CliveO

I installed a brand new clean WordPress install and installed nothing else but Contact form 7, I sent the email to a different hotmail address and guess what?…it still didn’t work. I think this plugin is either broke or conflicts/doesn’t work with WordPress 4.3…Any ideas?

I tried turning all other non-essential plugins off…still no luck

At the moment I have the database completely locked down and only gets unlocked for us to edit the site and then locked down again afterwards. I think the best thing is to keep it like that until we can investigate further.

It occurs to me that if the developers of AIOWPS wanted to improve the product they could take a clone of sites like ours and dissect it to discover how hackers might be circumventing their security measures

On the next iteration of AIOWPS it might be good if it could monitor and log any changes to the core WP files, the ones that wouldn’t ordinarily get changed, the ones that don’t get overwritten when WP is updated. This seems the most likely place for hackers to hide code. Failing that, what about a button that makes the database uneditable from within the Admin area rather than having to go in to cpanel? Just a thought.

Yes, they suggested restoring from a backup but as I explained to them the backups get overwritten by new ones (backed up 3 times a week) and as we don’t know when this first got attacked (first noticed 10 Aug but it could have been earlier as the hacker’s posts weren’t visible in the admin, it was only when I was in phpmyadmin that I noticed them so it is more than likely that the issue I have now will also happen with the back ups if the.

Incidentally how do you add a post to a WP site without is showing up in the admin area? This may be a clue as to how they are managing to post.

I installed the plugin for Securi when I first discovered the hack. It found nothing, no malware. I have just done a scan with the plugin and another external scan from The Securi website…both came up with “Site Clean”!?

Im stumped! All I can think is that it is injected into DB but I thought security plugins like AIOWPS stopped that

I searched Google for the exact text they put on my site (1 sentence exact match) and it is unique, it appears nowhere else on the internet so I can only assume it’s not a random attack, it was specifically aimed at our site. But how do they post without using an assigned WP user? Pages were posted by user 0 which I set to “Subscriber” after it happened the first time.

Most plugins seem to stop access for the admin area of wordpress with blacklisting etc but what if hacks are coming straight in to the SQL database? Is there any way to stop this? Is there a plugin that stops hacking at database level?

Currently I have set the SQL database so that it cannot be edited by anyone, completely blocking all but viewing the site and when we want to edit the site I simply turn it back on while we edit and off again when it has been done. Although this has stopped the site getting hacked it is by no means an ideal solution. It would be good to have a plugin that allows to completely block the database from being edited from within the WP admin area.

Here is the problem with upgrading too soon in a nutshell:

Contact Form 7
You have version 4.2 installed. Update to 4.2.2. View version 4.2.2 details.
Compatibility with WordPress 4.1.7: 100% (according to its author)
Compatibility with WordPress 4.3: 60% (6 “works” votes out of 10 total)

So I can either update WordPress or Contact Form 7 if I want them both to work…I can’t have both. I updated Contact Form 7 to the latest version on another site I run and it didn’t work at all, so I had to roll the entire site back.

Oh and I am running WordPress 4.1.7 and all plugins are up to date other than the ones that came with the theme (slider, contact forms and page builder plugins) these are always difficult to update since they came with the theme. A separate license would be good but then you end up paying for everything twice. The theme was only bought and installed less than a month ago so not sure how they get to be out of date so quick.

Theme bought from Themeforest and all plugins from here (www.ads-software.com)

As far as Brute Force, I have login page renamed (10/10) I have login Captcha enabled (20/20) and Honeypot enabled (10/10). I have no other security plugin installed but it is weird, I have other wordpress sites and they have never been hacked, this is the only one with security on and it seems to be a magnet for attacks. I know it’s probably just coincidence but still very weird. Where can I get information on “user agents” for blacklisting? If I could block anything that wasn’t a browser or a search bot it might just plug any remaining holes in the security.

I checked the error log and found this:
doesn’t exist for query SHOW FULL COLUMNS FROM em_core_log_884 made by shutdown_action_hook, do_action(‘shutdown’), call_user_func_array, wp_ob_end_flush_all, ob_end_flush, xcalendarBufferEnd, xcalendar->bufferEnd, xcalendar->writeLog.

I know “flush all” can’t be good and I am sure a “do action shutdown” ain’t a good thing. Can you tell me what this is trying to do?

Like I say, most things in AIOWPS are set to max and still they come, there are no failed logins so they are not coming through the front door but looking at the error log their attacks are relentless.

First of all thanks for your concern for my stress ; ) but I am perfectly calm. This isn’t the first time I have been hacked tho it is the first time that someone has broken in to simply post an article on my site. Because it isn’t the first time, I installed “All in one WordPress security” which evidently hasn’t seemed to work.

The AIOWPS logs tell me that I am under constant bombardment, here is a tiny snippet of the logs:

[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:42 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 1:43 PM] - NOTICE : Login attempt from blocked IP range - 104.243.129.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*
[08/06/2015 11:45 PM] - NOTICE : Login attempt from blocked IP range - 54.213.92.*

If you notice this snippet is from 2 different IPs…Is this normal? How do I find out how the hacker accessed my site to place the articles and therefore block their IP too?

Thanks
Calm Clive ; )

I had the same problem but for me, only part of the content was being deleted. I did all the usual turning off all plugins and swapping my theme but to no avail. In the end, one of the forums suggested running my site through the W3C html validator which I did and it threw up an error that the document encoding was utf-7 instead of utf-8. I changed this in the “Reading” settings of my wordpress install and hey presto! it worked. This may be a good place to start, if there is no option to change the character encoding then your WordPress is 3.5 or newer in which case it will default to utf-8 automatically. It may still be worth running your site through the W3C validator https://validator.w3.org/

You beauty! Thank you so much. How hard it was to do this? I have scoured the web for this solution. So here it is the final code that lists the latest 10 pages in a sidebar text widget.

<ul>

<?php
$howmany = 10;

$pages = wp_list_pages("echo=0&title_li=&sort_column=post_date&sort_order=DESC");

$pages_arr = explode("\n", $pages);

for($i=0;$i<$howmany;$i++){
	echo $pages_arr[$i];
}

?>

<ul>

Simply install the “PHP text widget” here https://www.ads-software.com/extend/plugins/php-text-widget/ and drop the snippet of code in a regular text sidebar widget and you are done other than styling it up with CSS.

I had a quick look, it doesn’t make a whole lot of sense to me if I’m honest. Just not sure how I add a ‘post_date’ sort column to this code.

<?php
$howmany = 10;

$pages = wp_list_pages("echo=0&title_li=");

$pages_arr = explode("\n", $pages);

for($i=0;$i<$howmany;$i++){
	echo $pages_arr[$i];
}

?>

$howmany=10; is pretty straighforward and I think $pages is a variable of the listed pages…then at (“echo=0&title I just get lost! Any ideas how I sort the pages by date and just show the latest 10?

I know there is a widget to display posts and you can set how many to display. What I need is a sidebar widget that will display the 10 latest pages published. I have a site and there are 2 pages published every day, one in the morning and one in the afternoon.
The reason it is pages is long and complicated so this is what I have.
I just need to display 10 page links for the last 10 pages, 5 morning pages and 5 afternoon pages. I tried this:

<?php
$args = array(
	'post_type' => 'page',
	'orderby' => 'post_date',
	'showposts' => '3'
        );
$posts = get_posts($args);
if ($posts) {
foreach($posts as $post) {
setup_postdata($post);
?>
<p><a>" rel="bookmark" title="Permanent Link to <?php the_title_attribute(); ?>"><?php the_title(); ?></a></p>
<?php
}

but just got the same link repeated. At least this code…

<?php
$howmany = 10;

$pages = wp_list_pages("echo=0&title_li=");

$pages_arr = explode("\n", $pages);

for($i=0;$i<$howmany;$i++){
	echo $pages_arr[$i];
}

?>

did show different links even if they were alphanumeric. I just need them to be in date order, showing only the latest 10.

[Moderator Note: Please post code or markup snippets between backticks or use the code button. As it stands, your code has been permanently damaged/corrupted by the forum’s parser.]

echo do_shortcode(‘[iscorrect]’.$text_to_be_wrapped_in_shortcode.'[/iscorrect]’

What if it is more than just text inside the shortcode. I have content that needs to go inside tabs and I need to put [tab][/tab] around h1 tags, img tags and of course text. How does this work?