dwestjr

My header file had been hacked 4-5 times over the last 6 months with Canadian pharmacy content “Buy Levitra / Viagra Online”, etc.

I would always DELETE the bad code, then a few months later, it “appeared” again.

Per Emily’s suggestion, I installed the plugin called WordFence, ran a Scan,
and it found the malicious script code hidden in my database as –

wp-admin/images/media-range-saturnine.php

(all other files were images, this was the only script)

Steps taken:
– Allowed WordFence to DELETE the bad code
– Signed into GoDaddy / Control Pane/ FTP File Manager to ‘Edit’ and verify the ‘Critical’ issue was resolved, and the malicious code was gone.
– Ran Scan again, it was “clean” with no issues
– Changed my WordPress, and Database PWs

I have researched this error for months, and have seen many comments & concerns with GoDaddy hosting. I know there was a world-wide brute force attack on WordPress a few months ago, and some GoDaddy servers may have been compromised.

Does anyone have any better hosting recommendations? I’m thinking I need to host my site elsewhere.

Hope I can save someone else the pain I experienced, and that Wordfence will catch any unauthorized code changes going forward.

Thanks for the tip Emily.

Link for my site is https://www.asocialmediachampion4u.com

Samuel,
So you recommend this method over:
Changing the URL directly in the database

If you know how to access phpMyAdmin on your host, then you can edit these values directly to get you up and running again.

1. Backup your database and save the copy off-site.
2. Login to phpMyAdmin.
3. Click the link to your Databases.
4. A list of your databases will appear. Choose the one that is your WordPress database.
5. All the tables in your database will appear on the screen.
6. From the list, look for wp_options. Note: The table prefix of wp_ may be different if you changed it when installing.
7. Click on the small icon indicated as Browse.
8. A screen will open with a list of the fields within the wp_options table.
9. Under the field option_name, scroll down and look for siteurl.
10. Click the Edit Field icon which usually is found at the far left at the beginning of the row.
11. The Edit Field window will appear.
12. In the input box for option_value, carefully change the URL information to the new address.
13. Verify this is correct and click Go to save the information.
14. You should be returned to your wp-options table.
15. Look for the home field in the table and click Edit Field. Note There are several pages of tables inside wp_options. Look for the > symbol to page through them.
16. In the input box for option_value, carefully change the URL information to the new address.
17. Verify this is correct and click Go to save the information.
18. Delete the folder wp-content/cache (this is a new folder added with WordPress 2.0).
19. That is it.
************************************************
The Edit functions.php

If you have access to the site via FTP, then this method will help you quickly get a site back up and running, if you changed those values incorrectly.

That is not the case with me – have not changed anything yet… just trying to change domain name.
*****************************************************

Thanks for clarification and help.

I’ve been trying to resolve this for weeks. I’ve reviewed the forums, and called GoDaddy, who referred me to this link –
https://codex.www.ads-software.com/Changing_The_Site_URL

I’ve read many of the forum posts describing the issues that many people have experienced when following this document.

The document has a section titled, ‘Changing the URL directly in the database’ and another, ‘Domain Name Change‘, plus all these instructions:

Changing Template Files

In your WordPress Theme, open each template file and search for any manually entered references to your old domain name and replace it with the new one. Look for specific hand coded links you may have entered on the various template files such as the sidebar.php and footer.php.

WordPress uses a template tag called bloginfo() to automatically generate your site address from information entered in your Administration > Settings > General panel. The tag in your template files will not have to be modified.
Changing the Config file

You will need to update your WordPress configuration file if your database has moved or changed in certain ways.

1. You will only need to modify the config file if:
1. your database has moved to another server and is not running on your localhost
2. you have renamed your database
3. you have changed the database user name
2. “‘Make a backup copy of your wp-config.php file.'”
3. Open the wp-config.php file in a text editor.
4. Review its contents. In particular, you are looking for the database host entry.
5. Save the file.

At this point, your WordPress blog should be working.
Verify the Profile

1. In your Administration Panels go to Settings > General . Here you will verify that the changes you made in Changing the URL above, are correct.
2. Verify that the reference in your WordPress URL contains the new address.
3. Verify that the reference in your “Blog URL” contains the new address.
4. If you have made changes, click Save Changes.

Changing the .htaccess file

After changing the information in your Administration > Settings > General panel, you will need to update your .htaccess file if you are using Permalinks or any rewrites or redirects.

1. Make a backup copy of your .htaccess file. This is not a recommendation but a requirement.
2. Open the .htaccess file in a text editor.
3. Review its contents, looking for any custom rewrites or redirects you entered. Copy these to another text file for safe keeping.
4. Close the file.
5. Follow the instructions on the Permalinks SubPanel for updating your Permalinks to the .htaccess file.
6. Open the new .htaccess file and check to see if your custom rewrites and redirects are still there. If not, copy them from the saved file and paste them into the new .htaccess file.
7. Make any changes necessary in those custom rewrites and redirects to reflect the new site address.
8. Save the file.
9. Test those redirects to ensure they are working.

********************************************************************
Here’s my question / suggestion:

Q: Are these instructions valid?
Q: If so, are we to assume we pick either Changing the URL directly in the database’ or ‘Domain Name Change‘, and some OR all of the remaining instructions?

What is not clear, is a step-by-step process of how to do this?

Suggestion: If a moderator knows the best way to change a WP site domain / URL (same host, no move is involved), please consider updating the documentation to reflect a step-by-step process that spells out the options in steps:

Ex: Follow ‘Changing the URL directly in the database’
plus steps 1-4
or ‘Domain Name Change‘
plus steps 1-3

The way this document is written,
https://codex.www.ads-software.com/Changing_The_Site_URL
there are too many options all run together, and it is not clear which steps need to be followed, in what order.

I spent a lot of time building my site, and simply need a way to rename my domain. Both domains are hosted by GoDaddy. No move is involved -I just want to use a different name.

Thanks in advance.
I am hoping to avoid the same errors others experienced.