becs

Do I take the blue pill or the red pill to go with my drink?

I have my site back. I deleted the rogue index.html, I have managed finally to chmod the wp-content folder back to 755 and the files to 644.

I don’t know what was going on. Its obviously an issue with my provider somewhere but I cannot speak with them until they open in the morning.

I earlier checked out the “hardening wordpress” link you gave and there is a plugin for wp-admin apache password but both the download links are dead. Do you know of a similar (and reliable) program that I could use to password protect my wordpress?

Thanks for your help, oh and BTW I did drink that water, it just tasted a little funny at the time as I didn’t understand what I was drinking, I was not being deliberately ignorant :-))

HI whooami,

Thanks for your help. I do feel like at the moment I am forced to use 777 because if I try the others then my blog fails to display any content but a blank page. I am not worried about any plugins, I can disable any I like, but when it breaks to a point of not even being able to load my page because the all themes break then I feel there is an issue – but I do not know how to fix that issue.

I cannot find a CHMOD that is acceptable to wordpress to displaying my themes other than 777. I don’t even know if this is a wordpress issue or a problem with my host. I have of course emailed my host support for help on 777 and I await their reply tomorrow.

I have checked some older threads and they suggest to use 755 for wp-content, but the result is that the themes break.

I didn’t think macsoft was suggesting that program was a problem, I just thought I would check it anyway. No harm in just looking ??

Hi Macsoft, I cannot find phpformgenerator in my control, its probably there but evading me.
Even if I could find it I do not have the technical know how to analyse web logs. There nearest I get to logs is checking my webstats. lol

OKay I found an old post relating to theme problems and have found something interesting.

If I change the wp-content file permissions back to 777 then I have no problems and everything is back to normal.

But this is a worry, if 777 is so risky, why am I forced to use it for that folder to keep my blog going? I don’t want to end up with being hacked again, but if 777 is so important how can I stop this from happening again?

I am sorry but I am really confused, on the one hand things are dangerous and on the other hand something is vital.

Thanks for the information Macsoft3, I shall get onto my host in the morning to double check (they are currently closed).

Whooami, thankyou for the offer, as much as I am desperate to get my blog fixed and I am sure you would be able to help, but I am absolutely flat broke at the moment and would have no means to pay for support.

BTW aswell as my theme page throwing up vomit, my plugins page is empty aswell. Its like the bowling ball effect. One by one everything is falling apart ??

I know the risk of 777 and I never put it to 777, but somebody did. I am concerned as to how they are getting in.

My concern at the moment though is getting my blog back. I have tried to upload the wordpress software back again but there are just no pages. The content is still there, but nothing is home.

I go into the dashboard and presentation and there are no themes listed, even though there are themes there and I get the following error

Warning: array_keys(): The first argument should be an array in /home/********/public_html/wp-includes/theme.php on line 298

Thanks Gangleri, Happy New Year.

OH right, I didn’t realise some versions did not need installing. All the other ones I did before needed installing IIRC.

Thanks for your help. Do you know what is new in this version? I looked for a changelog but could not find one.

I had the developer of one of my plugins look at my server logs and he says there is nothing to show illegitimate use or even access to page.php files.

I had a look myself and whilst I don’t understand logs much, I could not see anything relating to page.php either.

Hello, I don’t have a shared host and my hosting is only accessible by me.

I have been using the self hosted service for over a year and apart from this happening late last year, these two incidences are the first time I have had a problem in all that time.

I am happy with self hosted and dont want to go back to wordpress.com as I like the better customisation, but this issue is obviously getting in the way at the moment.

Just an update, it has happened again with another theme. Lots of tramadol links etc entered onto page.php or other files.

I don’t understand what is going on and how this is happening. I changed both my wordpress password and my hosting password, I deleted the offending theme the other day and now it is occuring on another theme.

This is nothing to do with that plugin as I thought earlier as that is not installed at the moment.

One thing I did notice that the page.php that was affected was writable by wordpress from the dashboard. As far as I know I have never given it file permissions.

But lets say I had given it file permissions previously to write from dashboard, is that enough for a hacker to get in and change my files? Why is there no higher level of security on wordpress to stop people accessing my stuff without my login?

I find this very worrying as I do not understand what is going on.

I just wish to add, I wonder if this is a security issue with the new wordpress. I am not in the business of apportioning blame, I just want to find out the source, but these two hacks have occurred since I upgraded to new wordpress last week.

I don’t know if they were related but both things happening today is a coincidence or not? I read another link today that said Bad behaviour scans google ads looking for culprits to block or something like that, so maybe the google ad compromise is related, I have no idea.

Thanks for the link. Most interesting, and fortunate to see a few plugins which may help.

What I have managed to do is on the original wordpress blog I have changed the date stamped on all posts to the 24th September, I have then exported the file again with the new dates and imported it into the new blog.

This means all posts now have a date of september 24th and nothing since then, but really that does not matter, the posts are now there and intact although a little out of the posting order.

I have tried putting the dates back to what they should be but this results in error pages when links are clicked on so I will just leave them as they are. As long as everything goes normal from now on its okay.

Would really like to know what the problem may be though, as none of it is making sense to lose a month.