Title: Help! Site crashed!? Last modified: August 20, 2016 --- # Help! Site crashed!? * [eystevens](https://wordpress.org/support/users/eystevens/) * (@eystevens) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/) * I have three WP sites based off of a primary domain. * Primary domain: thejourneyanchorage.org Add-on domain: ellenstevens.com Add- on domain: tobystevens.net * Yesterday, on “ellenstevens.com” I updated to the latest WP version, added a new WP blog post and made a few changes to the theme. Nothing behind the scenes or requiring widespread changes. No problems. No issues. And no changes to the other sites. * This afternoon, I find all three websites are down. I don’t know if my host made a widespread update, or if there was a hack. * When I access the site, I receive the following message: * On [http://www.ellenstevens.com](http://www.ellenstevens.com): Parse error: syntax error, unexpected T_VARIABLE in /home/sojour5/public_html/ellenstevens/ wp-includes/functions.php on line 192 * On [http://www.tobystevens.net](http://www.tobystevens.net): Parse error: syntax error, unexpected T_VARIABLE in /home/sojour5/public_html/tobystevens/wp-includes/ functions.php on line 192 * On [http://www.thejourneyanchorage.org](http://www.thejourneyanchorage.org): Parse error: syntax error, unexpected T_VARIABLE in /home/sojour5/public_html/ wp-includes/functions.php on line 192 * Can you advise me on how this happened across the board, and what I can do to fix it? Any ideas? * Thanks for your help! Viewing 15 replies - 1 through 15 (of 30 total) 1 [2](https://wordpress.org/support/topic/help-site-crashed/page/2/?output_format=md) [→](https://wordpress.org/support/topic/help-site-crashed/page/2/?output_format=md) * [Tony Bianco](https://wordpress.org/support/users/tbianco/) * (@tbianco) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357631) * I’m having the exact same problem. Did you find a solution? * [digitalcashcrop](https://wordpress.org/support/users/digitalcashcrop/) * (@digitalcashcrop) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357632) * I’ve also had this happen to every single site 30+. Such a pain, not understanding what the trigger was, but I replaced with new functions.php and fixed. The old functions.php was 2Kb smaller, something has been deleted from there… What plugins are you running? if we have the same plugin, that may be the cause. * [digitalcashcrop](https://wordpress.org/support/users/digitalcashcrop/) * (@digitalcashcrop) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357633) * to be clear on the fix, replace wpincludes/functions.php with fresh wordpress 3.5 file. * [digitalcashcrop](https://wordpress.org/support/users/digitalcashcrop/) * (@digitalcashcrop) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357636) * I have compared new functions.php to broken functions.php files and here is the difference. * New function.php file does not have this on line 1 (or anywhere) * * Also line 192-208 has been deleted and should have this: if ( doubleval($bytes) >= $mag ) return number_format_i18n( $bytes / $mag, $decimals ) . ‘ ‘ . $unit; * return false; } * /** * Get the week start and end from the datetime or date string from mysql.** [@since](https://wordpress.org/support/users/since/) 0.71 * * [@param](https://wordpress.org/support/users/param/) string $mysqlstring Date or datetime field type from mysql. * [@param](https://wordpress.org/support/users/param/) int $start_of_week Optional. Start of the week as an integer. * [@return](https://wordpress.org/support/users/return/) array Keys are ‘start’ and ‘end’. */ function get_weekstartend( $mysqlstring, $start_of_week = ” ) { $my = substr( $mysqlstring, 0, 4 ); // Mysql string Year * Looks like a hack, or a major WordPress mess up * [Mark Ratledge](https://wordpress.org/support/users/songdogtech/) * (@songdogtech) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357647) * **[@digitalcashcrop](https://wordpress.org/support/users/digitalcashcrop/):** Ah, that’s a hack, not a WordPress screwup. * I deleted the code php eval code because we don’t need it in the forums. * **Everyone in this thread: Who is your webhost?** * And to be clear, any hack repair is much more than replacing that one file. Work your way through these resources and follow all instructions to completely clean your site or you may be hacked again. See [FAQ: My site was hacked « WordPress Codex](http://codex.wordpress.org/FAQ_My_site_was_hacked) and [How to completely clean your hacked wordpress installation](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) and [How to find a backdoor in a hacked WordPress](http://ottopress.com/2009/hacked-wordpress-backdoors/) and [Hardening WordPress « WordPress Codex.](http://codex.wordpress.org/Hardening_WordPress) * Change all passwords. Scan your own PC. Use [http://sitecheck.sucuri.net/](http://sitecheck.sucuri.net/) before and after. * Tell your web host you got hacked; and consider changing to a more secure host: [Recommended WordPress Web Hosting](http://wordpress.org/hosting/) * [digitalcashcrop](https://wordpress.org/support/users/digitalcashcrop/) * (@digitalcashcrop) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357650) * thanks for the tips I’m seeing this – [http://labs.sucuri.net/db/malware/malware-entry-mwexploitkitblackhole1?v49](http://labs.sucuri.net/db/malware/malware-entry-mwexploitkitblackhole1?v49) * Not sure how this happened, recently changed pass and always update wordpress the minute it releases. * [Mark Ratledge](https://wordpress.org/support/users/songdogtech/) * (@songdogtech) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357668) * **[@digitalcashcrop](https://wordpress.org/support/users/digitalcashcrop/):** Many hack vectors are through the host. Who is your webhost? * Thread Starter [eystevens](https://wordpress.org/support/users/eystevens/) * (@eystevens) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357678) * Updated function.php and it cleared up! Great! * I believe it was definitely a hack in my case, as all three sites were using different WP versions, and only one is used consistently. * My webhost is: Lunar Pages [http://www.lpwebhosting.com](http://www.lpwebhosting.com) They used to be great, but lately I’m not so sure. * How can I avoid this in the future? * I have to say, I was grateful that you could see my current function.php file and tell it was corrupted, but equally concerned that you could see it. Is that normal? How do I prevent it for being hacked? * [Mark Ratledge](https://wordpress.org/support/users/songdogtech/) * (@songdogtech) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357680) * **[@eystevens](https://wordpress.org/support/users/eystevens/):** I couldn’t see your current file, but I could see the error. * Update all your sites. Follow the steps above to clean the hack from each. * Consider changing to a more secure host: [Recommended WordPress Web Hosting](http://wordpress.org/hosting/) * [digitalcashcrop](https://wordpress.org/support/users/digitalcashcrop/) * (@digitalcashcrop) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357695) * eystevens – The function.php is only part of the problem – I found 139 infected files. Currently running anti malware scan with – [http://wordpress.org/extend/plugins/gotmls/](http://wordpress.org/extend/plugins/gotmls/). What a disaster, any one know how this could of happened? * [digitalcashcrop](https://wordpress.org/support/users/digitalcashcrop/) * (@digitalcashcrop) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357696) * [@songdogtech](https://wordpress.org/support/users/songdogtech/) my web host is hivelocity.net. they sent a warning last week that they detected something sus on the server and advised to update root passwords- i did this but that obviously didnt help me. * [Mark Ratledge](https://wordpress.org/support/users/songdogtech/) * (@songdogtech) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357700) * > The function.php is only part of the problem – I found 139 infected files. * **[@digitalcashcrop](https://wordpress.org/support/users/digitalcashcrop/)**: That’s why you replace everything, as I point out above. * > What a disaster, any one know how this could of happened * Are you shared? Or on a managed or unmanaged VPS? * Server vulnerability. Sounds like hivelocity.net should have investigated and done more than suggest a root password change. Tell them what happened; they need to look in the logs for the clues. * [digitalcashcrop](https://wordpress.org/support/users/digitalcashcrop/) * (@digitalcashcrop) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357705) * I’m on manged and dedicated hosting. * Well they have attacked every single on of my sites, its a mess. * [Tony Bianco](https://wordpress.org/support/users/tbianco/) * (@tbianco) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357717) * Here’s the run down on my scenario. We were running 3.4 on all the websites. We have a main corporate website and then several addon domains for various countries. * main website: [http://www.evolvhealth.com](http://www.evolvhealth.com) * addons/sub directories: [http://mx.evolvhealth.com](http://mx.evolvhealth.com) [http://www.evolvhealth.com/blog](http://www.evolvhealth.com/blog) * I updated the main site to 3.5 using the installer. Ran into an error. Had to download 3.5 from the website, uploaded the wp-include folder. Then ran into an error with a plugin from Tri.be for Events Calendar Pro. Fixed that. Everything looked to be in order. Main site was pulling up fine. * Then I pulled up my subdomain sites that are a completely separate install of wordpress running 3.4 and now they are not working. * This only happened once I updated 3.5. They were working fine when everything was 3.4. * I’m trying to figure out why upgrading the main site that’s on the root directory would have affected the sub directories since they are running their own install of wordpress. * [digitalcashcrop](https://wordpress.org/support/users/digitalcashcrop/) * (@digitalcashcrop) * [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/#post-3357720) * All my sites were running latest WordPress 3.5, all have seperate FTP login’s. All are infected. * [@tony](https://wordpress.org/support/users/tony/) – If you are saying WP 3.4 version sites only got infected once updating to WordPress 3.5 on separate sites within same server, means that this hack once infected one site spreads server wide? Don’t understand how this is possible,but looks like this is what has happened. Viewing 15 replies - 1 through 15 (of 30 total) 1 [2](https://wordpress.org/support/topic/help-site-crashed/page/2/?output_format=md) [→](https://wordpress.org/support/topic/help-site-crashed/page/2/?output_format=md) The topic ‘Help! Site crashed!?’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 30 replies * 12 participants * Last reply from: [eystevens](https://wordpress.org/support/users/eystevens/) * Last activity: [13 years, 4 months ago](https://wordpress.org/support/topic/help-site-crashed/page/2/#post-3357876) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics