abletec

Marnster, to add to my reply, I just discovered, rather by accident, that if you hit the escape key, a real WordPress login screen appears. This really is beginning to look somewhat suspicious, ie, if you entered your credentials on that first screen, it may be sent to somewhere you never intended it to go. Consider me officially concerned–not that my concern means anything official. But I am deeply troubled.

Hello, marnster, & welcome. I’m really sorry you’re having this issue–I know how annoying these sorts of things can be. Before giving up, however, let’s try a few things.

First, it would really be helpful if you’d provide us w/your real site url. This allows for the forum volunteers to have a look & possibly gain insight as to what the problem may be.

In situations like this, the cause is sometimes simply that the update did not complete successfully. In such cases, uploading the files manually solves the problem. This can be done, either via your hosting provider’s control panel or via FTP (& hopefully secure FTP).

Lastly, is there any difference between using yoursite/wp-admin & yoursite/wp-login.php? I think were I you I’d eliminate the url changes from wp-config.php, though I commend you for trying that.

If these steps don’t work, then please share w/us what sort of hosting you have, ie, Windows or Linux, & whether it’s shared, VPS, or dedicated. If you’re unsure, perhaps ask your hosting provider, though again, providing us a site url may help us answer those queries.

Hello, Hyflex, & welcome. You should not have any php files at all in your uploads folder. Zip. 0. Zilch. Please check your uploads folder for any Php files & delete them promptly.

Were I you, I’d check the following options in Wordfence & run another scan. Note that this is an exception, & you can feel free to turn some of these off once you’ve finished scanning, &/or cleaned the site as needed. Most are not checked by default.

*Scan theme files against repository versions for changes
*Scan plugin files against repository versions for changes
*Scan wp-admin and wp-includes for files not bundled with WordPress
*Scan for admin users created outside of WordPress
*Scan files outside your WordPress installation
*Scan images, binary, and other files as if they were executable

Most plugins, etc, do not use base64, so if you’re seeing some, that may be suspicious.

Please, in future, enclose your code in , as in:

line 1
line 2
line 3

Thank you.

You also don’t provide a site url, which may have proved helpful in diagnosing the problem.

Hello, elizabethwolf, & welcome. Don’t you just hate it when stuff like this happens? When I was a WordPress newbie, I did it too. Here’s how you can get out of your situation.

There are actually several methods. I’m going to provide what I feel are the 2 easiest ones for a beginner.

The article is here:
https://codex.ww.wp.xz.cn/Changing_The_Site_URL

I suggest you look at headings 1.1 & 1.4 there. Please don’t hesitate to ask any questions if you feel stuck.

Hi again, gamastin. If you didn’t empty the trash, the permalink is still being held by WordPress in the event you choose to restore the post. The way to release it is to empty the trash. Perhaps that will help for next time.

Hi, gamastin, it’s a troubleshooting measure. We strip things down to bare bones, then we begin activating things 1 by 1, trying to reproduce the problem. When we do, then we’ve isolated the cause, & the solution becomes evident. I don’t know what sort of engineering you do, but I suspect perhaps similar procedures apply in your line of work?

The .htaccess file is a hidden file. You can view it using an FTP client or via your hosting provider’s control panel. Make certain options to view hidden files are checked, if present.

Your memory limit is pretty low. I’d raise it to 128, if possible. You can do this by adding the following line to your wp-config.php file:
define( ‘WP_MEMORY_LIMIT’, 128M’ );

Do you have any caching on the site, perchance? Also, in your hosting control panel, there may be an aplet w/which to view site errors. If present, this may also prove helpful.

Lastly, do you have shared, VPS, or dedicated hosting?

Hello, gamastin, & welcome. Your post address is relevantrandd.com/s4q3/. That does not look like a WordPress url I’m used to, especially if your permalink structure is postname. Let’s try going into settings > permalinks, change permalinks back to default, then saving. Again go back to ‘settings > permalinks’ & change the structure back to postame & save. Let’s see if it helps. If not, we’re going to have to look at some decidedly less desirable possibilities. Also, please post your .htaccess file here, if available. You can enclose it in , as:

line 1
line2

Have you tried, as a temporary measure, deactivating all plugins & switching to a default theme (they begin w/the word twenty) to see if that helps?

It checks for a broad spectrum of malware, Andrea.