ProjectArmy
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Strange text showing up on Google searchCorrect, just copy/paste them into that folder. If your ClamWin is open, restart it so it uses new signature databases.
I would also recommend scanning the SQL file of the database. It might catch something. ClamWin adds an option to the context menu (right-click) to “Scan with ClamWin” so you can scan individual files.
Also, try running SQL file through VirusTotal. Something might get caught.
https://www.virustotal.com/^V
Forum: Fixing WordPress
In reply to: Strange text showing up on Google searchIt’s most likely somewhere in the PHP files. What you can do is zip up your “public_html” folder that has all the files, download it to your PC, and then use a free ClamWin antivirus to scan the files. ClamWin uses free ClamAV engine, which is what cPanel also includes. You might be able to get a hit.
http://www.clamwin.com/The default database of signatures might not be enough to catch it. I would recommend getting these free signatures to increase the range of malware detection. I find these signatures from SecuriteInfo increase detection rate (no affiliation here).
https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml?lg=enIf it still won’t detect anything, it might be a good idea to hire someone who can go through everything and find the source of infection.
^V
Forum: Fixing WordPress
In reply to: Posts have malware linksDoing find and replace on an SQL file is very dangerous. It doesn’t take in account serialized data, which WordPress heavily uses. More on it here.
You need to use a search/replace script or plugin that will re-serialize replaced data. Otherwise your database will be scrambled and you will lose data.
I recommend using this script:
https://interconnectit.com/products/search-and-replace-for-wordpress-databases/—
Now, about cleaning stuff up. If posts are redirecting to malware site, then most likely it’s a file(s) that’s infected. Here are some steps to try to narrow down the source of infection.
Side note: If you haven’t replaced all core files yet, please do so. Delete “wp-includes” and “wp-admin” directories, and upload a fresh set. You should also delete all “wp-…php” files in the root directory, making sure wp-config.php is not deleted.
Make sure to backup your site and database before proceeding.
1. First we check your theme files. Simply install a theme from WordPress.org repository, any theme will do. And activate it. This will be temporary. After you activate, clear any caches you might have and check your posts. If you’re being redirected to malware site, your theme most likely is clean. Re-activate your original theme.
If the theme is the source of infection, I would recommend downloading a fresh copy of the theme, deleting infected theme files completely, and uploading a fresh copy.
2. Now check plugins. Deactivate all plugins, either inside WP admin or by renaming plugins directory to something else. Once they’re all deactivated, check posts again. If redirection is gone, then one of the plugins might be infected.
Now, begin activating plugins one by one, checking posts for redirection. Once malware redirection is back you’ll know exactly what plugin is infected. Delete the files, and re-install that plugin from WordPress.org repository or download it from author’s website (if it’s a premium plugin).
If it’s still doesn’t help solve the issue, try the same approach for “uploads” folder. It’s unlikely the code is there, but as last resort do check it.
If in the end it still there, come back and let me know. We’ll see what else we can do to find it and remove it.
Forum: Fixing WordPress
In reply to: Strange text showing up on Google searchTo see if database does have spam text, you can export your database as an SQL file. Then open it in your text editor on your PC, and do a search for spam text you’ve seen show up on your pages. See if you can find that spam text in your database file.
You can’t remove it from the file, but it will help you see if it’s in your database. If you do find it in your database, then you can narrow it down inside phpMyAdmin. It’s difficult to remove stuff from database due to serialized data. Got to be careful.
Let me know if you find anything in your database.
Forum: Fixing WordPress
In reply to: Strange text showing up on Google searchOK, if you’re on cPanel hosting check if it has a Virus Scanner enabled. If so, try scanning your files and see if anything pops up. If there’s no virus scanner option, contact your host and ask them to scan your files for viruses.
Are there any other websites under this account? For example, other WP sites inside “public_html” directory. It’s common for multi-domain hosting plans.
^V
Forum: Fixing WordPress
In reply to: Content in blog posts repeatingOK, 2 questions:
1. Is your parent theme (Specia 2.2.5) and child theme (Proficient 1.1.8) up to date?
2. Any custom modifications added to Proficient? or Specia?I setup temporary test site (will be deleted in 7 days), and setup Proficient. It appears that everything is working as expected. Here’s an example:
http://distinct-guanaco.w4.poopy.life/2017/03/09/hello-world/If your parent and child themes are up to date, and they do not have any custom modifications, then it’s possible that a plugin is causing this issue. You can test it by disabling plugins one by one and checking to see if duplicate content goes away.
^V
We’ve used UpdraftPlus free and pro for couple of years, and never seen any issues like this. I doubt it’s UpdraftPlus itself, something else had to be involved in this.
All WordPress.org plugins are reviewed, to make sure they comply with terms and are free of malware. Although it’s possible for a plugin to be infected on WordPress.org, it’s very unlikely. And you wouldn’t be the only one infected, everyone else would be having the same issue.
You can browse plugin’s code that WordPress.org stores right here:
https://plugins.trac.wordpress.org/browser/updraftplus/trunkI would recommend seeing if any of those language files are there. That’s the code that you install and activate.
In what directory did you find those language files? If you deleted UpdraftPlus directory, were those files somewhere else?
^V
Forum: Fixing WordPress
In reply to: Dedicated server store media on different physical driveYou’ll need to make sure files are accessible in the browser, through your domain or subdomain. Hardware isn’t my area of expertise, what you need to figure out is how WordPress can access that drive.
You can specify different upload directory and a different file URL, this is probably the closest you’ll get to setting this up. Use this plugin:
https://wordpress.org/plugins/upload-url-path-enabler/^V
Forum: Fixing WordPress
In reply to: Unable to upload media to wordpressTry using
get_temp_dir()function to see where WordPress is trying to put files.If it’s trying to use your specified directory /wp-content/temp/ and still won’t work, trying setting directory permissions to 777 to see if it’s a permission issue. It’s possible WordPress might not have permission to upload to temp directory.
If it’s something different, than you’ll need to troubleshoot and figure out why WordPress isn’t seeing your temp directory.
^V
Forum: Fixing WordPress
In reply to: Dedicated server store media on different physical driveYou might want to look into this thread on StackExchange, this is the closest thing you’ll find about hosting uploads on a different server:
https://wordpress.stackexchange.com/questions/74180/upload-images-to-remote-server/78129#78129If you need to change directory on the same server, you can do so by specifying new path inside wp-config.php:
define('UPLOADS', 'new/path/files');^V
Forum: Fixing WordPress
In reply to: Content in blog posts repeatingIf you publish several paragraphs, will it repeat all paragraphs? So in a nutshell, you have 2 identical posts on the same page? Or is it repeating only the beginning of text?
Not sure if it’s a bug or by design. Looking at parent theme Specia, it also includes this similar feature. Sometimes, excerpt is used in the beginning of the post as a summary to help readers understand what the article is about. It’s possible it’s that. Although it is also possible it’s a bug, if the whole post content is repeated.
^V
Forum: Fixing WordPress
In reply to: wp-cron genrating urlAre you referring to URL that looks like this?
/wp-cron.php?doing_wp_cron=1498584326.8485939502716064453125If so, your alternative cron is enabled for some reason. By default, this is disabled. So check your wp-config.php for this line and remove it:
define( 'ALTERNATE_WP_CRON', true );If it still happens for some reason, try setting it to “false”.
^V
Forum: Fixing WordPress
In reply to: Error 404 and no images after quarantineThis really depends on what you did, most likely you’ve deleted some code that’s causing these issues.
First, to fix your URLs, check your .htaccess file. Make sure it matches default WordPress rules. If you got anything there, for now, delete it and keep default rules.
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPressSecond, your images, I believe your images are there in your uploads folder. I can spotted one:
http://theharvestmagazine.com/wp-content/uploads/2017/08/Site-Identity-Picture-100×100.jpgSo the issue may be with code that you may have deleted when cleaning up your site.
Can you tell us the names of files you deleted or edited? This will help narrow down the issue.
If possible, get a clean copy of your theme files, delete old theme files and upload a fresh copy of your theme. This may fix image issues right away.
^V
Forum: Fixing WordPress
In reply to: Strange text showing up on Google searchLooks like you still need help. I can see spam links and text on the site. This is conditional SEO spam, targeting Googlebot user-agent. I’ve confirmed this.
This is not an SQL injection, it requires PHP to dynamically display this spam when Googlebot visits your site. So the code is in PHP files.
I assume you’ve deleted all core files and replaced them with a fresh copy, just to make sure core is clean based on what you said before. So let’s focus on wp-content directory.
Since all scans come up clean, we’ll need to do some manual troubleshooting to narrow down our search for infected files. In order to verify if spam is gone, we’ll use this free scanner tool that helps us “be” Google: https://aw-snap.info/file-viewer/
Important, make sure “Referrer” is set to “Google” and User-Agent is set to “Googlebot”. It’s important, otherwise you won’t see spam text.
Run your first scan on an infected page, so you know what you will be looking for. Your homepage does have spam text, so you can use that page. Now, let’s troubleshoot.
Make sure to backup your site and database before proceeding.
1. First we check your theme files. Simply install a theme from WordPress.org repository, any theme will do. And activate it. This will be temporary. After you activate, clear any caches you might have and scan the page again. If you still see spam text, then your theme is clean. Re-activate your original theme.
If the theme is the source of infection, I would recommend downloading a fresh copy of TwentyTen theme from WordPress.org repository, deleting infected theme files completely, and uploading a fresh copy.
2. Now check plugins. Deactivate all plugins, either inside WP admin or by renaming plugins directory to something else. Once they’re all deactivated, run the scan on infected page again. If the spam text is gone, it’s one of your plugins. Now, begin activating plugins one by one, scanning infected page after each plugin. Once spam text is back, you’ll know exactly what plugin is infected. Delete the files, and re-install that plugin from WordPress.org repository or download it from author’s website (if it’s a premium plugin).
If it’s still doesn’t help solve the issue, try the same approach for “uploads” folder. It’s unlikely the code is there, but as last resort do check it.
If in the end it still there, come back and let me know. We’ll see what else we can do to find it and remove it.
^V
Forum: Fixing WordPress
In reply to: After Migration, No Admin PrivilegesYou might want to check privileges of your admin user. Here’s a tutorial on how to set permissions in the database for the user:
http://www.wpbeginner.com/wp-tutorials/how-to-add-an-admin-user-to-the-wordpress-database-via-mysql/If for some reason you can’t get your user permissions right, try creating temporary user with admin permissions using tutorial above and then login and set admin role for your existing admin user.
^V
