The Hack Repair Guy
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Website Getting hacked daily and index.php files in hostBe sure to check your hosting control panel as well, and remove all extra FTP accounts, and change your FTP account passwords.
Then do the same within WordPress. Ensure only one user is set to Administrator and change that password as well just in case.
Forum: Fixing WordPress
In reply to: Unknown/unwanted administrators … have I been hacked?If hackers have added users, then there a few steps I would try first:
1. Choose the bad user and delete, but be sure to assign the content to yourself.
That will make it easier to delete bad posts later.2. Then work to review all posts and pages. Move to trash those not required, and spot check your main posts and pages to see if any text may have been added to the body of each.
2. Be sure and update everything and change your hosting company, and FTP accounts and WordPress passwords.
These are the minimal things I would do first. After that, try installing any of the best reviewed security plugins to see whether you may have missed anything.
Enjoy!
Forum: Plugins
In reply to: If my website is hacked?If you uploaded the old site and there remains hacker code in your files that will need to be dealt with.
Once you have cleaned your website of the malicious code, then you’ll need to notify your host and ask them to unsuspend your site.
Re:
“The plugin does not have a valid header.”I simply installed from the repository and the error appeared.
Giving up on that, because I was thinking something in the coding of your plugin was causing the error, I then used the download, then upload option, which then presented the more understandable error:
“Plugin could not be activated because it triggered a fatal error.
advanced-cache.php detected in wp-content directory! Please disable or uninstall any other cache plugins before enabling LiteSpeed Cache.”So yes, the error appears to have been caused by my having previously installed a caching plugin, and resulting advanced-cache.php file. Deleting that file allowed me to complete install.
That said, your how-to or FAQ should possibly explain that the plugin will not work without the paid LiteSpeed LSCache Addon likewise installed.
You are awesome – no matter what anyone says.
??This free plugin appears to pretty clearly describes its use, within the first 3 inches of its description:
https://www.ads-software.com/plugins/wp-staging/+++
A duplicator plugin! Clone, duplicate and migrate live sites to independent staging and development sites that are available only to administrators.Note: This plugin is not able to push back your changes to the live site at the moment! This is a feature i am already working on.
+++I don’t fully agree with your negative assessment remymedranda
I hear what you are saying, but this plugin falls more into a “staging for testing” plugin category. It’s not a replacement for an expensive staging environment.
Agreed, it would be nice if you could push back to live, though I’d say that this plugin does about 80% of folks want, and that’s to test a new plugin or theme in a staging environment; without having to pay an arm and a leg at one of those crazy expensive “we got built in staging” hosting operations.
Forum: Plugins
In reply to: [Redirection] Hacked through your pluginDo you happen to have a copy of that original .htaccess file from before you deleted it?
Did it have other text in additiona to the usual:# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule># END WordPress
Forum: Plugins
In reply to: [Quick Page/Post Redirect Plugin] Trojan?Yes, is a Wordfence “thing”
You good. Just a false positive.
Hopefully the developer of the script will take notice that is stuff is ringing a lot of bells (and not the one that gives angels wings…).Forum: Plugins
In reply to: [Quick Page/Post Redirect Plugin] Trojan?Very nice summary Don Fischer.
Wish there was a like link here in www.ads-software.com.Is an iThemes thing and above my pay grade, sorry.
I developed the list but don’t work on the iThemes Security team personally. It’s in the works…Ok, just log into your File Editor, and remove the line in your .htaccess.
Forum: Fixing WordPress
In reply to: Security question, site was hacked, AGAINOver 80% of all hacking situations are simply due to something not being updated.
First, ensure all is updated to latest versions.
Likewise, be sure all inactive plugins and themes are deleted.Recommend you likewise review your account for other WordPress installs or old scripts.
Use this as your security plan of action: BUMMS
Backups
Updates
Monitor
Maintenance
SegregationDoing the above regularly will eliminate bout 90% of all potential for being compromised. The other 10% we’ll leave to fate.
Forum: Plugins
In reply to: [Simple Share Buttons Light] ssbl no button images showing?I concur. Is coding error.
An update from author using “chesio’s” fix is required to fix this bug.Realistically, a plugin is only a small part of the security of your site. You site may have been compromised due to outdated scripts residing outside of the Sucuri plugins purview, other Admin users whose passwords were compromised, among other things.
Do you have other websites sharing the same hosting space?
That’s often something folks miss (scripts or other installs which share the same account).Even the best security plugins, like this one, are at best an 80% solution on the best day.
Rating a plugin as a “1” because it’s not 100% effective is not terribly fair given the circumstances residing within and without WordPress security-wise.