I downloaded some free wordpress themes online and also got some demo content online. After importing that demo content to wordpress theme, I modified my wordpress site for months. And everything looks ok.
The problem is, i downloaded that theme and demo content from a unknown site(i dont know the exact url too, because i just searched and downloaded). And i doubt that contain some external link. ie... if my php files or demo content contain some malicious code, can anyone(the creator or theme or creator demo content) steal my info? is it possible? If it is possible how to check external connections from my php files and from demo content imported? Is there any plugins or any tools available for this?
Wordfence is the best security plugin for WordPress. The basic version is free. Check out https://www.wordfence.com. You can use it to scan your files.
Backup your files and database before you install Wordfence.
Follow the instructions if you think your site has been hacked at https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/. You may also want to read the instructions at https://codex.wordpress.org/FAQ_My_site_was_hacked for more tips.
Related
I'm new in WordPress
I misunderstand one thing about the theme use in WordPress
For example, I wanna create the as same website as this I purchased this template.
But when I installed the theme in WordPress it shows me the default Index.php file with little info, used my purchased theme
And when I purchased the theme there exist all src files of the above website.
How I can use my purchased src files of website that will work all function for ex: logins with db?
Thanks in advance!!!!
After you purchased the theme, you probably have just installed the theme and haven't created any pages or tweaked any settings. So if you want to get the same look as that of the preview website, you probably have to check whether the developer has provided any dummy data for importing.
Most of the themes listed in ThemeForest would have the option to import dummy data, so that customers would be able to install some pre-made posts, pages, config, etc. This might be there inside the custom settings page(as a single button to download the content) of the theme, or maybe they have provided it in separate XML files for you to import. If the files you have downloaded doesn't have it, make sure you downloaded All files & documentation. Here's a sample screenshot:
My guess is that you might have only downloaded using the Installable WordPress file only option.
If you are still unable to get the dummy data, probably you have to ping the support of that theme asking them to provide the dummy data.
I know we are allowed to used the themes from wordpress and edit them in the theme editor.
However, working in the theme editor is really annoying. Does anybody know if there is a way to download an entire theme file from Wordpress, so that I can customize it in the editor on my laptop?
thanks for the help
You can use Download Plugins and Themes from Dashboard plugin. it's provides a "download link" in theme's detail page.
While #mohammad's answer is correct, I find it best not to clutter a site with unnecessary plugins, what works best is if you login to your server via FTP or your host's cPanel and download the files that way. It keeps your Wordpress install clean of anything that won't be used too frequently.
If you have any questions on how to do this, your host will be able to guide you without issue.
There are multiple solutions to this problem, you can change theme files through the FTP/SFTP account using Filezilla. or you can access your CPanel account go to the File manager and access your file easily. Other then that you can clone your website to your laptop through any migratory tool after that you can configure your website to the localhost and just make changes in Theme according to your requirement from the Xamp/Wamp folder at your system.
i've got a WordPress installation on another hoster and the hoster informs me, the site got hacked. (everything is up to date)
So i looked at the files and found a corrupted "gpzdecode.php" with an injected code in "wp-includes/SimplePie/".
The code was probably uploaded though a security breach in the core plugin "SimplePie" (know issue but i've found no solution).
We don't use the Plugin but it's a core item and i don't know how to disable it.
The FAQ, Support etc. from Wordpress and SimplePie doesn't seem helpful. If you find something, correct me :)
You know how to disable the core plugin (it's not shown in the "Plugin-Panel" and simply delete the SimplePie directory in wp-includes wont help me, i guess)
thanks in advance,
IT Meyer
I've just started doing some website work for a local business, and I noticed today that there's a very unwanted link at the bottom of their site, which is a wordpress site.
The site makes use of a woo theme called 'whiteLight', as well as woocommerce. I've tried disabling and reenabling all plugins that aren't well known and integral to the site's functioning, and I've sifted through a lot of the theme's files.
I can't find where this line is being added to the site. The line "<center>*bad link here*</center>" is being inserted right after the header and right before the closing body tag, on the home page only. The link in question is actually linking to naughty files inside a directory within the wordpress installation. It's not even taking users to an ouside site as far as I can tell.
I don't have FTP access to the wordpress directory yet, but I've requested it. I have very little experience with wordpress hooks etc, and am hoping someone can help me find a starting point in weeding out this unwanted link.
Thanks in advance!
WordFence is the best security plugin for WordPress. I'd recommend you follow the instructions at https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Another good resource to read is https://codex.wordpress.org/FAQ_My_site_was_hacked
I recommend you search all the files as norlesh suggested. If this was my problem I'd use Jetbrains PHPStorm to search all the files. Another much cheaper solution would be to use Textpad - https://www.textpad.com/
It's also possible that the link has been inserted into your database. If so you won't find it in your files. You'll have to search the database. Use a program like phpMyAdmin or MySQL Workbench to export the whole database to your machine. Then search the sql file for the URL. Alternatively use https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ which is a handy tool you upload to the server. From there you enter db login details and search the database. Note if you use this script you should delete if off your server when you've finished using it, it's a huge security risk.
I just uploaded a Wordpress theme onto my Website.
I get url redirects to website when I am browsing though my website.
The malicious site it links to clickbank.com.
I have scanned all my files with TAC and exploit scanner, but it did not pick up anything.
this picture may help you to find the problem from Entries RSS.
check function.php or search for windows.location code in all project repo
you can search all code by notepad++
While this may not be a direct and final answer, because there are many possibilities.
You may also tell us what is your theme or installed plugins too if they are free for download, we may try.
You seems to be testing in localhost., IMO you may try to eliminate all possible factors first.
Did you install any plugins? (if so)Did you test also the plugins?
Did you scan your database for this link?
Sometimes this kind of problem also appear from Database side since some problematic plugin may put those link in DB, apart from using exploit scanner, you might have to manually check once.
After all, did you also try a clean install to test the theme?
In addition, if it is a very Wordpress specific questions, you may consider posting in Wordpress Stackexchange