• when I click the Update File button in theme editor, I get this page with two fields and an authenticate button. I typed in my wordpress user name and password and it just took me back to the theme editor without the changes I made.

    Not sure what to do about this… Any ideas?

Viewing 8 replies - 1 through 8 (of 8 total)
  • Thread Starter smicky

    (@smicky)

    Also, I can edit the file I was working on (styles.css thought this has been happening on any file I try to edit) by working through an FTP without any problems so I don’t think it is the file…

    I think you’ve probably been hacked. ??

    Thread Starter smicky

    (@smicky)

    hmm…ok. Nothing has been changed and this has been happening for a week or so… What should I do?

    And what is it that has been hacked? The WordPress site, the apache server, ?

    Have a look around for base64_decode type code that’s been inserted into the source code of your theme or your wordpress files or anything that looks suspicious basically.

    Bit of further reading for you:
    https://www.ads-software.com/support/topic/281813?replies=13
    https://www.ads-software.com/support/topic/281963?replies=4
    https://www.ads-software.com/support/topic/273029?replies=7

    If you think it is definitely hacked…
    https://codex.www.ads-software.com/FAQ_My_site_was_hacked

    did you read what the box said specifically, before you typed in your credentials?

    There IS a hack for wordpress vesrsions older than 2.8.4 that manifests itself like what you described. Without more details though its hard to say.

    Youve already sent off your passwds, if you are hacked. can you cause the box to come back, (by logging out, maybe?) and post a screenshot of it when you get it back?

    adding on,

    I clearly see this:

    <meta name="generator" content="WordPress 2.5.1" /> <!-- leave this for stats -->

    in the source of your blog located at https://www.l…&#8230;.com/creative/

    if this is the blog in question, you probably are hacked.

    In which case,

    Here’s *my* standard reply:

    more advice:
    https://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/

    Make sure that your files on the server are clean. If that means deleting and reuploading, than you ought to do that. Files that you dont replace, should be looked at closely.

    Check for files that dont belong, directories that dont belong. Image files with changed timestamps — look at those. Its VERY common for there to be scripts on sites that are named in such a way to mask the fact that theyre scripts.

    Be suspicious, when youre looking at things.

    Look at your permissions. Do you have world writable files? Any world-writable directories? Are they necessary?

    You need to check your database. Look for rogue plugins being loaded, look for rogue users (specifically look for a user named wordpress). You will NOT see rogue plugins or rogue users in your wp-admin/ area. You need to check your database.

    Make sure ALL of your plugins are current.

    Make sure your wordpress is current.

    Change your mysql password that wordpress uses (update your wp-config.php with that new password). Especiallly important in cases where you see changes to your mysql database.

    Change any admin level passwords on your blog.

    Look at any other software thats being used on your site. Is it current?

    That’s just an outline and not a complete list.

    There’s quite a bit to do, but it’s all necessary.

    If you cant do it all — by all means dont hesitate to enlist the help of someone who can. Quite a few of us do work on the side.

    Then there’s this:

    https://codex.www.ads-software.com/Hardening_WordPress

    and this:

    https://www.ads-software.com/support/topic/307660?replies=1

    Thread Starter smicky

    (@smicky)

    that isn’t the blog that I was talking about but thanks for all the info…the site I was talking about is:

    https://www.dailymirror.us

    Thanks again!

    Hacked.

    Unless you inserted a whole bunch of hidden ‘forex’ links directly after the body tag that is.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘theme-editor.php wants me to authneticate’ is closed to new replies.