WPCode Hidden

  • Resolved NicheLabs

    (@allennichelabs)


    1 year, 11 months ago

    Apparently this plugin was installed by a hacker and the main site is getting redirected to a malicious site.

    I’ve experienced this before. So I new to look for WPCode Lite. However when I go to Plugins, WPCode is not listed and there is no WPCode in the side menu.

    But the plugins is installed. I connected to the site via FTP and went to wp-content/plugin and insert-headers-and-footers is in there. I renamed the ihaf.php and went back to WordPress Plugins and there is a message “The plugin insert-headers-and-footers/ihaf.php has been deactivated due to an error: Plugin file does not exist.”

    And now WPCode Lite shows up in the plugin listings as inactive. I’ve deleted the plugin and re-installed it but it still won’t show up in Plugins or in the side menu.

    Even after the plugin is deleted the main site still redirects, which is odd. How can I get the plugin to display in both Plugins and in the side menu once it is installed? I’ve read posts where it says it could be a permissions problem. How can I manually set the permissions on this? I have access to the database.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Mircea Sandu

    (@gripgrip)

    1 year, 11 months ago

    Hi @allennichelabs,

    I’m sorry you experienced this. The first thing to do here is to update the password for all the administrator users on your site and review the list of administrator users and remove any user that you do not recognise.

    The plugin is hidden by the attackers from the snippet that they add when they install the plugin, WordPress has a filter that can be used to hide a plugin from the list of plugins inside the admin.

    If you run into that issue – please use the WPCode Safe Mode by adding ?wpcode-safe-mode=1 to your wp-admin URL – that will prevent any snippet from running and then you should be able to go in and deactivate & delete the snippet that is causing this error. That should make the plugin immediately visible both in the admin menu and the plugins list.

    But please make sure to remove any unknown administrator users and update all the passwords of all administrator users as otherwise attackers can go back in again and add that snippet again.

    Thread Starter NicheLabs

    (@allennichelabs)

    1 year, 11 months ago

    Thank you, thank you, thank you. Thank you for your quick response. This allowed me to access the code snippet, delete it and then delete the plugin. The main site now comes up and all is good.

    I’m now in the process of locking down the site.

    digikor

    (@digikor)

    1 year, 11 months ago

    Hi

    I have an urgent problem.

    I used your plugin for many code snippets, today I used it for changing some user role capablites but the entire website crached.

    I was able to disable the plugin and now I have access to the backend, however, if I try to enable your plugin again, it kicks me out of my website.

    So my quesition is how can I enable the plugin with all snippets disabled so I can only eanble all the other codes on the website. (the safemode link isn’t helping)

    Thanks!

    Plugin Author Mircea Sandu

    (@gripgrip)

    1 year, 11 months ago

    Hi @digikor,

    You should create a new thread for your issue or reach out using the form at https://wpcode.com/contact if you run into such issues.

    In your case, if activating the plugin immediately triggers an error I recommend the following 2 options:

    Please try the following: before activating the plugin from the list of plugins in the admin Right-click the “Activate” link for the WPCode plugin in the list of plugins and choose “Copy Link Address”, next paste that URL in the browser Address bar and add &wpcode-safe-mode=1 to the URL and access it.

    If that doesn’t work, after you enable the plugin and it kicks you out, add the safe mode parameter to your login URL like this: yoursite.com/wp-login.php?wpcode-safe-mode=1 and try to login.

    Plugin Author Mircea Sandu

    (@gripgrip)

    1 year, 11 months ago

    @digikor, if neither of those work, define “WPCODE_SAFE_MODE” in your wp-config.php file like this:

    define('WPCODE_SAFE_MODE', true);

    That will prevent the plugin from executing any snippet, you can go in and disable the faulty snippet and then remove the definition from your wp-config.php file.

    digikor

    (@digikor)

    1 year, 11 months ago

    I have no words! thanks for the fast answer!

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘WPCode Hidden’ is closed to new replies.