- This topic has 6 replies, 3 voices, and was last updated 11 years, 10 months ago by
.
-
Posts
-
Hi Guys. I'm wondering if anyone might have any idea what caused a major issue on one of my client sites this morning.
It looks like the home.php file was edited - removing... something and leaving the HTML of the homepage visible in the file's edit window instead of the normal contents of that file.
The first half of the DOCTYPE was missing. The second half of it was visible at the top of the admin panel just under the black admin bar. The rest of the HTML continued in the home.php file in the edit box.
Freaky.
What's worse is that if anyone tried to visit the site - they went straight to that Appearances > Themes > Associate > home.php file in the edit window. If you tried to navigate away from that page you got the theme 404.
I have fixed it by pasting in the original home.php file and saving it - the proper site has now returned as it should appear. But I'd really like to track down what caused this in the first place.
I didn't do it. The client says they didn't do it.
If, as an administrator, you're logged in then the Themes option appears second in the dropdown list in the admin bar - but you'd then have to navigate to the actual theme and start editing to have done this surely? Seems unlikely.
I'm using the latest version of WP, the theme is Associate. I have Better WP security plugin. I've checked the site security on various sites and no issues reported.
Never heard of anything similar happening. Nothing comes up in Google for the back-end of the site being public.
Has anyone seen a plugin do something similar? I'm trying to get at the site's error logs at the moment.
http://www.skedstretchers.co.uk/You should probably run a virus scan on you site to make sure you haven't been compromised. I know you are using a security plugin - but better to be safe than sorry. Also, check the Users area. Make sure that only you have administrator access. I would also go to the hosting account. Change all FTP passwords.
Need help with customization or troubleshooting? Reach out to me.
Hi Anitac
Thanks for your comments. I've rechecked security and all is fine there. FTP and other passwords changed too. The error recurred over night...
I have a feeling that this is caused by an interaction of Better WP Security and Manage WP plugins... This started happening once those were installed. Oddly, I've got exactly the same combo working on lots of other sites (including another one on this domain) with no problems.
First five characters of the HTML tag are missing. The rest of the HTML tag and the opening HEAD tag are visible under the admin bar and the rest of the generated page's code visible in the home.php file but without an update button.
I've disabled the security plugin temporarily and will monitor the situation. Weird.
Helena, are you saying that after you restored the site, the same exact thing happened again?
As to the problem of anyone visiting the site being taken straight to the backend theme editor thing... I would bet that that happened solely due to the same problem of home.php being mangled. Since critical code was missing from that file, you can't predict the behavior of any part of the site. It sounds to me like there's just one issue here: What's eating your home.php file for breakfast??
This article is dated but it gives some insights into what that security plugin is doing: http://bit51.com/what-is-changed-by-better-wp-security/
If you still have this problem even after disabling the plugin, then maybe you'll need to go through those files, too (or possibly restore a pre-plugin backup if you have one?).
Definitely odd behavior! Let us know what you discover as the culprit.
Hi essaysnark.
Yep - recurred early hours of Monday morning. I think it was exactly a week later (which leads me to believe it was something scheduled that caused the problem - just can't pin down anything due at that time).
Luckily I went to that site first thing so I don't think it was noticed by anyone else (the client hasn't been in touch...), Not how I like to start my Monday mornings though. Frankly since the majority of my clients' sites now run on Genesis and many now have both Better WP Security and Manage WP installed it's more than a little worrying.
Thanks for your link - oddly I was looking at that exact page yesterday trying to work out what might have done this. I can't work out the logic of whatever error it is removing a few characters from a single template file (which I'm assuming did the trick). I've looked at the error log and all that's there is regarding a core WordPress / Google Oauth thing (apparently a known error) - but that predates the issue anyway.
I've disabled Better WP Security and will monitor the situation to see if it happens again. If it doesn't then, for whatever reason - you'd have to assume that that plugin was the culprit. If it recurs then the next suspect in line is ManageWP.
If anyone has any inspiration regarding this - feel free to add your thoughts!
- The forum ‘General Discussion’ is closed to new topics and replies.