Website Issues

Have you reached out to your new hosting service? They may be able to help diagnose the issue. From what we can see, it seems like this is server/hosting related issue.

Its mostly certainly not a stock wordpress file. You will need to run a cleanup of your site files.

I have contacted my host and they did try to help to the best they can, but were able to provide a log file for me to work from. I also did some searching for “password” with notepad++ in all of the site files and found nothing. If you go to guardiantechsolutions.com you’ll see whats happening. viewing source will show just a reference to the index file so I also did another search for the index file and found nothing suspicious in the results. Just for the heck of it, I also contacted my domain name host (namecheap) and they verified that its not a domain issue. Im at my wits end on this and dont know where to go from here.

From the sounds of it your account may have been deleted or suspended and the files removed possibly. A login box makes me think a HTTP authentication screen which essentially means the site has been locked down by the server. Definitely need to press forward with the host. They’re not telling you something I don’t think.

@therealcrazy8

If you go to guardiantechsolutions.com you’ll see whats happening. viewing source will show just a reference to the index file so I also did another search for the index file and found nothing suspicious in the results.

The problem is not the html source code, its what is in the index.php file. If your website has been attacked, the code in the index.php file is *probably* designed to forward any passwords to the attacker.

You will NEED to run a cleanup of your site files.

What would be the best method or product to perform the cleanup?

Firstly before anything, you need to backload your website so you have a complete copy.

Then download a fresh copy of WordPress from www.remarpro.com

Then go into the index.php file of your backed up website and look at the code being used. If it is the stock WordPress index.php file code then your problem is elsewhere – it is most likely elsewhere (my best guess).

Next file to check is the .htaccess file in the root directory. If that has been attacked, it will have a line of code in it that points to the file that has the password form in it.

That is a good start.

Awesome! Thanks a lot for that. I will start there and see what I find. Thank you

Good morning,
last night I did use a fresh index.php and compare to my current and backup index.php files and all 3 were identical. I also checked the .htaccess file and tried a couple others that I had, including a fresh one, and nothing worked there. I also renamed the current database and uploaded my backup one and I at least got a message that a connection couldn’t be established, and then another time I got a 500 error message of some kind, after making changes to the (wpconfig?) file to try a different username for the DB. It was a little lengthy compared to other error messages. Considering I got the message about a connection not being established, rather than the password box I was getting, maybe that’s a place to start? Maybe it was a SQLi attack? Thoughts?

The fact that I can see this file https://guardiantechsolutions.com/license.txt means that the issue is within either the wordpress core files themselves, a plugin, theme or in the database.

Now that you have a complete backup, restore your original database from the backup you made, then try a fresh install of WordPress, enter your current database details and see if the site displays correctly.

If the password still persists with a complete default wordpress fileset then you KNOW its in your database.

Is it possible to install wordpress over the top of the current install without any of the site files being affected? Im slightly worried, even with my backup, of losing everything. I spent 6 months of research and my own work to put that site together the way it is with all of the info the way it is. My site was down for 2 months because of the clowns at HostGator and I just want to avoid a hassle like that again if at all possible. ?? I will definitely start with the DB first and see where that gets me.

• This reply was modified 6 years, 10 months ago by therealcrazy8.

If you want a completely true or false result, delete all the files online and install a fresh copy of WordPress. You have a backup already of the entire website, so when you are done testing, if the problem remains, then reload the old site back up again.

The only file that needs to be kept is wp-login.php. Because of that, you need to manually peruse that file to make sure it has not been infected with any extra code. wp-login.php has the database credentials in it, those credentials will connect the new fresh installed files to the database.

Start with the files first. Eliminate them as a source of the issue, then start looking through your database.

Thank you very much for your help. I will do that when I can and see how it goes. ?? Thanks again