TheRider62

Interesting. I can do that if I log in with my superuser account. If I only log in with a blog administrator account (I have a multisite install, remember?) then I can not enter anything there, the drop-down box seems to hang in its initialization code.

Interesting, richards1052, but on my screen, it is a drop-down, not an entry-field, so I can’t type anything. :-O

I have a similar problem.

As the Superadmin of a multisite-Setup, I can select the main user of any of the blogs. But as the Blog owner, who is just an Administrator, not a Super-Administrator, I can not choose any username, the corresponding drop-down remains empty, the three dots “….” at the right of the drop-down keep moving, as if it was trying to load the user list but could not, or it was taking forever to load.

Ok, thanks. Looks like everything works again now.

What exactly does “resetting wp-piwik” mean?

Besides: How do I delete most easily 1000 identical sites? :-O

Hmmm – I just found this problem on my own multisite WordPress install and reported it here https://www.ads-software.com/support/topic/multisite-piwik-configuration?replies=2&post-7395329

But now I am a bit confused about what exactly needs to be done to resolve the issue.

1. I need to delete superfluous double sites. But: Does it matter which ones? Which one is the site containing the data, the first or the last, or how do I know, or does it matter at all which ones I delete?

2. Do I need to change anything anywhere else, such as in the wp-piwik configuration?

I believe it could be a problem with the correct use of site ids. Does the tracking code configured on the main site use the correct site ids of all sub-sites?

I deleted all of my browser’s history, including cookies, and that resolved the problem.

Are you serious? We are talking of a multisite installation with about 50 sites. The login in all the other sites works. Actually, I just found out today when I visited the customer, that the customer is actually able to login with his username and password. It looks like only me (or a superuser) can not login to that particular site of the multisite install.

How can that be the fault of the .htaccess? And don’t I risk making all the other sites unusable, if I empty the .htaccess?

The domain has never changed. I never explicitly made 301 redirects, or at least not that I know of. The .htaccess file contains the standard entries that I know of. Security plugins? Well, there are some Captcha-Plugins and other Spam prevention things. I don’t remember to add any, but even if, then I did it sitewide and therefore: why is only this particular site handicapped?

After a login and redirect, the URL says this:
https://fiat-pafumi.blog-net.ch/wp-login.php?redirect_to=http%3A%2F%2Ffiat-pafumi.blog-net.ch%2Fwp-admin%2F&reauth=1

This is also the exact same URL that is shown when logging in directly via https://fiat-pafumi.blog-net.ch/wp-login.php instead of going through wp-admin first.

The .htaccess file contains this code:

<br />
Action php /cgi-php53/php<br />
AddHandler php53 .php</p>
<p>RewriteEngine On<br />
RewriteBase /</p>
<p>#uploaded files<br />
RewriteRule ^(.*/)?files/$ index.php [L]<br />
RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*<br />
#RewriteRule ^(.*/)?files/(.*) wp-content/blogs.php?file=$2 [L]<br />
RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]</p>
<p># add a trailing slash to /wp-admin<br />
RewriteCond %{REQUEST_URI} ^.*/wp-admin$<br />
RewriteRule ^(.+)$ $1/ [R=301,L]</p>
<p>RewriteCond %{REQUEST_FILENAME} -f [OR]<br />
RewriteCond %{REQUEST_FILENAME} -d<br />
RewriteRule . - [L]<br />
RewriteRule  ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]<br />
RewriteRule  ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]<br />
RewriteRule . index.php [L]</p>
<p><IfModule mod_security.c><br />
<Files async-upload.php><br />
SecFilterEngine Off<br />
SecFilterScanPOST Off<br />
</Files><br />
</IfModule></p>
<p># BEGIN W3TC Page Cache<br />
<IfModule mod_rewrite.c><br />
    RewriteEngine On<br />
    RewriteBase /<br />
    RewriteCond %{HTTP_HOST} ^(www\.)?([a-z0-9\-\.]+\.[a-z]+)\.?(:[0-9]+)?$<br />
    RewriteRule .* - [E=W3TC_DOMAIN:%2]<br />
    RewriteCond %{HTTP_USER_AGENT} (2\.0\ mmp|240x320|alcatel|amoi|asus|au\-mic|audiovox|avantgo|benq|bird|blackberry|blazer|cdm|cellphone|danger|ddipocket|docomo|dopod|elaine/3\.0|ericsson|eudoraweb|fly|haier|hiptop|hp\.ipaq|htc|huawei|i\-mobile|iemobile|j\-phone|kddi|konka|kwc|kyocera/wx310k|lenovo|lg|lg/u990|lge\ vx|midp|midp\-2\.0|mmef20|mmp|mobilephone|mot\-v|motorola|netfront|newgen|newt|nintendo\ ds|nintendo\ wii|nitro|nokia|novarra|o2|openweb|opera\ mobi|opera\.mobi|palm|panasonic|pantech|pdxgw|pg|philips|phone|playstation\ portable|portalmmm|ppc|proxinet|psp|pt|qtek|sagem|samsung|sanyo|sch|sec|sendo|sgh|sharp|sharp\-tq\-gx10|small|smartphone|softbank|sonyericsson|sph|symbian|symbian\ os|symbianos|toshiba|treo|ts21i\-10|up\.browser|up\.link|uts|vertu|vodafone|wap|willcome|windows\ ce|windows\.ce|winwap|xda|zte) [NC]<br />
    RewriteRule .* - [E=W3TC_UA:_low]<br />
    RewriteCond %{HTTP_USER_AGENT} (acer\ s100|android|archos5|blackberry9500|blackberry9530|blackberry9550|cupcake|docomo\ ht\-03a|dream|htc\ hero|htc\ magic|htc_dream|htc_magic|incognito|ipad|iphone|ipod|lg\-gw620|liquid\ build|maemo|mot\-mb200|mot\-mb300|nexus\ one|opera\ mini|samsung\-s8000|series60.*webkit|series60/5\.0|sonyericssone10|sonyericssonu20|sonyericssonx10|t\-mobile\ mytouch\ 3g|t\-mobile\ opal|tattoo|webmate|webos) [NC]<br />
    RewriteRule .* - [E=W3TC_UA:_high]<br />
    RewriteCond %{HTTPS} =on<br />
    RewriteRule .* - [E=W3TC_SSL:_ssl]<br />
    RewriteCond %{SERVER_PORT} =443<br />
    RewriteRule .* - [E=W3TC_SSL:_ssl]<br />
    RewriteCond %{HTTP:Accept-Encoding} gzip<br />
    RewriteRule .* - [E=W3TC_ENC:.gzip]<br />
    RewriteCond %{REQUEST_METHOD} !=POST<br />
    RewriteCond %{QUERY_STRING} =""<br />
    RewriteCond %{REQUEST_URI} \/$<br />
    RewriteCond %{REQUEST_URI} !(\/wp-admin\/|\/xmlrpc.php|\/wp-(app|cron|login|register|mail)\.php|wp-.*\.php|index\.php) [NC,OR]<br />
    RewriteCond %{REQUEST_URI} (wp-comments-popup\.php|wp-links-opml\.php|wp-locations\.php) [NC]<br />
    RewriteCond %{HTTP_COOKIE} !(comment_author|wp-postpass|wordpress_\[a-f0-9\]\+|wordpress_logged_in) [NC]<br />
    RewriteCond "/home/blog-net.ch/www/html/wp-content/w3tc-%{ENV:W3TC_DOMAIN}/pgcache/$1/_index%{ENV:W3TC_UA}%{ENV:W3TC_SSL}.html%{ENV:W3TC_ENC}" -f<br />
    RewriteRule (.*) "/wp-content/w3tc-%{ENV:W3TC_DOMAIN}/pgcache/$1/_index%{ENV:W3TC_UA}%{ENV:W3TC_SSL}.html%{ENV:W3TC_ENC}" [L]<br />
</IfModule><br />
# END W3TC Page Cache</p>
<p>

Thanks for this hint. Now I now which plugin to deactivate due to that error message… ??

I found the culprit. The server got hacked. Every header.php, footer.php and index.php from every installed theme has been modified. A 10KB string was added at the end. The string looks something like this:

<?php @error_reporting(0); if (!isset($eva1fYlbakBcVSir)) {$eva1fYlbakBcVSir = “7kyJ7kSKioDTWVWe…..

I just deleted it from all those files (they all had the same change date), and now our sites work again like a charm.

Ugh! I’m feeling lucky!

Now I need to make sure that the same thing can’t happen again. I just noticed that the Xampp-User has Write-Access to all files on the server. This will change NOW!

re-saving the permalinks doesn’t help. ??

I will try re-saving the permalinks, but wouldn’t that influence everything EXCEPT the main page? But not even that main page works, see, for example, https://hei-art.de