Hi @janw,
Can you confirm if the issue persists when you temporarily deactivate the Wordfence plugin?
Thread Starter
janw
(@janw)
Hi @wfyann
I deactivated all the plugins, none are causing this problem, unless just by their presence they are causing issues. I only was running aksimet antispam, wordfence, and wordpress importer.
I’ve been told it might be a crypto miner script, which is why I don’t see it having an effect in my mozilla because I turn javasript off as default, unlike chrome.
I’ve searched my wordpress public_html folder for coinhive, since I’ve read that this is common infection scripting, but it’s not showing up in my front page source code. You could easily look at the source code as well.
Is it possible my theme is infected? I’m using TwentyThirteen. To test this, I changed to TwentyTwelve. I’m also getting a TwentyThirteen is broken message. hmmm….
I notice the CPU spike doesn’t happen immediately. It takes maybe 5 seconds before it begins.
Thread Starter
janw
(@janw)
Yippee!! Looks like changing to the different theme solved the cpu spike problem. Now to figure out how to get a new copy of TwentyThirteen.
Interesting result when I tried to uninstall;
Warning: posix_getpwuid() has been disabled for security reasons in /home/janwhita/public_html/wp-admin/includes/class-wp-filesystem-direct.php on line 199
MANY times repeated, then this:
Warning: Cannot modify header information – headers already sent by (output started at /home/janwhita/public_html/wp-admin/includes/class-wp-filesystem-direct.php:199) in /home/janwhita/public_html/wp-includes/pluggable.php on line 1216
Is there a manual way to uninstall a theme via filemanager?
Thread Starter
janw
(@janw)
The problem is either the install of wordpress, which I’ve done several times now or TwentyThirteen theme. The TwentyTwelve theme does NOT result in this problem.
I nuked the problem files that Wordfence found and reinstalled WP again, just to be sure. This problem shows during or after the reinstall:
Warning: posix_getpwuid() has been disabled for security reasons in /home/janwhita/public_html/wp-admin/includes/class-wp-filesystem-direct.php on line 199
I’m now stumped.
Thread Starter
janw
(@janw)
Hi @wfyann
Found the problem, maybe. It’s in the head:
<link rel=’dns-prefetch’ href=’//msdns.online’ />
This is blacklisted in sucuri sitecheck data.
Is it possible that theme 23 is generating this code in the header?
And is it possible that code would cause the cpu spike?
Again, this is beyond me. Thoughts?
Thread Starter
janw
(@janw)
Hi @wfyann
Hopefully this is helping others. Sorry for going on, but I’m documenting as I try things. Hope that doesn’t break forum rules!
OK, I looked at the source code for theme 2012 and it doesn’t have the msdns.online prefetch line. As I documented before, 2012 does NOT spike CPU, but 2013 does, at least my version does.
I happen to manage a different website, installed 2013, looked at the source code, and that line of prefetch is not present. That site when 2013 is active does not spike cpu either. So I think that is the culprit.
If I delete 2013 from my files altogether via filemanager, can I then reinstall a clean copy? renaming it didn’t work.
Hi there @janw,
Sorry for our delayed response! It definitely sounds like the theme is infected. I recommend you just uninstall/delete the theme and then reinstall it. The reinstalled theme should be clean and the issue should be fixed.
Thanks, and have a great day!