Tag Archives: WordPress

How to Fix a Hacked WordPress Website

Problem:

When you visit your WordPress website you are randomly redirected to unwanted websites.

Solution:
  • Log in your website as an Administrator.
  • Go to Appearance >> Theme Editor.
  • Click on the Theme Functions link on the right side.
  • Verify if malicious code was injected into the functions.php file.

Example of malicious code:

<?php
@ini_set('display_errors', '0');
error_reporting(0);
global $zeeta;
if (!$npDcheckClassBgp && !isset($zeeta)) {
  • If yes, then download the functions.php file to your machine via FTP, remove the malicious code, then upload it to your server.
  • If you have several themes in your website then activate them one by one and repeat the procedure for all of them.
  • Open the wp-config.php file.
  • Verify if malicious code was injected into the wp-config.php file.

Example of malicious code:

include_once(ABSPATH . WPINC . '/header.php');
  • If yes, then verify content of the wp-includes/header.php file, and possibly remove the wp-includes/header.php file, then remove the malicious code in the wp-config.php file.
  • Copy a small string of malicious code, for example npDcheckClassBgp, and search for it in the content of all the files using the commands (in Windows) below.
cd C:\inetpub\wwwroot
findstr /s "npDcheckClassBgp" *.*

where C:\inetpub\wwwroot is the path of the parent of your WordPress website.

  • If you find the string in any file then review the content of the file and remove the malicious code.
  • In Windows, stop the website using the command below.
net stop w3svc
  • Delete all the files and folders except the wp-content folder, the wp-config.php, .htaccess, and web.config file.
  • Review and remove all the suspicious contents in your wp-content directory.
  • Go to the wp-content\plugins folder.
  • Delete all the plugins, especially the plugins closed due to Guideline Violation.
  • Manually re-download and unzip all the necessary plugins.
  • Download the latest version of WordPress.
  • Unzip and copy the the latest version of WordPress to the root of your website.
  • In Windows, start the website using the command below.
net start w3svc
  • Log in your website as an Administrator.
  • Remove all the unused plug-ins or themes.
  • Install, activate and configure a CAPTCHA plug-in to protect Login Form, Registration Form, Lost Password Form, Reset Password Form and Comment Form if there is no one.
  • Disable insecure FTP access if there is one.
  • Install and activate the Simple History plugin to review access to your website. After 1 or 2 days, review the access information, and possibly block the malicious IP addresses using the Windows Firewall.
  • Install, activate and configure Cerber Security plug-in to automatically detect and block the malicious IP addresses.

 

How to move a WordPress instance from one server to another Linux server

Motivation:

You want to move a WordPress instance from one server to another to consolidate your websites to reduce cost.

Solution:

Install and use below Duplicator plugin to achieve your goal.

https://wordpress.org/plugins/duplicator/

User guide: https://snapcreek.com/duplicator/docs/quick-start/

If everything goes well for you then congratulation!

Otherwise, please review below possible problems and corresponding solutions.


Problem 1:

You don’t have a website on the new server.

Solution 1:

1. Create a new virtual host in the /etc/httpd/conf/httpd.conf

<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot "/var/www/www.example.com"
</VirtualHost>

2. Set 775 permission for /var/www/www.example.com

3. Restart httpd service

sudo systemctl restart httpd

Problem 2:

You are using Amazon Linux 2 server.

You are logged in as ec2-user.

You use WinSCP to upload files and edit configuration files.

You cannot modify /etc/httpd/conf/httpd.conf and /etc/php.ini.

Solution 2:

1 View permission settings for the file

ls -ld /etc/httpd/conf/httpd.conf

The result indicates that the file owner is root user and root group, not ec2-user.

2. View groups of a user

groups ec2-user

The result indicates that the ec2-user does not belong to root group.

3. Add a user to root group

sudo usermod -a -G root ec2-user

4. Grant Read-Write permission against a file to root group

sudo chmod g+rwx /etc/httpd/conf/httpd.conf
sudo chmod g+rwx /etc/php.ini

5. Logout and login to the server again.


Problem 3:

You are using Amazon Linux 2 server. The ZipArchive feature is missing.

Solution 3:

1. Execute below commands:

sudo amazon-linux-extras install php7.2
sudo yum install php-pear php-devel gcc libzip-devel zlib-devel
sudo pecl install zip-1.13.5 # we must specify a slightly older version due due to compatibility

2. Add “extension=zip.so” to /etc/php.ini

3. Restart the server

sudo reboot

Problem 4:

You don’t have a WordPress database on the new Linux server.

Solution 4:

Execute below MySQL commands:

CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE `wp_database`;
GRANT ALL PRIVILEGES ON `wp_database`.* TO "username"@"localhost";
FLUSH PRIVILEGES;

Problem 5:

An database error occurs while restoring a website.

Solution 5:

1. Execute below commands to remove the website:

sudo chown -R ec2-user:apache /var/www/example.com
sudo chmod 2775 /var/www/example.com && find /var/www/example.com -type d -exec sudo chmod 2775 {} \;
find /var/www/example.com -type f -exec sudo chmod 0664 {} \;
rm -r /var/www/example.com

2. Upload the Duplicator files again, and restore the website again.


Problem 6:

No write access against /var/www/example.com is available for Duplicator.

Solution 6:

1. Execute below commands:

sudo chown -R ec2-user:apache /var/www/example.com
sudo chmod 2775 /var/www/example.com && find /var/www/example.com -type d -exec sudo chmod 2775 {} \;
find /var/www/example.com -type f -exec sudo chmod 0664 {} \;

2. Run http://example.com/installer.php again.

Setting File Permissions for WordPress on IIS

Motivation:

  • You have a WordPress instance in Windows with IIS.
  • You upload a file. Its thumbnail is not shown in Media Library.
  • You change the file permission. Its thumbnail now is shown correctly in Media Library.
  • You upload another file and have to change the file permission manually again.
  • How can we make WordPress automatically set the correct permission for new uploaded files?

Procedure:

  1. Ensure that the the Identity of Application pool that the website is running under is ApplicationPoolIdentity.
  2. Execute below commands as Administrator
icacls "C:\inetpub\wwwroot\domain.com" /grant "IUSR":(OI)(CI)F /T
icacls "C:\inetpub\wwwroot\domain.com" /grant "IIS_IUSRS":(OI)(CI)F /T

3. Open IIS Manager, click on your website, click Authentication, click Anonymous Authentication (which should be the only one enabled), click Edit, select Application pool identity if it is not selected, click OK.

How to change a WordPress website’s domain name?
  • Open the wp-config.php file.
  • Add two lines to the file, right before /* That’s all, stop editing! Happy blogging. */:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
  • Bulk edit the posts content if needed.

Topic 7 – Introduction to Web Application Development

Why do I need to learn about web application development?

Desktop applications are very powerful and convenient but their development, deployment and maintenance are daunting. The reason is that the platform dependency makes it very expensive to create a desktop application working on different versions of different operating systems, such as Windows, Linux and Mac OSX. Deployment and updates of desktop application typically require high privileges access to a computer machine, causing a problem for companies requiring high security.

Fortunately, you can overcome these limitations by creating a web application running on a browser. To create a web application you need to learn about web application development.

What can I do after finishing learning web application development?

You will be able to create web applications like The BBC News, The WordPress Blog or The White House Website.

This is just what I want to learn! What should I do now?

Web application development requires a lot of reading. You have to master networking concepts, HTML, CSS, Javascript, a programming language and a database management system for web. Please read this Semmy Purewal (2014). Learning Web App Development. O'Reilly Media book first to get familiar with web application development.
After that you will have 4 options. You can choose one of them. We STRONGLY recommend that you choose only ONE option. You should NOT learn all of them at the beginning. You could save your time by digging into only one option. After mastering the selected path, you will realize that all of them are very similar in the sense of use. One note is that although their concepts are similar to one another but they will still take us much time to learn how to apply implementation of an approach in real world solutions.
When developing a real world web application, you often use only one or two of these 4 approaches. If you cannot make your own selection then we recommend you a combination of the first and second option or a combination of the second and third option.
The first option is ASP.NET Core. Please read 
- this "Adam Freeman (2017). Pro ASP.NET Core MVC 2. Apress" book or 
- this "Dino Esposito (2018). Programming ASP.NET Core. Pearson Education" book.
A complementary part for this option is ASP.NET Web Forms. Please read this "Imar Spaanjaars (2014). Beginning ASP.NET 4.5.1: in C# and VB" book.
The second option is PHP world.  Please read 
- this Luke Welling and Laura Thomson (2016). PHP and MySQL Web Development. Addison-Wesley Professional book or
- this Robin Nixon (2018). Learning PHP, MySQL & JavaScript. O'Reilly book.

After that depending on your projects you can read these books below.
- Brad Williams, David Damstra and Hal Stern (2015). Professional WordPress: Design and Development. Wrox.
The third option is Java world. You will need to read 2 books for this option. Please get this "Cay S. Horstmann (2012). Core Java Volume I--Fundamentals" book and read it if you are not familiar with Java language.

Then please read 
- this "Tim Downey (2012). Guide to Web Development with Java: Understanding Website Creation" book or 
- this "Nicholas S. Williams (2014). Professional Java for Web Applications" book.
The 4th option is Node world.  Please read this
- this "Jonathan Wexler (2019). Get Programming with Node.js. Manning Publications" book, and
- this "Bruno Joseph D'mello et al. (2017). Web Development with MongoDB and Node. Packt Publishing" book.
After that please read 
- this Kirupa Chinnathambi (2018). Learning React. Addison-Wesley Professional book, and
- this Robin Wieruch (2020). The Road to React - Your Journey to Master Plain Yet Pragmatic React. Leanpub book to learn how to create a single page application (SPA).
After finishing these books if you want to create sophisticated interactive web applications please read 
- this David Flanagan (2020). JavaScript - The Definitive Guide. Sixth Edition. O'Reilly Media book and
- this "Kyle Simpson (2015). You Don't Know JS" book.
If you want to convert a web application from one platform to another or create a web application framework please read this "Leon Shklar and Richard Rosen (2009). Web Application Architecture: Principles, Protocols and Practices" book.
After finishing the books please click Topic 8 - Introduction to Mobile Application Development to continue.