abletec

Hello, billsall54. A few things come to mind here, but, not being able to see everything directly, I am obviously at a serious disadvantage, as I hope you can understand. The first concern I have is whether or not perhaps your hosting space is being exceeded. You should check w/your provider regarding this. Akin to that is whether your database(s) have become too large. I have seen hosting providers cut off sites for this reason.

Barring those things, one needs to look at the possibility of corrupted database(s). If your provider’s control panel has the facility for it, you can use it to run a database check & repair, though I would advise backing up the database(s) first, even if they are messed up.

The other thing you should check on those sites where you can’t log into the dashboard is whether or not there may be a security plugin preventing the login, & you should check .htaccess files as well. I’ve seen these types of problems cause this, though having thus said, if database tables are missing–then, yeah–there may indeed be a problem logging in! You are welcome to paste your .htaccess file in your next reply, but please enclose it in , ie,
line 1
line 2
line 3`

This also raises the spectre of a multiple site–or perhaps even a server-wide–compromise, though I rather think the database size/corruption guess may be the most plausible.

Su0044, I mean no disrespect, but this is the last thing you should be trying to do. If your theme has become imcompatible, then that’s what needs updating. The reason I say this is simply that updates almost always contain patches to security flaws. Failure to patch these leaves your site vulnerable to being hacked. As a business, the last thing you want is to have your visitors go to your site & get infected w/malware, ransomeware, as an example, be “treated” to porn, or send spam emails for dodgy products under your domain name. Believe me when I tell you, as one who’s fixed many a compromised site, this is *not* something you want! Please-revert to a default theme for right now, see what aspects of your theme need fixing, & go from there. Again, I mean no disrespect–& you’re welcome for the quick response, BTW, even if it isn’t what you want to hear, for which I sincerely apologize.

Hello, su0044. What I suggest is to try activating a WordPress default theme (these begin w/the word ‘twenty’, i.e., twentythirteen, etc) & see if this problem resolves. I rather have the feeling that your theme has become incompatible w/recent WordPress versions.

Hello, stxphxnie, & welcome. Much depends on what you wish to do here. I personally see no need for 2 separate installations, as you can have a blog on your main site, but that’s just me.

I guess the major questions here are what you actually want to do w/the 2nd installation, &, if not, whether there’s any content on the blog site you wish to transfer to the main 1. It is an easy task to add a link to your main site’s menu (Appearance>Menus>links’) if that is your pleasure.

Let us know how you wish to proceed, & either I or another capable volunteer will help as soon as we’re able.

Hello, can062. Go to ww.wp.xz.cn/support. Click on the forum where you wish to create a new topic, (in this case it’s ‘Netwrking WordPress’, but if it has to do w/something else, then by all means choose the applicable forum), &, once in the right forum, click the ‘Create Topic’ link. Thanks for asking. & post a link here if you wish to take me up on your offer to follow you over. Otherwise, there are plenty of capable volunteers.

Hello, kernix, & welcome.

There are a few things to talk about here, perhaps, if possible, let’s simplify & take these 1 at a time.

Please log into your dashboard, go to the ‘General’ tab under ‘Settings’, & change your urls to https://www.fairmountpetservices.com. This should then get both your http:// & your
www. fairmountpetservices.com loading w/the https:// protocol.

You can indeed rebuild your entire site using WordPress. You can do that in 1 of 2 ways. You can either rebuild the site, & entitle your posting page as ‘blog to contain your posts; or you can have 2 separate WordPress installations.

I notice also that a child theme seems to be used on your blog. Those can, unfortunately, become dated over time & throw errors, resulting in messed up images, etc. fairmountpetservices.com & fairmountpetservices.com/blog seem to both redirect to your blog. There does seem to be a cache plugin running there, which can also produce confusing results, as you’re undoubtedly getting an older copy. Clearing your browser cache, using a different browser, &/or clearing the plugin cache, or all of the above, will help.

Please let us see your .htaccess file. Please enclose it in `backticks`, ie,
`line 1
line 2
line 3`

• This reply was modified 7 years, 11 months ago by bcworkz. Reason: entity encoded backticks

Well, if that’s the case, mcantwell75, then we’ve got some more work to do. The instructions I’m about to post are long. They are in a step-by-step format, however, so please kind of use the post as a checklist, checking each off as you go. Please carefully understand both objectives, ie, to repair the site, & to get it back fully under your control, as a compromise indicates that it is not, & the bad guys are therefore free to do whatever they want, whenever they want. If there’s anything at all you don’t understand, please ask. It’s important. If you feel this is all too overwhelming, you can post a job at http://jobs.wordpress.net.

A resource you can go to is:
http://codex.ww.wp.xz.cn/FAQ_My_site_was_hacked

When dealing w/a site compromise, the objectives are twofold:
1) Fix the site; &
2) Fix backdoors that the hacker used to gain entrance into your site, so this hopefully will not happen again.

Most people place great emphasis on objective #1, but, in truth, the 2nd one is actually the most important, as, without it, your site will continue to be reinfected.

Here are the steps to take.

First, notify your host, as this might be a serverside hack as opposed to simply a site compromise. Also, if you’re on shared hosting, the hack has the potential to compromise the entire server. Additionally, you may wish to take the site offline, & your host can help you do this. They might not help you–then again, they might. You won’t know unless you notify them. If they say it’s not their responsibility, (& it really may not be), then please continue reading.

Second, scan any devices you will use to log onto your website for malware (malicious software like viruses, etc). It does no good to follow these steps if malware phones your credentials home to their command & control center. It’s actually better to do more than 1 scan, each using a different program, as no single malware scanner can detect everything.

Third, secure your network. Definitively use secure FTP (file transfer protocol) as opposed to regular FTP. The port used for secure FTP varies from host to host. Many use port 22, some 2222, while others use different ports altogether. Check their knowledge base or call their support. You can ask this question when you notify them of the compromise in the first step. You can use a client like Filezilla, which can do secure file transfers.

Never log onto your site using a public WiFi hotspot, such as those in hotels, cafes, etc. Make sure you’ve changed the default password, Ssid, (&, if applicable) the username on your router/modem. If you don’t use wireless, turn it off in your router’s options.

All these steps are required to ensure that no one can snoop your credentials, etc.

Now that the device you’ll use to fix your site, as well as your network, is secure, it’s time to direct your attention to actually fixing your site.

Next, please log into your website hosting provider’s control panel from a secure connection and change all passwords, including those to any databases you may have set up. This includes your control panel/FTP credentials & your WordPress database. Also, change your salt keys as per the instructions in wp-config.php to log out all users. Please make the passwords long, containing upper & lowercase letters, numbers, & punctuation.

Next, take a backup of your website’s files. Be certain to label it such that the label contains both the date you backed it up on, as well as the word “hacked”–we certainly don’t want you accidentally restoring this backup! This can be helpful, though, in terms of perhaps being able to determine how this occurred, though my feeling is that it likely did so because of an outdated site, weak passwords, or unmaintained 3rd-party plugins or themes on the site. Probably you should just back up your web root. Depending on your host, it might be called public_html, htdocs, www, or /. If you don’t wish to back up the entire root, then at least back up your uploads folder, as well as others that might contain content that can’t be replaced.

Please also back up your database as well. The article at
http://codex.ww.wp.xz.cn/Backing_Up_Your_Database
shows you how to do that, in case you need it. The section regarding phpMyadmin is likely the most relevant to your case. It’s going to be necessary to search that database file to see if any evidence of the hack exists there. That can be done by opening the file in a text editor. To start off with, consider searching for the words:

<script
<? php;
base64;
eval 

preg_replace
strrev

This is not an exhaustive list, nor is the presence of any of these words conclusive proof of a site compromise, though some are more suggestive than others.

You might also wish at this point to backup your WordPress content. To do that:
* Log into your WordPress dashboard.
* Go to ‘Tools > Export’.
* Choose to export all content.

While in your dashboard, go to ‘Users > All Users’ and delete any users there that you don’t recognize, especially administrators. A WordPress account should never contain the username ‘admin’. If yours does, make an administrative account that does not contain the word (don’t forget to use a very strong password), then delete the old admin username account.

Also be advised that sometimes supposed image files can contain code, so open all your image files, particularly in your uploads folders, to ensure they really are images & don’t contain code. Better yet, if you have the images on your machine, replace files in the uploads folders with them.

If you find nothing, either in your database or in your /uploads folders, then the next step is to delete, then completely reinstall WordPress, as well as any plugins or themes you were using. Simply reinstaling WordPress from the dashboard is not effective. I also advise creating an entirely new database w/a new user & password. You can then import your content into the newly reinstalled site.

Please also let someone knowledgeable look at your .htaccess file so they can make certain no backdoor code exists there.

In summary, here are the steps:
1) Back up your WordPress files, including core, themes, & plugins;
2) Back up your database using PhpMyadmin;
3) Look through the database to insure there is no evidence of the hack;
4) Search the uploads folders for image files that contain code;
5) Let someone knowledgeable look at your .htaccess file.
6) If you have doubts about your database, please have a professional take a look.

It would also be helpful to install a plugin like Sucuri or Wordfence to scan for the compromised files.

Hello, mcantwell75, & welcome. I’m wondering if it was your blog or your Twitter account that was compromised. You would be well-advised to install a security plugin like Sucuri or Wordfence to do a malware scan on your site, but from what I’m seeing thus far, I’m really wondering if perhaps they simply shared your post & added that line on their own. In any event, I’d definitively do the following:
1) Change your twitter password.
2) Change your hosting provider’s control panel password.
3) Change your WordPress dashboard password.
4) Change your database password in your hosting provider’s control panel, & don’t forget to update your wp-config.php file to reflect that change.
5) Install a security plugin like Sucuri or Wordfence & do a malware scan.
6) Join Google Search Console (https://google.com/webmastertools) & see if they flag anything on your site, either in the Security’ tab or the ‘Search Traffic > Manual’ tab.

Please let us know if you need help doing any of this.