WordPress deleting posts

It could be a plugin malfunctioning and allowing the restricted users to delete posts. It could also be an early sign of the site having been hacked. I would suggest testing your site with a plugin like WordFence to see if it has been compromised. If WordFence returns a clean report then contact the author of the plugin you use to restrict those other users because it is likely the plugin malfunctioning!

Hope this helps.

You site is hacked / infected with malware. See https://sitecheck.sucuri.net/results/pursuitae.com

Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Off hand, couple of names that come to mind are Sucuri and Wordfence.

In fact, t-p, I have fixed many sites with similar issues that use permissions plugins as this user mentioned they are using such a plugin it may not be a hacked site. I have seen this problem occur before from a malfunctioning permissions plugin where users who did not have delete permission were still able to delete posts/pages.

Also, I followed the Securi link you provided and it clearly says that this users site is not hacked/infected.

@rahulrkrishnan,

FYI, it’s not a good idea to respond to work offers from random forum users who have read about your issues. You’re going to get people asking you on your own site and when that happens, please report that in a new topic. That person and company will be banned from this site if they seek a paid job from you.

this is the info i get from simple history;

WordPress 4 mins ago
Deleted post “asdf”

Context data
This is potentially useful meta data that a logger has saved.

Key Value
id 1234
logger SimplePostLogger
level info
date 2018-07-26 09:18:00
message Deleted {post_type} “{post_title}”
initiator wp
context_message_key post_deleted
post_id 465307
post_type post
post_title asdf
_message_key post_deleted
_wp_cron_running true
_server_remote_addr 11.111.11.1
_server_http_referer https://pursuitae.com/wp-cron.php?doing_wp_cron=1532596509.8031070232391357421875

so a cron job is deleting my posts? how can i find which cron is doing this? i have WP-Cron Events installed but not sure how to identify this particular cron.

It sounds to me like a custom cron job was added or you have a malfunctioning plugin. I would check the cron jobs directly on the server not using a plugin. Are you using a cpanel based server? Also, would you provide a list of the plugins you are using?

Hi, author of Simple History here.
To make it easier to detect what plugin that is doing this I’ve added some extra info to event logged during cron jobs: in the next update of Simple History you will also be able to see the current filter. Hopefully this will make it possible to easier detect the code/plugin behind your post deletions.

(I hope to be able to release the next version later today.)

i use wordpress hosting on a 3rd party website with no cpanel.

• This reply was modified 6 years, 4 months ago by rahulrkrishnan. Reason: plugin details removed!

@eskapism

I look forward to the update!

your plugin turned out to be the best security tool I have now, without which I’d not have found these issues!

Ah, okay. Some of the hosts that offer specific WordPress hosting packages still offer a way to see your cron jobs through their custom interface. In any event, from looking at the plugins you’re using my best guess is it that you have a conflict between the two access plugins you’re using Advanced Access Manager and User role editor that is allowing users who do not have delete access to delete stuff and logging it as WP deleting it.

@binarywc

I can’t uninstall AAM. I could remove user role editor and see if there’s still such a conflict.

But when both plugins are set to deny such capabilities to users, is it possible to have such a conflict? Do you have any suggestions?

Does deactivating a plugin disable its cron jobs? and maybe such conflicts?

• This reply was modified 6 years, 4 months ago by rahulrkrishnan.

Yes, anything is possible. There could be a bug in the code for one or both of them. However, is User Role Editor disabled? If so, then it is not causing such a conflict. Are you able to wait for the update to Simple History?

• This reply was modified 6 years, 4 months ago by Davood Denavi.

@binarywc

Yeah, I agree. Better to wait for the Simple History update!

Will come to know which plugin is malfunctioning!

In fact, that may not give us any further info. But the hope is that it will. Please let me know once you have seen the new info it provides. I am happy to continue helping you nail down whats going on once we have the updated output!