awhitemage

It seems like when I add the register_sidebar new CSS code gets introduced into the theme, which messes up the theme’s CSS.

I’m not sure where to look to find out which new CSS codes get introduced when I call a register_sidebar…

Any idea?

I don’t get any errors after I edit functions.php (which is the only one being edited).

It also works great in firefox. It just messes up with IE.

screens of what’s happening:

https://imageshack.us/photo/my-images/197/dashboardtestsitewordpr.jpg/
https://imageshack.us/photo/my-images/196/testsitewindowsinternet.jpg/

the site is on localhost, can’t access it from outside right now ??

here’s the code I pasted at the very end of functions.php, inside my theme’s folder.

https://pastebin.com/qssN6HUw

and here’s the structure of the theme’s sidebar.php

https://pastebin.com/16XC5jhs

I’m guessing the code passes the W3C, but I can’t test it right now.

my register_sidebar looks like that:

<?php

function my_register_sidebars() {

	/* Register the 'primary' sidebar. */
	register_sidebar(
		array(
			'id' => 'theOnlySidebar',
			'name' => __( 'The Only Sidebar' ),
			'description' => __( 'A short description of the sidebar.' ),
			// 'before_widget' => '<div id="%1$s" class="widget %2$s">',
			// 'after_widget' => '</div>',
			'before_title' => '<h3 class="widget-title">',
			'after_title' => '</h3>'
		)
	);

	/* Repeat register_sidebar() code for additional sidebars. */
}

add_action( 'widgets_init', 'my_register_sidebars' );

?>

I’ve asked about this to the theme vendor, but haven’t heard back yet.

I password-protected my wp-admin directory (using the cpanel) and haven’t been hacked again, yet. So until I switch from Midphase to something else, that seems to be a good “solution”.

I already started looking for a new host. Bluehost cought my attention.

I had problems with midphase for a while now, this hacking stuff (which may or may not be midphase’s fault) is just helping me make the move.

@idahsto8: This may or may not help.

I password-protected my wp-admin directory… But somehow I’m doubtful it’ll keep them from hacking my wordpress installation again.

In the users table, the user that has an ID of 1 is the admin, so he has full rights.

In your cpanel (“www.yourdomain.com/cpanel”), access PHPMyAdmin, then, in your wordpress database, click on “wp_users”. You’ll see the admin user in there, edit that user. In the “user_pass” field, change the password and don’t forget to change “fonction” to “MD5”.

voilà

They were index.php and header.php, in my current theme. They simply were modified to display hacked content.

Midphase too? Funkey!

I’ll send midphase those two threads, see what they say.

I suggest you do the same.

I’ve reported that my site was hacked too, a week ago, by what looks like a password reset script/hack (it did happen again, yesterday).

My hosting company was quickly blamed, even though I did confirm with them my account was untouched.

https://www.ads-software.com/support/topic/so-i-got-hacked-3-hours-ago

I wish you better luck than I had.

ps; what’s your hosting company?

Was your cpanel password changed? Did you receive a password reset email coming from your WP installation?

As I said, I did confirm with midphase that my account was fine and that my cpanel accesses were all coming from my IP address.

I contacted midphase and they looked at my account, everything was fine, and all cpanel accesses were originating from my IP address.

My computers are fine and secure and constantly being monitored for suspicious traffic.

Unless they’re a bunch of genious hackers, this looks like a simple password reset hack on wordpress 3.0.1. (I got a password reset email, too)

I haven’t removed the *two* files they modified yet… I find the song they inserted rather catchy. (it’s originating from hxxp://www.abo-ali.com/ – looks like a legit music streaming site)

I meant to add: what’s the exploit and how can I prevent it?