WordPress.org

Forums

Another slow site including the admin page +Trojan redirect warning while edit (4 posts)

  1. davefromsb
    Member
    Posted 1 year ago #

    So this has been a problem for a while, I've just been too busy and our company did not really need the advertising but now we need to start looking into future business development and this site needs to work.

    Story: Our site, http://www.Vernonconstruction.com seemed to be hacked. I cant remember what happened first, the trojan warnings while editing with the admin tools, or google black listing the site and shutting it down. Eventually the guy who made the site was able to get it unblack listed...

    Today, the site is up and running however it is painfully slow. I also still get trojan warnings from my commodo anti virus. The window pops up with the trojan.js re director.

    We put "IT" people on it, and their opinion is the picture sliders are too big (The photos in them are around 100-200 kb and each slider has about 5-6 pictures) and then they said "Browsers tend to bark at WordPress sites when there's really nothing there to bite." (Referring to the trojan warnings)

    I've done searches and have tried a few things, I tried disabling all plug ins, no go, tried updating everything, no go, I tried simplifying the site, nothing. I ran a few of the website scanners people posted on here, and they all say the site is safe. I ran Yslow and the home page gets low marks in compressed components and expires headers. That is about all the details I can come up with. I'm nearing the point where I'm ready to just start over from scratch. Thanks in advance.

  2. Pioneer Valley Web Design
    Member
    Posted 1 year ago #

    We put "IT" people on it, and their opinion is the picture sliders are too big (The photos in them are around 100-200 kb and each slider has about 5-6 pictures) and then they said "Browsers tend to bark at WordPress sites when there's really nothing there to bite." (Referring to the trojan warnings)

    While the site may perform better without the slides, that issue is unrelated to a site that hosts or directly links to sites that host malware - unless the malware is a part of the javascript that runs the slideshow.

    Your site currently scans OK at Sucuri,
    http://sitecheck.sucuri.net/results/www.vernonconstruction.com/
    but do you know what this link is: /https://vernonconstruction.com:2096 ??

    Your antimalware product may be wanting the whole site to be https? Do you have an SSL cert (HTTPS) and if not are you linking to https?

    Of course no online scanner is foolproof and antimalware products often do have false-positives.

    Also take a look at this:

    http://www.UnmaskParasites.com/security-report/?page=vernonconstruction.com

    The safe thing to do is work your way through these resources:

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Anything less will probably result in the hacker walking straight back into your site again.

    Additional Resources:
    Hardening WordPress
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/
    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

  3. Krishna
    Volunteer Moderator
    Posted 1 year ago #

    I have scanned your site with some of the tools but they don't show any infections. If you get virus warnings, you may follow the resources posted by Seacoast above.

    You can see a page-load report here that shows over 23 seconds to load the site. Start working on the recommendations given there.
    http://gtmetrix.com/reports/www.vernonconstruction.com/jcFKqy7J

  4. Pioneer Valley Web Design
    Member
    Posted 1 year ago #

    some scanners will warn on a site that 'should' only take a few seconds to load, but actually takes a very long time...this may be a sign of a misconfigured server, website, or both which can and often does lead to them being compromised and therefore may be considered unsafe.

Topic Closed

This topic has been closed to new replies.

About this Topic