LonelyPlanet

If you want pagination then you can use a plugin such as wp pagenavi. Not sure about your exact question but wp pagenavi handles the pagination of post pages very well.

Does anybody know the MySQL query for bulk approving all pending posts?

I made a quick check of the page and the icon is placed by one of your plugins.

Check this

https://spokenturd.com/wp-content/plugins/sem-external-links/external.png

The plugin is probably SEM external links as the name suggests. Either remove it or turn off through the plugin if available. If nothing else is available you can delete the image I mentioned above from the plugin folder.

Why would you need to upload if you uploaded already through Filezila. Which theme did you upload. And was there another another folder below the theme folder you uploaded. Some themes contain one folder and then another under it which contains the actual files. You directly need to upload the folder where the theme files are present.

Thanks a lot [email protected]

I have already rolled back all the affected sites to previous backups and secured and hardened them.

But I just checked your list and I remember that the anibiotics-shop link was there for sure. Just thought of informing you as you asked me previously what were the links. I surely remember that link but not sure about basicpills though it might have been also one of the links. One more was cialis or something. Thanks for the script anyways. Hopefully it will help others and will help me too in case I face the problem again.

Maybe the database itself was corrupted. Did it get imported properly through PhpMyAdmin? I doubt the database was properly backed up if it showed up blank page on restore by your host. But there might be many other reasons for wordpress blank page and one of the reason might be missing files or files copied with wrong permissions in wordpress. Try repairing the database through PhpMyAdmin and you might also try restoring the database yourself through PhpMyAdmin. If the database does not get imported correctly then also try Bigdump and also copy the wordpress files again and make a fresh install. It should work if the database is not corrupted.

Is it in the theme file or inside the post content. I

If it is a small database then use PhpMyAdmin and if it is a big SQL database which cannot be imported with PhpMyAdmin then you can use BigDump.

https://www.ozerov.de/bigdump.php

I spoke to my hosting company again and they are not willing to accept at all that anybody could have got access to their database server. They are saying wordpress not getting updated etc. is the issue and nothing is wrong on their part. But one of the websites was also using wordpress 3.1 which is latest. So, I am confused but they are not ready to listen to any suggestion too. They are adamant that the problem is not with their server and nobody else can get access to their database server. Cannot do much when the hosting company is adamant on not listening to any suggestions. Anyways I have removed and rolled back all the affected wordpress blogs and upgraded them with a lot of further hardening. Please update this thread if anyone can find the actual reason as to how the spammy links got inserted into the content of the posts. I will also inform if I face the same problem again.

Please post your hosting company too so that we know if this is related to a few hosting company and servers or is across all companies.

My hosting company where the sites were affected is ScalaHosting.com

Hi Pam325,

If you are facing comment spam, I would advise you to use the NoSpamNX. I started only since yesterday but am really impressed by the results till now.

https://www.ads-software.com/extend/plugins/nospamnx/

It blocks the spammers from making the spam comments and I really liked the idea.

All permissions were 644 for files and 755 for folders. There were no problem regarding that. The websites that were affected were at a reseller account at ScalaHosting.com

I had four wordpress websites. Out of those two were normal websites with a few pages content and both of them were hacked and spam inserted into the posts as mentioned above. The third site only had a single page and it did not have the spam. The fourth site was using a very different theme where posts could not be used through normal add posts but the posts had to added from special sections in the dashboard created by the theme. That blog also had a single post and nothing else and that was not affected too. So, maybe the attackers could attack only normal posts and nor special posts and could not also attack pages. But they were single posts in both case and so maybe the attacker thought that it is useless to hack the content for just a single post. Not sure about that.

Regarding the links they were from several pharmacy related websites and had two links each inserted into every post. Those were different links like antibiotics, pills, cialis etc. but not only basicpills. They were mixed links from what I remember. I already removed them and deleted and recovered the websites from old backups. But they were pharmacy links for sure but not sure only basicpills. I am now worried about starting any other blog in that hosting as I do not want to create a website just to get hacked. I still feel that must have related to the webhost as all the websites were on the same reseller account on the same webhost.

BTW I went to your site sucuri.net blog when searching in google for the problem. Very informative blog for sure.

@dagbar

Whom are saying to check the blogroll links. I do not have any blogroll links.

I just noticed this thread and the problem of spam getting directly inserted into posts seems like the one I mentioned here.

https://www.ads-software.com/support/topic/spam-content-and-links-got-inserted-into-my-blog-posts

So, I can assume from this thread that the database must have been compromised and all sites on that account were hacked means that it must have someway related to the hosting company. I told my hosting company that it might be related yesterday before I made the thread here and they were adamant that there is no mistake on their end. They said it is a mistake on wordpress end and blah blah. But I noticed that no other part of wordpress or theme files were compromised. All files were also chmoded correctly and I was still wondering how could the spam have got inserted. So, it was their mistake partially and they are blaming on wordpress. I am sure they must have got other customers also facing the same problem but they acted as if they never knew the problem. Bunch of bus***ds. [/end of rant]

Thanks esmi. I have already rolled back the websites from a previous backup and I have also secured the website as best as possible. But I am still wondering how the hacker inserted those spam into the post content when all files were with secure chmod permissions. My database passwords are also very tough and I generate it using the random generator always and so anybody assuming the SQL database password is also highly unlikely. Thanks anyways for your help and I will soon upgrade as well as secure and harden all wordpress websites irrespective of the hosting.