Been having a bit of a problem with my site regarding our caching method and my php code not refreshing or flushing.
To start, my site is a WordPress site on a dedicated Nginx webserver. I used W3 Total Cache for the initial caching setup. Everything was set up to cache through Memcached.
(I should note, my website is somewhat of a 'guest' on this server, which is bit of a semi-community donation semi-sponsored server that runs some other things. The admins are skilled but also volunteers. I have their full support for fixing things, but they don't have time to troubleshoot my very odd issue (especially because I asked for caching to get turned on for the site myself). If we had some hints on what to go on it would make things easier for us than taking shots in the dark ;) So any suggestions are welcomed.)
At some point we noticed that changes to php pages and Wordpress & Plugin updates were not working at all, while the code on the server reflected updates, the pages still processed through the older php code.
This presented a couple unique issues. W3 Total Cache stores it settings in php files. Other php files, when deleted, stop working, but when they are restored to the server, memcached still insists on using its ultra-old memcached copy. The W3 Total Cache settings, whether i removed or altered the settings php files, would NOT stop running everything through cached memcached data.
The server admin attempt rebooting memcached and then flushing it. Neither of those seemed to have any effect. All the other basic settings seem to be set-up correctly.
We can, of course, still add new plugins, all the data that comes from the database works just fine.
At least one other site on the server that is not wordpress also uses memcached with no issues.
Any help is appreciated, should be able to provide further information if it is needed.
Do you have apc.stat = 0 in your settings? Does restarting php engine help?
This is going to sound really obvious but you didn't mention it so:
Did you try turning off the Total Cache plugin entirely to confirm you can see the changes when caching is disabled?
Until you've done that and made sure you get the results you expect, there's no way to know that memcached is really the problem.
Related
I have a real problem on my cpanel I do not understand all my sites and my applications have not worked since this morning, try to restore without success I have tried everything, I am afraid to watch help me.
when I check the files of my site and application there are unknown files that create themselves all the time even when I delete completely when I update it comes back alone and it affects the operation of my site and application
I don't know if I was really hacked, or if it's an extension problem, or it's a quota or php problem but nothing's going well here are some images of the unknown folders, I've already written to support they say they will delete the hosting and create a new one when I can't afford it right now
According to your screenshot, you have really messed up your WordPress Core. Firstly, fix your .htaccess and 'delete the folders'. Additionally, you can always reinstall WordPress Core to fix any problems that might have happened from a Malware action.
However, there has been a rise in WordPress Database Malware as well, so you might wanna look in that as well.
I have a website that is running on an AWS server using the Bitnami Nginx and WordPress image.
https://www.athleticclubhk.com/
Recently it got all our ads on Google stopped due to malicious content. Oddly this time, its trickier then your standard malware of infected files. When visiting the site incognito, the first and only the first link click gets redirected using the following code:
window.location.replace("https://cartoonmines.com/scount");window.location.href = "https://cartoonmines.com/scount";
This is being injected on any link, however, upon investigating the loaded code on inspect its not injecting it into the page.
I've tried to hunt down the theme, plugins, core files and found nothing!
I replaced and reinstalled WordPress core files, deactivated all plugins and even swapped the theme - the problem is still there. I can't find any hidden .htaccess file in the entire root directory.
I even used GREP to try to look for anything fishy (any clues here that someone can help with?) nothing so far.
The site is still impacted with this so you can easily load the link ~ i do use malwarebytes to keep myself protected, incase you are opening this directly.
Can anyone help?
The redirection code is implanted to /wp-includes/js/wp-emoji-release.min.js.
How to confirm:
watch the cookies when clicking internal page, a new cookie is being set for tracking first clicks, named ht_rr
save complete webpage locally and try to load it, and check in Chrome dev tools, you'll see that in Console tab it complains about this Javascript file attempting to set the aforementioned cookie
While a temporary resolution of deleting the file will fix things for some time...
There's no excuse for not setting up a proper server stack. Bitnami or other "great stacks" won't cut it security-wise. They exist for "fast", but no "quality" setup, and of course, it's never going to be secure.
The file got created somehow / had write privileges. This indicates a problem with the setup most of the time. Unless you're using some nulled plugins or plugins from bad sources.
Once again, since the website was essentially "pwned", deleting the Javascript file does not mean complete disinfection. To preserve things in a secure state, I would recommend setting things on a clean server environment with strict PHP-FPM permissions aka "lockdown" chmod, and look for write errors to look for infected PHP files.
Check out some guides on the matter of secure NGINX/PHP-FPM setup:
NGINX and PHP-FPM. What my permissions should be?
Best practice secure NGINX configuration for WordPress
NGINX Security Headers, the right way
Just had the same problem and it was Zend Font Plugin, the same that some people mentioned before.
Installed Wordfence and this came out. Deleted the plugin and now the site is working perfectly.
Disable plugins and check again.
Change the database username and password.
Ask the hosting manager to check the host.
I have a WordPress install that was running perfectly for years - https://electrofx.com
no changes or updates were made and it has started taking several minutes to load a page.
I have tried debugging via the wp-config file method, no errors can be found there.
I have tried restoring to one of the old backups that I know was working, no change.
I have tried disabling all plugins and switching themes, no change.
I have tried setting up a test page that is not WordPress and can confirm my hosting server is OK.
At this point I am at a loss as to what else I can try, does anyone have any suggestions?
When I have had similar issues, I checked the following:
The status of the MySQL database: e.g., is the database full?
The hard disk space of the server
The PHP version of the server vs the required Wordpress version. If you have made no updates on PHP but have kept Wordpress up to date, this could cause processing issues
Inefficient plugins that may not have been updated
A query is taking a long time. You can check the slow query log to see. As an example, I had an e-commerce site that was super slow, due to an inefficient query for listing the products
Check Google Pagespeed or other page speed test, to see how long the server response time is
It's not clear from your question whether 'no updates' means no plugin or core wordpress updates, or if you mean you haven't changed text / content on the site but have updated it.
I have just launched the website - exactabacussoftware.com built with a custom theme in wordpress.
I noticed that the page load time was stupidly slow and when I checked the results with pingdom I could see that a lot of the analysis was duplicated and I'm not sure why this is or even if it is whats causing the site to load so slowly.
I haven't yet integrated a cache plugin which I intend to do but regardless of this I cannot see why this page loads for around 24 secs.
The entire site loads properly except for the blog page -
http://tools.pingdom.com/fpt/#!/cEmMjD/http://www.exactabacussoftware.com/blog
Server Spec:
Windows server 2008R2
IIS version 7.5
PHP version 5.3.19
Anyone got any ideas as to why this page is loading so slow?
here is the test sites result aswell for comparison -
http://tools.pingdom.com/fpt/#!/bw4JTo/wp-eas.exact3ex.co.uk
The only code changes have been the rewrites to the URL's
Over to you guys...
I think the issue is with a custom theme.
Try doing this steps:
Remove all active widgets
Uninstall all plugins
Check loading time - if not improved it's an issue with custom theme.
One more thing to do (to check if it's not the host issues) - activate default wordpress theme and check average loading speed, if speed is not improved try to configure your server correctly or change hosting plan or hosting provider.
Wait 21.07s (The web browser is waiting for data from the server).
The most common reason for this in the case of Apache is the usage of DNS Reversal Lookup. What this means is that the server tries to figure out what the name of your machine is, each time you make a request. This can take several seconds, and that explains why you have a long WAIT time and then a very quick load, because the matter is not about bandwidth.
The obvious solution for this is to disable hostnamelookup in /etc/httpd/conf/httpd.conf
HostnameLookups Off
I've recently been hacked on my VPS, and have since then installed some extra security plugins in WHM. Well I'm not exactly sure, but sometime after that happened, each time I tried to login to any wordpress installation on my VPS, it just hangs until it times out. During this time my VPS is totally inaccessible, as well as the sites hosted on it. Then approx 15 minutes later, the VPS is back p again.
Does anyone have any ideas or tips for me to rectify this?
Thanks
To take a WAG without being able to see your config and source, I would say you still have a problem in your code. I.e. Some source code is messed up. Maybe from the hack?
I would do a full reinstall of Wordpress (the latest version).
Once your server was exploited, who knows what code got changed.
Some examples of what could be happening...
PHP goes into some crazy loop utilizing and blocking all resources (wouldn't be unheard of).
So, I'd do a fresh reinstall of Wordpress.
Honestly though, your whole VPS could be compromised. I'd get a new one and start rebuilding your server on that. Yes, it'll take a lot of time, but it's the most guaranteed way to make sure your server is clean and free of additional security issues.