WordPress.org

Ready to get started?Download WordPress

Forums

File Download - Security Warning (8 posts)

  1. kwalerow
    Member
    Posted 5 years ago #

    Trying to help out a not-for-profit organization that no longer has their WordPress guy on staff. Their sites could be accessed without any problem yesterday, but when trying to access them today (even via wp-admin.php), the following message displays in a pop-up window:

    File Download - Security Warning
    Do you want to save this file, or find a program online to open it?
    Name: xxx
    Type: Unknown File Type, 94 bytes
    From xxx
    If I click on "Find", the following message displays:
    Windows has the following information about this MIME type. This page will help you find software needed to open your file.
    MIME Type: application/x-httpd-php4
    Description: UnKnown
    Windows does not recognize this MIME type

    And, other than looking at the WP version displayed at the bottom of a page or in Admin (since I can't bring up the site right now), how can I find out the version number so that I can properly list it in this post?

    Thanks for any assistance you can provide.

  2. Ivovic
    Member
    Posted 5 years ago #

    this is a *very serious* server configuration problem. Contact the host (and please remove the links to the sites, so that no passwords are compromised)

  3. whooami
    Member
    Posted 5 years ago #

    indeed, I just downloaded a raw wp-config.php :P

  4. kwalerow
    Member
    Posted 5 years ago #

    Thank you very much, Ivovic. Hopefully I can repay the favor someday.

  5. Ivovic
    Member
    Posted 5 years ago #

    no kidding.. whooami :P

    if/when you get this fixed, change all the passwords... everywhere :P ... and change hosts too. Screw this.

  6. kwalerow
    Member
    Posted 5 years ago #

    whooami, is there anything I can do right now to protect these sites? I don't know who to contact regarding the hosting and would have to wait until the morning to see if someone at the corporate office would have that information from billing.

  7. Ivovic
    Member
    Posted 5 years ago #

    kwalerow, use FTP to connect and remove the wp-config.php files from both sites ASAP. You'll need to change the passwords, but there's no reason you should just leave the details sitting there for the next person to trip over.

    by the way, you still have a reference to one of the sites in your original post - get rid of that while you can still edit the post :)

  8. kwalerow
    Member
    Posted 5 years ago #

    Thanks to both of you - I appreciate your quick responses. Let me know if there is anything I can do to repay the favor.

Topic Closed

This topic has been closed to new replies.

About this Topic