WP STAGING | BACKUP

Install the plugin “WordFence” and scan your site to find the infected plugin. Then delete the infected plugin entirely and reinstall it from the source if you are sure it has been fixed.

I also recommend deleting the folders wp-admin and wp-includes (after creating a backup) and then uploading them from scratch with the original wp core files that you can get here: https://www.ads-software.com/latest.zip.

Also, follow these steps to harden your website’s security:

Hardening WordPress

If your website is critical, I recommend that you hire a professional to have a deep technical inspection of your website to find out any other malware leftovers.

Cleaning up an infected website is a complex process because every file can contain malicious code and there is no guarantee reinstalling an infected plugin will delete the entire bad code.

Do you get this error on every page or only on particular ones?

A 503 Service Unavailable Error is an HTTP response status code indicating that a server is temporarily unable to handle the request. This may be due to an overloaded server or a server that’s down for maintenance.

If your site is still available occasionally log in to your admin dashboard and install the plug-in query monitor. It will tell you the total loading time and memory consumption of your site. If it is very high there will be red-colored errors and you need to bring down the loading time of your site.

Also, check the WordPress debug.log file for errors in any of your plugins:
https://wp-staging.com/docs/enable-wordpress-debug-log-mode/

Hi @alijens

the menu links on your website are relative ones. You need to convert them to absolute ones, then wp staging is able to replace them properly.

instead my-page/link use //example.com//my-page/link

Read more about it: https://wp-staging.com/docs/staging-site-redirects-live-site/#Use_absolute_URLs_instead_of_relative_ones

Alternatively, you can create a staging site on a subdomain instead. Then the relative URL’s can still be used. /Note: That is not possible with the basic version of wp staging)

The free version can only create a staging site in a subdirectory.

Hi @mstudioil
yes, WP STAGING will backup and copy the whole site to the subdirectory.

Please note, that as long as you don’t copy the staging site to a subdomain you probably need to activate again the license key on the staging site as described here: https://elementor.com/blog/elementor-expands-license-to-include-staging-sites/

• This reply was modified 2 years, 6 months ago by WP STAGING | BACKUP.

I would follow all the instructions on this page: https://www.ads-software.com/support/article/hardening-wordpress/

Also, I recommend:

– Delete the folders wp-admin and wp-includes completely
– Download a fresh copy of your WordPress core files https://www.ads-software.com/download/
– Extract the WordPress download package and upload only the folders wp-admin and wp-includes to your website.

This makes sure that the WP core system does not have any malicious code in it.

I would do the same with all plugins and reinstall all of them from scratch.

That does not guarantee that there is malicious code still on the system but if you are lucky it will solve your issue.

In the end, the best thing you can do is to hire a professional to get a look at your website. There are many other possible loopholes that could be used by someone else to control your website. You will not catch all of them even by following all the advices I gave to you.

Hello Frank @fivemcclungs,

I am sorry, but your sites have been compromised already. There is no general solution that you can apply to get rid of this hack without finding its culprit.

Your websites are hacked, and without knowing the reason, you can not fix them.

Your only chance is to follow all the steps mentioned in the link below and install a security plugin like WordFence or another popular one to help you find the security hole: https://www.ads-software.com/support/article/hardening-wordpress/.

My advice: If these sites are essential for your business, hire a WordPress pro to close the issue.

If the sites are not critical for your business, set them up from scratch and follow all the above advice from the link above to prevent such an attack.

Interesting. Without knowing more details about your installed plugins or WordPress setup, it sounds like you have malware installed on your website.

That symptom, where security software is automatically deleted is a great indicator of having malware.

Malware tries to hide and the best way to do so is to make all security plugins unusable.

Try to install other security plugins that comes with malware detection to find out if there is something installed on your site that does not belong to it. If more security plugins are uninstalled automatically you can be damn sure that you have something bad on your website installed.

A general advice: Make sure that you install WordPress plugins only from www.ads-software.com or from well-reputated premium businesses. Don’t install plugins from websites that offer premium paid plugins for “free”, so-called “nulled plugins”.

@sharon9999 Did you get any warnings or errors during cloning? I bet you did.

So best would be to clone your site again and then send us the log information from the black log window to support [at] wp-staging.com and we’ll investigate into this.

Cheers
René

Hi,

we had the same problem to solve on our website and we decided to use the font-display option “swap”.

When you use this one it will Instructs the browser to use the fallback default font to display the website text until the custom webfont has fully downloaded. This is also known as a “flash of unstyled text” or FOUT.

It will improve the loading tremendously, especially on mobile devices. The only drawback is that the site could look clunky in the first second until the webfont is loaded. We don’t care about that, as loading time matters and after a second our site looks nice and clean. That extra dynamic movement on your page will also have a good psycholgical impact on the waiting patience of your visitors for the whole site.

It’s better to show not good looking text than nothing.

In our tests it had a significant positive impact on the page speed.

• This reply was modified 2 years, 6 months ago by WP STAGING | BACKUP. Reason: wrong
• This reply was modified 2 years, 6 months ago by WP STAGING | BACKUP.
• This reply was modified 2 years, 6 months ago by WP STAGING | BACKUP.

My guess is that the “home” or “siteurl” option in the database points to https://www.tamada.koelnhome.

Login to your website’s database via phpmyadmin and search for “siteurl” and “home”. Then change the link manually to the correct one https://tamada.koeln/home

If you did and you are able to login again to your site, install a plugin like better search replace and run another full search replacement to find all other occurances of this wrong string.

Edit: I see you already fixed the issue. What was it?

Please always provide the solution here when you open a support thread and already solved it on your own.

Cheers
René

Hi,

Login to your wordpress website by using FTP or a file manager from within your hosting provider and then delete or rename the folder wp-content/plugins/real-media-library

This will disable/delete the error-throwing plugin and your website will be back.

Cheers
René