RebeccaInMI

Do you have a link to directions on how to reconnect a site to WordPress.com? A quick Google search for directions is making me question whether I can do this unsupervised. ??

Five star review submitted! Thank you again for your help!

Update: Because of your message above I decided to get on the support chat with the hosting company. The CSR who was on the chat with me was able to determine that “the issue was with the email router” and he updated it. I am now receiving emails from the website plugins like I was before. Thank you for your help @davidanderson ??

Update: I decided to get on the support chat with the hosting company and the CSR was able to determine that “the issue was with the email router” and he updated it. I am now receiving emails from the website plugins like I was before. Thank you for your help @wfpeter ??

Thanks for your reply, @wfpeter

I went to cPanel >> Advanced >> Metrics >> Errors and this is what it shows me:

The function displays the most recent entries in your website’s error logs in reverse chronological order. You can use this information to find broken links or problems with missing files.

Latest web server error log messages:

[Sun Jul 25 21:38:38.900280 2021] [access_compat:error] [pid 958186:tid 23068965123840] [client 37.0.10.26:51328] AH01797: client denied by server configuration: /home3/ziggysau/public_html/wp-content/uploads/wpcf7_uploads/, referer: https://www.google.com
[Sun Jul 25 21:35:02.002752 2021] [authz_core:error] [pid 960777:tid 23068923098880] [client 37.0.10.26:58895] AH01630: client denied by server configuration: /home3/ziggysau/public_html/wp-includes/error_log, referer: https://www.google.com
[Sun Jul 25 14:01:45.742385 2021] [authz_core:error] [pid 65811:tid 23069009250048] [client 20.97.186.106:61436] AH01630: client denied by server configuration: /home3/ziggysau/public_html/wordpress/php.ini

That’s all it will show me, so if you need more than that I might have to ask the hosting company to supply me with additional information. (Unless you might be able to tell me how to get there, perhaps. I know enough to do some things, but by no means everything.)

• This reply was modified 3 years, 2 months ago by RebeccaInMI.

I think I’ve passed all the security and malware scans, except within the Sucuri plugin there’s a box that says “SITE NOT CLEAN” in orange. It says “hover over to see payload” but nothing happens when I hover over the link in that box. Can you explain that to me? There’s also all these things that I’m not sure whether I’m able to “turn on” (or turn off) or if BlueHost would want to charge me extra for them.

Directory Listing Enabled
Directory listing is enabled on your site. You can test it by visiting: (example here)

Server Banners Displayed
Your site is displaying your web server default banners.

Security Header: X-XSS-Protection Missing
We did not find the recommended security header for XSS Protection on your site.

Security Header: X-Content-Type-Options nosniff
We did not find the recommended security header to prevent Content Type sniffing on your site.

Security Header: Strict-Transport-Security
We did not find the recommended security header Strict-Transport-Security on your site.

I ran a backup with UpDraftPlus and am currently running WP-Optimize. After that, could I consider everything “safe” again?

@jnashhawkins I couldn’t find wp-cron.php at all, so I used FTP to upload a fresh copy from the latest version of WordPress. That took care of that complaint. I had also uploaded fresh versions of /wp-admin and /wp-includes, and I put new salts in wp-config.php and uploaded that just in case.

I used to have a plugin that would back up the database automatically, but it was old and hadn’t been updated in quite a while so I removed it just in case it was a security risk. I will try the plugin you recommended because I do want to have a backup plugin working on there. Do you think it’s safe to trust the database or should I worry that it’s somehow compromised?

@g0tr00t I find it disappointing too. Customers definitely used to get more for their money. *SMH* Thank you for the recommendations about additional security steps to take within the cPanel. I will definitely do those things.

@g0tr00t this site is on its own hosting plan, so thankfully the impacts of the repeat hacks are limited to just this site. What do you think I should do?

I am currently in the Dashboard, so the first thing I did was check the users. The only two users are the site’s owner and I, so that’s good. After that I used the native export tool to export the pages, posts, etc. so I have a backup of all those. Then I installed the plugins you recommended, including Sucuri. I had it delete all the files that it found in the scan, but two of them keep showing up as not deleted. One I deleted manually via the File Manager within the site’s cPanel. The other I looked for in the file manager and via FTP and I can’t find it. They are wp-includes/images/crystal/license.txt (the one I deleted manually but that keeps showing up in the scan list) and wp-cron.php (can’t find). What should I do?

As for BlueHost, I’m frustrated with them for telling me that “plugins are useless” and that hacks will continue to happen unless the site owner pays for their security service. If they’re happening at the server level they should be securing everyone against those, and if they are happening at the site/WP level and are my responsibility why do they have to get paid for something when there are so many good security plugins like the ones you recommended? …Maybe I just should have come to you guys in the beginning.

JNAsh, thank you for the recommendations. I’m currently able to view the site on the front end (what everyone can see) but I’m not able to log in to the Dashboard (I get the “site is experiencing technical difficulties” message) so I can’t install any plugins or look at details about users. At this point I am so frustrated with this situation in general and with BlueHost that I feel like moving and recreating the site somewhere else. Would that work? Then I could start with a fresh installation of WordPress, a new DB, make sure all the users are nice and secure, etc. etc. and not have to worry that there’s any “leftovers” from any of the hacks.

Thank you to both of you! James, that was what I needed to do. The site is working properly now. Erix, I will keep that in mind the next time I need to help someone move an entire web site.

I looked at the plugin code, but I can tell that fixing it is beyond me. I’ll just have to wait until the people at Then.ly decide to update their plugin. Thank you Krishna for the links.

So, I’ve determined that it’s the All In One Calendar plugin by Then.ly that is causing the problem. Once I disabled that plugin the error message stopped popping up. But, as far as I can tell, the All In One Calendar plugin is UTD. How do I update the version of jQuery that plugin uses?

I get really embarrassed when the solution is plain as the nose on my face. #blondemoment

Thank you, that worked perfectly!