While troubleshooting my site I have ran into this error.
"This page is trying to load scripts from unauthenticated sources"
I am slowly learning to head to the Google developer console, which I found...
(program):1 Mixed Content: The page at
'https://www.thepixelfoundry.net/main/' was loaded over HTTPS, but
requested an insecure script
'http://api.sitestate.ru/scripts/stat/sitestate.js?r29'. This request
has been blocked; the content must be served over HTTPS.
This is my first Wordpress theme, as I built this page in order to better learn Wordpress. I have no idea what i sourcing that script.
I have checked my:
functions.php
header
footer
index
when I googled the scripts domain as the .ru already raised a red flag I received a warning from google questioning my computers recent traffic.
now im terrified....
How can I find this script? I have also installed Sucuri on the Wordpress side...and everything seems clean with a scan.
I got the same error in console, after I installed Ace Stream Web Extension
If you are working with it on remote server, then download all WP files and folders to your local machine and use "Search from all files" function. It is included in most text editors (Sublime, Notepad++, Brackets, etc.). Then you can track where this code comes from. When it comes from certain plugin you can disable the plugin. Or just remove that code.
But you should search, where that code get in your WP in first place. Is it some uploaded file that's supposed to be filename.jpg but is filename.jpg.php or comes from plugin or theme.
(I'd comment it but too low rep :/ )
Related
I have a code of online shop on Prestashop, and I have for example content="Shop on PrestaShop" in meta-data of current page, but when I'm trying to find that String in project in Webstorm to localize which page file it is, I get nothing.
So I guess it's some PHP magic working there. So now I have huge problem with finding proper file in order to change that String. Is it possible to check a filename and it's extension via Google developer tools? I'm starting site from server, not localhost.
You can only find the files that are delivered to client's machine in chrome developers tools by visiting:
Inspect > Sources
The server side files can be visible only if you can see them in URL. If the path is re-written using something like .htaccess in apache, then there's really nothing that you can do to find out the file.
These type of files are meant to be present only to hide the actual file path.
I am no longer able to access the admin panel of a Wordpress site. 2 days ago I added a plugin, loaded some new content, and things were working fine. The client loaded some regular blog posts, and today, it no longer works.
First of all, the error itself:
I go to URL: mydomain.com/wp-admin, the browser redirects to: mydomain.com/wp-login.php?redirect_to=http%3A%2F%2Fmydomain.com%2Fwp-admin%2F&reauth=1
The error message says:
Not Found
The requested URL /mother/18/readf.php was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request.
What I know so far:
Nothing in .htaccess redirects to mother/18/readf.php
A search of similar errors gives a lot of results where urls within normal sites seem hijacked to sell antidepressants, viagra, etc. When I say normal sites I mean that there are sites that do logistics,
https://www.google.com.ar/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=mother//readf.php&safe=off&nfpr=1&start=10
https://www.google.com.ar/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=mother//readf.php&safe=off&nfpr=1&start=10
Disabling all plugins doesn't help (I renamed the plugins folder and then tried to log into the admin).
Searching the database for readf.php or mother doesn't show anything obvious.
The client claims to only have made changes to content since yesterday, when the site admin was still working. (Yes, claims... they have superadmin access, so this might not be true).
Has anyone come across this issue? Any ideas on what I can look for next?
Sounds like you got hacked. Time to fix it right the first time, or you will get hacked again. You need to replace all core WP files/folders (except wp-config.php and wp-content), but scan the uploads folder and theme for exploit code and modified files or added files, like readf.php. Replace all plugins, too.
Also scan the database for eval code and added administrators. (See "My Site was Hacked" below).
Change all host, FTP and WordPress passwords in the process. Scan your own PC for malware that might have grabbed logins and passwords.
Tell your web host you got hacked; and consider changing to a more secure host.
Carefully follow FAQ - My Site Was Hacked at WordPress.org.
Then take a look at the recommended security measures in Hardening WordPress and Brute Force Attacks at WordPress.org.
I have made a demo agency website. It works fine on my localhost with Wamp. But when I upload it to a webserver and tried to head to my url, the only thing I can see is a loading spinning wheel. Though the title for the homepage is loaded (as I can see it in the tab bar).
I have googled for the problem, but most of them were suggestions to reduce the size of site including minified js, reducing http requests, compressed images, etc. So, I tried applying it and now I am also using cloudflare's cdn. Still, I cannot solve the problem. I am really fed up now. Any suggestions..?
NOTE: site's url is http://crazyrabbit.in and its built upon codeigniter framework.
Firstly I'm not a web developer! My site was created by a company that is no longer in business, so I have access to the admin page to add content, but know nothing about the back end.
I have been asked by an SEO company to add Google analytics, when I tried to add the script.../script to my footer, which is included in all pages, it shows up in the page source of a web browser, but does not run, and Google tells me it's not installed.
Is there a way to add either a script to via the admin tool, or a < ?php include_once("analyticstracking.php") ?>
If the latter, into which directory should I ftp the analyticstracking.php file?
First of all, if it shows up in the page source, you are halfway there. You just probably did not copy-paste it right. Try copying the EXACT code in google analytics, put it in the footer and try again.
The include functions won't do anything different than putting the code straight in the footer.
Note that you need to have some visits on the site so that GA knows the script is installed.
Using CKeditor on my project.
Recently installed fmath plug-in. Followed all instruction and created PHP file that will get image from editor and save in website directory.
The problem is, there was something wrong with fmath editor: when I tried to press "Ok" (it must send generated image to php file and show result image in main CKeditor textarea) nothing happened. I activated webconsole of FF and as you see browser tries to get some crossdomain.xml. I think editor configuration has nothing to do with this problem. fmath editor doesn't even try to send something to php file (firebug doesn't show any XHR activity)
Can anyone explain me, what can I do in that case?
It is a security issue: crossdomain.xml contains the security policy for the domain you are trying to access. Resolving this issue is (relatively) easy: Just add a crossdomain.xml at the top level of your web server's content root.
You can learn all about security policies and the Flash security model in Adobe's documentation, or download this pdf.