Support » Fixing WordPress » Admin page redirection to…

  • Resolved tarambana


    This morning I received a warning from the antivirus plug in about a posibble infection.

    When I tried to navigate to the login to WP admin page I got this showing on the browser address:

    The browser showed the “cant open the page” form. After another attempt I finally got to the loging page and logged in allright, but the admin displayed all like old html pages, line after line, no graphics but links and funtionality (at least some).

    The blog is dormant at the momment. It has not been accessed at all (admin or anything, so no risk of infections from my or other computer that way). It is a standard WP install with the standard theme and 2 plug ins, Akismet and antivirus). It didn’t have any other thing including no posts.

    If this really is a virus infection it can’t come from my computer so either the server offers vulnerabilities or WP has some vulnerability.

    Any sugestions or help finding out why I get this? And what is it?

    Thanks a lot


Viewing 11 replies - 1 through 11 (of 11 total)
  • Moderator James Huff


    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thanks James.
    The point is I’ve been hit a few times and I have been a few times over those guides and security measures.
    This time I’ve only set up WP fresh, add most of the recomended security measures, left it there and after a couple of months it’s infected again.
    I have not accessed nor has anyone else. I did call my hosting provider that says they don’t have news of any virus in the system or strange activity no similar reports.
    And I don’t understand.
    The consequence is that now I either don’t understand something thats happening everytime I re-install WordPress, or I can’t trust my service provider ( I can’t trust WordPress. 🙁

    Moderator James Huff


    This particular attack is a code injection attack and there’s really little that you can do about it. The attacker either compromises a hosting account or simply signs up for an account and then fires off some simple code which leverages weaknesses in common shared hosting setups to infect all files (not just WordPress) on the entire server.

    There’s really nothing you can do about it except move to a different hosting provider and hope that they have a more secure setup.

    If you want to tough it out, just backup your files and database regularly so you can simply restore if this ever happens again.

    Thanks James,
    Where can I see the code injection so at least I can throw it to the Servers sales and mainteinance (not literally, but someone has to tell then how much pain it is to have this every 2 0 3 months!)

    Moderator James Huff


    You’ll have to search through all of your files for it. There’s no telling where it is exactly.

    Ok. Any idea of what to look for in particular (or where is described on some the existing docimentation)?
    Thanks nevertheless.

    By the way it’s a decission taken: I’m changing servers. I know there are a few recomenmdations on but, (Err.. you sound like you’re in Britain!..) any over here in the UK that can be recommended?
    The other thing, is Im off to do a search on the support files for /.com

    Thanks a lot for your help

    I found base64 code on the files (for the nth time!)
    Thanks a lot for your help James (and WP community in gen)

    Moderator James Huff


    You’re welcome!

    I know there are a few recomenmdations on but, (Err.. you sound like you’re in Britain!..) any over here in the UK that can be recommended?

    No, I’m from California. I’ve never used any UK hosting providers.

    You seem to have it all!! 🙂 the weather and the good hosting providers.

    Moderator James Huff


    No, just the good hosting providers. 🙂

    Ta James.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Admin page redirection to…’ is closed to new replies.