wordpress configuration file is located in the root.In the event that PHP stops functioning on webserver for any reason.we run the risk of this file being displayed in plaintext,which will give our password and database information to visitor. you can safely move wp-config directory up out of root directory.this will stop if from accidentally served. … Read more
Once hacked there is no real (at least not easy) way to verify that you have removed all traces of the malware. Good malware will leave an hard to detect backdoor, and there is always the question of whether you have actually removed the attack vector. Therefor the only 100% working way to remove a … Read more
Decoding that JavaScript “gibberish” reveals that this is a script to open a popup with ads in it after the user clicks somewhere. The mean part is that these popups won’t be shown if you’re currently logged in. That’s why these scripts often go unnoticed. Here’s a redacted excerpt: var t = false; document.onclick= function(event) … Read more
It’s not a standar URL for sure. That kind of URLs are most likely due to the compromised code, so there is no need to do anything with then but remove every trace it left. Since the site is clean now, you should just remove those URLs from the Google Search Console. Log into the … Read more
If you do a Google search, you will find many topics on this. Here are some links: First read this: http://codex.wordpress.org/FAQ_My_site_was_hacked Then take a look at these links: http://ottopress.com/2009/hacked-wordpress-backdoors/ http://wordpress.org/support/topic/268083#post-1065779 http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/ If you have access to your database, login using PHPMyAdmin and change admin username / password, delete users you don’t know and change password … Read more
Try this: UPDATE wp_posts SET post_content = REPLACE (post_content, “<script src=”https://crow.lowerthenskyactive.ga/m.js?n=ns1″ type=”text/javascript”></script>”,””);
hSite has no css on mobile [closed]
As far as i know you cannot rename wp-admin. Many themes and plugin uses wp-admin in path. So if you rename it then all your plugins and themes will be broken. If you don’t want your users to access wp-admin then restrict it using .htacess If anyone access your wp-admin url redirect them to other … Read more
1st – Scan and identified malwares using this free tool https://sitecheck.sucuri.net if gives you files infected just delete them from your build. 2nd – Install sucuri plugin on your website and run again. 3rd – Change passwords on the admin users 4rd – Check for exploits on plugins on this site – https://www.exploit-db.com/ 5th – … Read more
Simple way, do not add content when logged in as admin user but only as author. If you want to go to somewhat extreme, remove the posting capabilities from the admin. Not sure where that will leave you with editing slugs so a proper check of permission will be needed. This answers your question as … Read more