LDMartin1959

It’s called “Sean Events”. That isn’t gonna do you much good, though because it isn’t publicly available as far as I know. As I say, it is a custom plug-in, written for this specific customer by an outside contractor who was hired by the company which previously handled his website and SEO (although mis-handled might be a more accurate description). Since the company I am working with departed ways with the company who had the plug-in created it has been maintained by yet another set of outside contractors, though these were hired directly and not through a third party. As you can see, there is something of a checkered history on this.

Again, sorry for the delay in getting back to you. Going it too many directions… ??

No progress. I changed async to no/false. No change. The theme this site has was custom programmed. Is there anything in the theme design that might be creating an issue?

Ah. It is set to true.

Sorry, I thought I’d posted a follow-up to your last but obviously I didn’t. I’m not sure what you mean by async options.

Hmm. Haven’t tried that. Is this just shooting in the dark or are there known issues involving this (or similar) plugins?

Okay.

Well, the hashtag field seems to be there now. Now, if only I could get the dang thing to actually show up on the page… ??

Full PHP version number being used: 5.3.13

Ok, I’ll check it out today at work and let you know.

Mattias, I did check the PHP version via the C-Panel and it is 5.3. Are you needing something more specific than that?

Similar issue but perhaps a different cause (PHP 5.3 is indicated as the default for this site configuration):

“Parse error: syntax error, unexpected ‘:’ in /home/content/s/a/n/sanganis/html/wp-content/plugins/ep-hashimage/hashimage.php on line 26”

EP Hashimage Version 2.3.3 using WordPress 3.4.1.

Thank you.

MickeyRoush:

What if you had a keylogger on one of your computers/Mac?

I understand that, which is why we run security software on our computers — to detect these things before they can do damage.

What if your server is not secure?

I am not an expert — or even reasonably experienced — in the server area. We use fairly well-known and fairly respected hosting companies for our sites so I would think that they have the server configurations rather secure.

Also, I clean Windows PC’s from malware for a living. MSE is not enough.

I realize that MSE is not the greatest thing since sliced bread. But we also have a computer guy on staff who seems to know about these things and has a host of other tools he uses to check these things. MSE is just the standard AV/Security program that acts as sorta the initial sentry.

You really need to look at your server logs. Including any SFTP/FTP logs. When observing your regular server logs examine all “Post entries.

I’m not exactly sure how we would get to those on the commercial hosting services we use — as I said, the server area really isn’t my strong suit. But we have people who should know how to do that and (hopefully) will share that information with me. I’ll have them check them out. I do know enough to have asked them to check the file creation date/time to try to help pinpoint when these things are happening. Now, if they would just do it…

Have you confirmed that none of your themes and/or plugins have vulnerabilities? Are any of them using the timthumb script or variant thereof?

I don’t know about the timthumb script. We have been keeping our plug-ins as updated as we can. As far as the themes, that is a bit of an issue since most of them are using custom, 1-off themes.

But here is something to consider: what if your infected Windows Desktop has a malware bot that looks for FTP credentials and sends them to a hacker database on the Internet? Then any hacker with access to the hacker database on the Internet potentially has access to anywhere you have FTP credentials, including your servers.

jonradio, point taken. This is not the type of infection the boss is looking for. He has made it clear that he is looking for a virus that is residing on the local computers and actually placing the code on the site as we log in. Regardless, all of the computers are clean. Or at least, MicroSoft Security Essentials reports that the Windows Machines are clean, and Sophos reports my Mac as being clean. It is doubtful in my mind that this is what we are dealing with. I’m thinking along the lines of “code injection” I believe it is called via forms. I’ve read this is a fairly common means of this sort of maliciousness.

Thanks for the info.

WordPress REFUSES to open up a post edit in html mode.

DragonDreamz, although that often appears to be the case, I don’t think this is quite accurate. In my experimenting to solve the “visual editor totally butchers the code” issue, I have discovered that when you go into a page/post to edit the content, the editor returns to whichever mode was last used when anyone edited anything (page/post) on the site. So the fact that you lasted edited page “X” in code mode means nothing if someone else edited page “Y” in visual mode: WP will put you into page “X” in visual mode because that is the mode that was used last.

The short and dirty workaround is: When you go into a page and it is in visual mode, change to code mode, do not save the content of the page (that is important), then leave the page. You will of course get the error message about leaving the page without saving the content. That is what you want to do!! Then, you can return to the page. The editor will appear in code mode with the last saved code in the editor. You will get the message that there is a newer autosaved version, but you can get rid of that by doing a quick save on the original code.

The only other option I know of (save the possible solution offered by the above mentioned plug-ins, which I have not tested) is to simply disable the visual editor for all users. But lets face it, most of the time that is not a practical solution.

Ah, this is so embarrassing. I just found out that there is a little gear in the field set up that opens a dialoge box which allows you to set a display value. Thanks to the author for his help.