SWalberg

https://www.ads-software.com/support/topic/wp_options-to-many-records?replies=15 has some discussion on it. Sounds like the options can be deleted as they’ll be regenerated (those look like timestamps) Also looks like there’s an upgrade to the plugin required to fix the underlying problem.

I’m sorry, I should have looked at your phpMyAdmin graphic more closely. Your table is called “wrd_options”

select * from wrd_options where option_name like 'displayed_galleries_%' and autoload = 'yes'
delete from wrd_options where option_name like 'displayed_galleries_%' and autoload = 'yes'

That deletes any row in the wp_option table where the option_name column starts with displayed_galleries and the autoload setting is set to “yes”. Enter it in the SQL tab and hit go: https://www.monosnap.com/image/egcrfjNMtVZtiFVaG5aYstFcC.png.

If you want to play it safe you can first test it out:

select * from wp_options where option_name like 'displayed_galleries_%' and autoload = 'yes'

which will show you the rows that would be deleted, and if you think it’s ok, change the “select *” to “delete from”.

Just make sure you’ve got the where stuff intact!

Sean

That autoload column.. Anything that says “yes” gets loaded up on page load no matter if the plugin is loaded or not.

If you feel like trusting a stranger,

delete from wp_options where option_name like 'displayed_galleries_%' and autoload = 'yes'

might help.

Sucuri is saying that it can’t contact your site. My site, isithacked.com, can’t either. Neither of our sites found your site on a blacklist.

Something strange is going on here. My initial thoughts are that either a plugin or bad data is causing your site to loop endlessly, ending up with the OOM error. To prove that out, disable all the plugins and inspect your wp-options table. Are there any super huge options?

SELECT option_id, option_name, length(option_value) FROM wp_options WHERE length(option_value) > 20000;

will show you any options greater than 20k.

GuyStClair – You’ve got something that’s checking the type of browser and only serving spam to certain people. https://www.isithacked.com/check/http%3A%2F%2Fsmr-knowledge.com%2F shows that it’s showing content to Google but not Chrome.

https://codex.www.ads-software.com/FAQ_My_site_was_hacked has some steps for you to follow.

https://www.isithacked.com/check/http%3A%2F%2Fwww.gradrecruit.com.au%2F is showing some adult links that are injected only when the Google crawler comes by. Those strings might help you search your code.

mtnbike_chick – You’ll have to go through some of the instructions already posted here to fix it, the “help my site is hacked” on the Codex is a good start. Usually these things are automated, someone writes a robot that runs around and looks for vulnerable WordPress sites and injects a link.

There’s also a payday loan link on the page that’s hidden.

https://www.isithacked.com/check/http%3A%2F%2Fwww.fitfastfoods.com%2F

There definitely was something happening, see https://monosnap.com/image/8MuNFJbEosA4nBUawE2L1vnpr

I checked https://www.isithacked.com/check/concorddentalga.com and there’s nothing that comes up. Did you find something and fix it?

Something strange there for sure. If you search for that string you’ll find a lot of sites with the same error. It is rarely a good thing for your code to be calling out to a remote web server on every request. So either

1. You have a theme or plugin that’s been doing something stupid for a while, and now that the url has broken, it’s showing an error.
2. You have been hacked.

Start by looking at the contents of /home/nebghor/public_html/blog/wp-includes/theme.php (which is where the error is coming from). On Line 690 it should look something like this: https://github.com/WordPress/WordPress/blob/master/wp-includes/theme.php#L690

If it is, then look for that string, e.g. “k.txt” in your code. “grep -r k.txt .” will work on a unix system, or on Windows, look for “find in files”.

If not, looks like the core files were changed on you and you’ll want to reinstall WordPress. But before you do, could you paste the contents of the file to https://gist.github.com and send me the link (please don’t post hacked code here). I’ve been doing research on some CMS hacks and this one is a new one.

Sean