hosting providers give it out of the box. Cpanel has a file manager.
Research Wordpress file managers (http://wordpress.org/plugins/wp-filemanager/)
How to edit wordpress .htaccess file from hosting Cpanel: If you are currently unable to login in your wordpress dashboard, or facing 500 internal server error. There is 90% possibility that you were editing your .htaccess file from your wordpress dashboard. In this situation you can only fix your wordpress .htaccess file by editing it from cpanel. Editing .htaccess file from wordpress dashboard is little risky with .htaccess editor plugins. If you will implement any wrong code then you might face 500 internal server error and your site might crush. So first you should take a backup of your existing .htaccess file before editing it. If you have a backup of your wordpress .htaccess file then you can upload it through your hosting cpanel also.
https://howtoways.com/how-to-edit-wordpress-htaccess-file-from-hosting-cpanel/

wp-admin and wp-login.php - 404 error for those who do not administrator (wordpress + htaccess)

I try to hide the traces as wordpress on my website for security reasons. Does anyone know how to create a rule using htaccess, according to which a third party user (with a different ip) redirected to on /404.php if he visits the wp-admin and wp-login.php ... I've seen third-party plug-ins (?) To address this problem, but I do not want to create an extra load on the CMS.
you can use simple redirect in .htaccess like this
Redirect 301/wp-admin/ http://www.yourwebsite.com/404.php
But if you're trying to completely hide wordpress it requires a little bit of technical work...what I did in mine, is search every files in the wp-include and wp-content folder as well as the root folder that contained the wp-login.php and /wp-admin/somefolder words, and change everything to a file or folder to a name of your choice that no-one can guess. Although you have to be very careful as not to change an important code there...

Resources