I cannot get the install.php to run. It says it cannot find the file. I changed the config sample file, changed the name, uploaded it, and it still did not work. However, I can log into the site. The site will not load on the front end because it does not have the correct theme. I tried to add the theme but I got the following error:

Installation failed: Download failed. cURL error 77: error setting certificate verify locations: CAfile: /home/***/***.com/blog/wp-includes/certificates/ca-bundle.crt CApath: /etc/ssl/certs

I was able to upload the theme but got these errors:

Warning: An unexpected error occurred. Something may be wrong with www.ads-software.com or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to www.ads-software.com. Please contact your server administrator.) in /home/poffutt/paulaoffutt.com/blog/wp-includes/update.php on line 130

Warning: An unexpected error occurred. Something may be wrong with www.ads-software.com or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to www.ads-software.com. Please contact your server administrator.) in /home/***/***.com/blog/wp-includes/update.php on line 320

Warning: An unexpected error occurred. Something may be wrong with www.ads-software.com or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to www.ads-software.com. Please contact your server administrator.) in /home/***/***.com/blog/wp-includes/update.php on line 500

It seems as though some sort of something is missing from the install? How do I get that some sort back?

To further add pain to my misery, I was a complete idiot and did a delete instead of move to my computer. I did move the wp-config file in case I needed it for reference. And I copied the .htaccess (which is not in place yet). I figured it was all worthless without knowing where the bad coding was. Now I am regretting that decision.

Is this a single or multisite installation? 1 thing it sounds like is that you may have chosen a secure (https) install when in fact you don’t have an SSL certificate. That’ll make things blow up pretty spectacularly. If you don’t have one, then you need to choose the http protocol. Perhaps also try renaming your wp-config.php by appending a 1 on the end, ie, wp-config.ph1 & see if the install won’t run.

Please note also that sometimes the database can get hacked as well. I do suggest that you consider looking at your database using a text editor for words like:

<script
<? php;
base64;
eval 

preg_replace
strrev

This is not an exhaustive list, & the presence of those words are not definitive proof of a compromise, though some are more suggestive than others. I also recommend that you paste your .htaccess file for us to look at to ensure there are no backdoors hidden there where the bad actors can re-enter your site.

If this all sounds entirely too overwhelming (though you seem to be pretty savvy regarding all this) there is a place to hire a professional at https://jobs.wordpress.net. Most site owners are under the mistaken impression that once they’ve removed the evidence of the hack, the problem is resolved. The truth is that the vast majority of criminals leave backdoors where they can reenter & regain control of the site, & if that isn’t fixed, all your hard work blows up in mere seconds once the bad actors take control again.

Good luck. Keep in touch.

I checked with my webhost (DreamHost) and the certificate is still valid.

I have changed every single password on every single site I run several times. What was happening this time was some sort of leftover javascript was still running on occasion and I could not find it.

The website is functioning. I can install the theme, make changes and everything. It is there, viewable. I just get these error messages now.

Lastly, since you’re on Dreamhost, could you please look at your CPanel & see if there’s an aplet present to view error logs? If so, could you please paste entries in your next reply.

The reason I suggested looking at your database is to ensure no spurious code remains there. The site owner can delete/reinstall all files, but if the database has been compromised, then the site still remains under the control of the bad actors.

That site looks like it’s up and running, and I checked the files for anything obvious. It looks okay to me but I did not do a full security scan.

Where are you getting the errors? Just on running the background or do they show up on your wp-admin pages?

I DID a hard reset on your temp folder, just in case something dumb was lingering, and you may need to log back in to your blog, but it looks okay from the outside.

It’s not very user friendly. I know :/

paulaoffutt.com/blog has some bad file permissions (they were read-write) and I fixed that. But since you have the AIO firewall up, there isn’t much else I can do. I checked the WP files in that folder and they all look correct as well.

Oh. Whatever Ipstenu did worked. I am no longer getting error messages. The one about the cert is gone. And uploading themes/plugins do not generate an error message either. Both are listed in the first post.

I love Dreamhost and their staff. Been with them since ’02. It is their new scanning capabilities that caught the problems before I did.

What security plugin should I be using? AIO did not catch these on either of the two sites which is why DH thinks it was an FTP issue, although I don’t.