I just migrated a Wordpress install from one of my servers to another for a client (client's website which I set up and manage) and as a precautionary measure, I was perusing the 'Theme > Edit' listed files in the Wordpress Admin panel just to check for any links to the old server/domain and try to clean everything up.
When I got to the 'admin_panel.php' file, I found this entry at the very bottom of the file (it was the last entry):
function ranking() {
$pshow = " <span style='display:none;'><a href='http://www.ellelive.com/'>Live sex</a> , <a href='http://www.2.livejasmin.com/listpage.php?psid=elenaa'>webcam sex</a> , <a href='http://www.2.livejasmin.com/listpage.php?tags=mature&psid=elenaa'>Mature Female</a> , <a href='http://www.2.livejasmin.com/freechat.php?random&psid=elenaa'>Livejasmin</a> , <a href='http://www.2.livejasmin.com/listpage.php?tags=girl&psid=elenaa'>Girl</a></span>";
echo $pshow;
}
Now, I'm not sure where the theme that I modified for the client came from, as he supplied it, but this is just... odd.
To note, the admin_panel.php file is for the backend theme settings section, so it isn't seen by the public. I also couldn't find anything in there that reflects this entry, but then again I'm not sure I would.
I'm not a coder, so I figured I would just see if anyone had any input on this. Is this likely something that was included by the theme coder? Or should I grill my client about where he sourced this theme and see if he got it from some shady website?
I'm just really unfamiliar with PHP, and while this looks harmless as far as site security is concerned, I figured I'd make sure.
I did remove the entry and everything seems fine, but better safe than sorry, right?
Thanks!
Whoever has made the template ( I presume "elenaa") chucked some hidden links in there to increase the google rankings of these websites. Replace the function with the following if your worried about it.
function ranking(){ return ''; }
If you just delete it you could get missing function errors.
Although the function is in the admin section is it possible the function could be called somewhere on the front end of the website?
Another possible issue: this is something that happens fairly frequently if you have the wrong permissions set on your files - this is especially true if it's at the very bottom of the file.
I've had spammers run scripts on my WP builds that will check to see if the page permissions are set incorrectly, and if they are, the script will write in some links off-site at the very end of the file. This is nice and effective because the spammer gets a Google rankings boost, and most people are never the wiser.
I'd keep an eye on your file permissions, and check back to see if these mysterious links have returned in a couple of months.
Related
I am helping out with a Magento store initially configured by another developer who is now gone from the company, and I have no experience using Magento at all. Instead of using the built-in newsletter tools, he created an HTML form which points to a completely different server (which he owns) and now we no longer get notifications when a customer signs up for it.
Somehow, he embedded the HTML into the front page of the Store's website. I spent hours looking for the HTML and did find it, in a page called "Subscribe.phtml". I got happy, changed the code inside that page to what I want it to be, uploaded it back to the server and... nothing. No change at all to the site. I flushed the cache but that did not help.
The page does not appear to have much code in it. In CMS->Pages->Content, it shows only this:
{{block type="featuredproductslider/featuredproductslider" name="featuredproductslider"
template="magentothem/featuredproductslider/featuredproductslider.phtml"}}{{block
type="newproduct/newproduct" name="newproduct"
template="magentothem/newproduct/newproduct.phtml"}}
Under Design, it shows only that the layout is "3 columns". There is literally nothing else in this section.
Can you help me understand how I can change the HTML in this area to make this work? If this is helpful, here's a picture of the area that I am trying to configure:
Thank you.
On page 44 of the manual, there's a section called "How to find out which layout file to modify". I used Template Hints and figured out where the code lived. This is what Jim was referring to. It would have been nice for someone to instruct me on how to do this.
I set it up and found that the previous developer had modified the template directly rather than use blocks or other parts built-in to the system to modify the front page.
You can enable template hints in the Magento configuration:
Go to System->Configuration
Change "Current Configuration Scope" to "Main Website"
Go to Advanced->Developer
Under the Debug tab, choose "Yes" for the "Template Path Hints"
Save configuration.
Now go to your homepage, refresh the page and you will see paths to all templates used on the homepage. You will then get a good idea of where each block comes from.
It won't solve your problem, but it might help you find the right template to edit.
EDIT: SOLVED
For anyone else who may come across this issue in the future, I'm afraid the best way to do this is to setup some 302 soft re-directs. I personally preferred to use a plugin for this.
The plugin was called "404 redirected" and does the job thus far. It's not the best solution in the world but it's the easiest to implement (should you ever have a client that requires this).
I have a unique problem here. I have a client who is dead set and persisent on having SOME of her pages end in .php. However, she doesn't want all of them to end in .php. She has her reasons I guess and she's not going to budge on it.
I've tried to install a plugin called Page Extension and it worked.. somewhat. Half the time the pages saved as .php would load and half the time they wouldn't.
Does anyone have any ideas on how to accomplish this? I'm stumped.
I've found plugins that'll apparently rename the entire website to .php but she doesn't want that.
Can this even be done with a Wordpress site?
Also, I installed a plugin called NextGen Gallery to get a quick gallery up and running and it broke a lot of crap. My error_log it spammed with messages like this after installing that plugin:
"WordPress database error Table 'xxxxxxx_xxxx.wp_posts' doesn't exist for query SELECT * FROM wp_posts where post_name='php-test' made by require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), do_action('template_redirect'), call_user_func_array, wp_fake_url->check_url"
Edit: The reason she wants these .php extensions so bad is because she's running a diving company/dive shop and I guess a bunch of travel agencies have all of these links from their original site. They get around 200-300 visitors a day to some of these pages already.
Is there any way to setup some kind of re-direct so when people try to visit blah/blah.php they'll be re-directed to blah/blah?
If there's absolutely no way to only make SOME pages .php or re-direct something like that, I guess I'll have to tell her but I'll probably lose that client.
EDIT: SOLVED
For anyone else who may come across this issue in the future, I'm afraid the best way to do this is to setup some 302 soft re-directs. I personally preferred to use a plugin for this.
The plugin was called "404 redirected" and does the job thus far. It's not the best solution in the world but it's the easiest to implement (should you ever have a client that requires this).
You can use the plugin to setup whatever kind of re-direct you want.
You'll find the re-direct panel in Settings>404 Redirected
Simply add your subdomain with the following extension that you want to add and people who visit that will be redirected to the regular URL
what.php will be re-directed to what/
I am attempting to tweak an existing Wordpress theme called Pytheas (for a quickie video tour of its features, visit this page). It is a WP theme oriented toward displaying portfolios. The homepage features a slideshow. My aim is to replace the slideshow with an embedded Prezi presentation.
The home page elements are (moving from top to bottom): header, menu, slideshow, tagline, highlights, posts. However, the Homepage is an odd little thing. It omits any content you may have typed into the editing window (instead, using only the images that have been uploaded to another dashboard section).
I have confirmed that the Prezi-Embedder plugin works on standard style default, blog, and pages. My presumption is there’s some CSS element at work.
My gut (and a little sniffing around) says that this bit of CSS (from template-home.php) may play a role. Specifically clearfix:
<div id="home-wrap" class="clearfix">
<?php
//get template path
$template_path = get_template_directory();
//show tagline if setting isn't empty
if(of_get_option('home_tagline')) { ?>
<div id="home-tagline" class="clearfix">
<?php
//tagline content
echo of_get_option('home_tagline'); ?>
</div>
This is where I turn to you, StackOverflow community members. What might I do to provide additional data and/or context?
Many thanks, in advance, for your attention.
Matt Warren
First step was to verify that the slideshow content was indeed being output to the final HTML. After verifying this, I moved on to the one JavaScript error being displayed:
Uncaught Error: Syntax error, unrecognized expression: a[href$=.mp3]
A quick Google on the full error seemed to confirm suspicion that this error was killing the rest of your site's JavaScript, and thus causing your slideshow to not work.
So the idea now (without being able to see all your installed plugins) was, you had some plugin that was installed to playback MP3 files. So that's where I pointed you for a possible fix. The link above provided a potential fix for an installed plugin causing this issue, but simply installing a new audio player was another valid, and less technical, solution.
I was only able to help you by actually seeing the site, that would have likely been pertinent information to provide to get additional feedback from the community.
Glad you got it resolved!
I reached out to a colleague of mine who's more skilled in the php/css dark arts. He was able to confirm that clearfix was not the issue. I was way off. However, his tinkering got some neurons firing and he snooped for a while.
Using Chrome's built-in developer tools, he was able to determine that I was experiencing the same javascript error (which was invisible to me) as this person.
In that thread, one zoonini offere another link to a solution she used. The money is here:
Search for href$=.mp3 and replace by href$=".mp3"
From what I can gather, this is the rub: For whatever reason, pre-HTML5 embedded-audio plugins can fluster these newfangled adaptive themes (oooh, did I use a buzzword?). I fiddled with the javascript file, couldn't resolve the problem and said "to hell with it."
My solution was to uninstall WPAudio and install Haiku Minimalist Player (which is HTML5 and doesn't interfere with such theme elements).
Not only does this make my embedded Prezi displayable, it allowed my frontpage slideshow (which didn't work to begin with) to work properly.
I just finished my first Site Template on ThemeForest.
Now i searched for some tips to shared it to get the most purchased. Then i found some programmes which allow you to copy a full site from a web, e.g HTTrack
Now my question is: how can i prevent a copy request by a program like HTTrack?
Maybe i can manipulate something in my Demo-Files to confuse the program...
I found nothing in the web...
If you want to protect your intellectual property, add a (c) to it.
If you publish on the web, there nothing else you can do.
If you don't want others to copy your theme, don't publish it. And don't fall for stupid tricks like disabling the right mouse button. It only annoys people and will stop nobody.
One possible solution is to place only screenshots of your theme online, not the actual CSS/HTML, but if I were a potential buyer I wouldn't buy based on a screenshot. I would like to test it in the wild on different browsers/OS's.
I'm testing a new template for a wordpress based site, and I'd like to test it directly on the live version instead of making copies. I thought I could create a test user (wordpress is bridged with vbulletin which handles user auth), serve the usual theme to anyone BUT that specific user, who would get the new testing one.
I don't want to install a plugin, I'm looking for the right place to edit to insert this check:
if logged user == test_user_id
serve 'testtheme'
else
serve 'normaltheme'
The userid can be get from $_COOKIE.
I tried hacking the get_template() function in wp-include/theme.php but apparently that was not enough. Any suggestion?
This is the best way to "test" or develop a theme behind the scenes without needing to alter too much of your Wordpress core or make custom changes...
http://digwp.com/2009/12/develop-themes-behind-the-scenes/
Just logging into my old Wordpress.com blog, I see that I can do all the previewing I want from the themes manager already - click around to any page I like, or bring up the frame's URL to see what query string I'd have to append to a URL to get the same preview, e.g.
?preview=1&template=pub/mytheme&stylesheet=pub/mytheme
Any reason that's not enough?
Perhaps you should add a column to your user table, call it "is_beta" and if it's set to 1 then enable beta features/themes. This way you can easily add or remove people from the beta, and when you're beta is ready to launch, you flush the column for everybody and make the features default.