balham

This article explains the problem I had with TSO Host (GoDaddy) https://www.itpro.co.uk/security/cyber-security/370100/godaddys-multi-year-security-breach-damaging-blow?refid=D21B9FDF203DF502FFC95FE4E628FB0F

Just an update – it turns out that the “www” domain was included in the original certificate but when I renewed it at a few weeks back, the process did not renew the “www” domain.

I suspect I made a mistake in the renewals process but am not sure what – maybe not checking the “alias” button????

So my question is… how can I correct the error in the certificate without having to wait for the expiry period? Does Really Simple SSL give an option for this?

Or are there any other alternatives?

Thanks,

Peter

I was also discussing this on the Wordfence security forum and @bigskip47 has just posted the following:

`@mackley Are you using shared Godaddy shared web hosting? I have not been able to reproduce the issue today. Godaddy updated my support tickets saying they were not able to find malware and the issue were facing is not caused due to the code/contents of the site. “It is an issue our high level teams are working on fixing”

“Investigating – We are currently investigating reports that a subset of customers’ websites are at times being incorrectly redirected.”

I am on TSO Host and they are part of GoDaddy so I am hoping that this will solve the problem.

I’ll give below my site details and maybe you can compare with yours for any commonality:

My hosting is with TSO Host (part of Godaddy now I think).
WordPress version 6.1.1. All updates installed.
Theme: OceanWP (v3.3.6)
Plugins (all up-to-date):
Akismet Anti-spam
Duplicator
Elementor
ElementsKit Lite
Limit log in attempts reloaded
Malcare
Metform
Ocean Custom Sidebar
Ocean Extra
Really Simple SSL
UpdraftPlus – Backup/Restore
Wordfence Security
WP-Optimize

I contacted TSO Host Technical Support and they scanned the site with Sucuri and this could not find any problem. They could not help any further and suggested I pay for their Securi service and discuss the problem with them.

Many thanks @wfpeter. I’m going to think about it overnight. One possibility is that I might delete the jws-counselling.co.uk WordPress installation completely and then reinstall it and recreate the site manually – I’ve captured all the content and think it should not take too long. I think this will be easier than trying to clean it. There are no posts – just static pages at the moment (it has not been launched yet). I kept everything (WordPress, themes, plugins) up-to-date and I’ve changed all the passwords but I did not have any security protection installed – this has been a hard lesson but at least it has happened at the early stages of the web-site and I have learnt a lot.

Have solved the problem.

When I edited the form I added a new check-box option and in the option title I included quotation marks (“). This was the culprit – when I removed them, there was no further issue.