EMar
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Users registering with long random names@threadi I was just saying, I didn’t realize it could be registrations coming in from XMLRPC
Thanks for the tips though, I’ll looking into a solution/plugin and contact the theme developers.
Forum: Fixing WordPress
In reply to: Users registering with long random namesHi,
Oh, I never though of XMLRPC, I just changed those default links.
I’m using Waveme theme, they have their own registration built-in,
The only place I have the login link is a top menu item, it’s a popup (btn-ajax-login)
It also/still takes the user to custom login and register pages, as part of the theme.
I also enabled that reCaptcha (v2) feature in the User Verification plugin.@andrewshu no worries, I think I have a solution.
Forum: Fixing WordPress
In reply to: .user.ini publicly accessibleThanks,
There’s nothing really in the file that’s insecure,
But I don’t think the file should be public.
It’s belong to Wordfence I think.Forum: Fixing WordPress
In reply to: What is filespack.json ?ok thanks,
I couldn’t find any info on it so I’ll remove it.Thanks for the info,
I looked at the crawler info for those fake links in Google Search Console last night,
They were dated Dec 2025, then today, some of them were updated to 16th Jan 2026.
A lot of the links have disappeared after Validating them yesterday..
Some of them are still redirecting to the fake site, but they’re being verified/passed by Google Search Console.I can’t locate the backup, I was in a hurry to move the website and domain to the new server.
Was using Wordfence scan regularly on the old server and didn’t notice anything major.
Don’t recall any notices of files or directories being altered, I found two index.php files in wp root.The hacker either used ftp, or got access to my control panel/ssh to be able to add those files.
Either way, I think I’ve done an decent job of cleaning up the WordPress directories, more work neededThe new server control panel doesn’t have any accounts created for FTP.
I created new database credentials when migrating with Duplicator.
New admin login info for WordPress on the new server.
Regular updates of server control panel credentials.I have firewall on the server and in WordPress.
Need to do more investigating.. how are they creating those fake redirect links.
I just checked Google Search Console there and the validations I submitted passed.
But there’s still some links in there that still like to this fake site with https://mysite/?mi=1091051262963
They link to products on a fake estore that uses my domain, I can;t find anything in wordpress or in server directories.Forum: Plugins
In reply to: [LiteSpeed Cache] No page cache detectedDamn I didn’t think of that, appreciate you taking a look.
I have CloudPanel and Azuracast configured on one IP, they use Nginx.I have disabled Guest mode and testing the site pages.
Thanks!
Forum: Plugins
In reply to: [LiteSpeed Cache] No page cache detectedIt’s a new VPS, migrated site and pointed the same domain name.
Report Number: INKNNHEK
Thanks!
@yaniiliev thanks! I got it sorted in the end.
Yes, I’m delighted I didn’t even need to touch the database or anything else.Thanks appreciate your help,
If anyone else needs this code, you can add it to the CSS section of your theme..wpsr-hide {
display: none !important;
}Thanks for checking, I disabled the plugin last night, it’s enabled again.
I do have that option selected for On mobile (or) small screen = Hide
Responsive width = 768.Thanks,
EMar@vaakash No worries,
I sent an email to your website.
I didn’t want to post url’s on here.Thanks in advance,
EMar
I was unable to upload the zip file for 3.22.2 as a plugin.
That’s why I unzipped it and uploaded the files, overwriting the others.I didn’t do a backup at that time.
@gscoolidge I looked at System Info,
I can see one possible issue.cURL Version: 7.29.0, NSS/3.90 – We recommend a minimum cURL version of 7.40.
- This reply was modified 11 months, 4 weeks ago by EMar.