lzr0

OK, here is update.
After an hour with useless godaddy tech support, I just changed the DB user’s password back to the old one, changed wp-config.php accordingly, and re-uploaded index.php from my local backup- the above steps have restored the site. Don’t know why simple DB password changed in cpanel triggered so much problems. Very frustrated with GoDaddy.

Generally, all folders (e.g. /wp-content/, /plugins/) should be set to 755, and all files (e.g. wp-cron.php, .htaccess) should be set to 644.

Thank you, barnez. Do you see a problem if I completely deny to anyone (including owner) Write and Execute for .htaccess ? If I should need to change anything I guess I could FTP a new file.

• This reply was modified 3 years, 4 months ago by lzr0.

The .htaccess is protected by the server configuration, as per any filename starting with .

OK, thank you. What’s about all other files? What should be set for public_html folder?
I don’t understand who is called group and who is public.
My current setting is 750, and there is checkmark at execute for Group permission.

Hi, Tim,
Thank you for the thorough input. I will disable auto update and do updates manually when I can see the outcome.

• This reply was modified 3 years, 5 months ago by lzr0.
• This reply was modified 3 years, 5 months ago by lzr0.

Hi, Peter,
Thank you for the suggestions, which I am going to implement. Before I saw your reply, I came across an old post where was suggested to delete entire WF folder, install WF assistant, clear all WF tables and re-installing WF- it did the trick.
Thanks

Did you do a full “scan everything” scan with WordFence?

Now when said it, I run Hi sensitivity scan, and it did find a bunch of suspicious php files, which I deleted.

If that’s all you did, the malware is probably not gone.

Sitecheck shows clean and it no longer redirects. I also found a virus in my PC and had it removed

• This reply was modified 3 years, 8 months ago by lzr0.

Steven,
htaccess restore and blundered-cochineal.php deleting removed the malware. I now also installed wordfence. Thank you for the help.

Steven,
Will WP auto generate a new ‘htaccess if I just delete it?

Hi, Steven,
Thank you. Before I go over all the suggestions, I found this code in my htaccess. Is it supposed to be there?

RewriteEngine On

RewriteBase /
RewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]
RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)
RewriteCond %{HTTP_HOST} generatorsforhomeuse\.us$
RewriteRule . blundered-cochineal.php [L,S=10000]

I have pushed a backwards compatibility fix in 1.6.11

Do you mean, it is safe now to upgrade the plugin with old versions of PHP?

At minimum, you want to upgrade to 5.6.40, and ideally upgrade to PHP 7x or PHP 8x.

I know, but this is PHP that my Godaddy webhost provides. Besides this, the theme I use is no longer maintained, so I am afraid to do any upgrades (but of course, this is my problem).

Access your server via SFTP or FTP, or a file manager in your hosting account’s control panel (consult your hosting provider’s documentation for specifics on these), navigate to /wp-content/plugins/ and delete the whole /login-recaptcha/ directory there.

James,
Thank you for quick reply. Unfortunately, I panicked, and before receiving your reply I’ve already started uploading my entire site from local backup. I will report what you suggested to recapture forum though.

Hi, Ashley,

Can you check your PHP and Apache logs for the errors please, then report back here.

My php error log file is empty (shows no error). I don’t see Apache error log on my GoDaddy control panel. Tried to save some settings and got another error:
updraft_send_command: error: UpdraftPlus: could not parse the JSON (502)

Spent long time with godaddy mostly useless tech support and they could only say “apparently the plugin does not like something on your site”.

Is there a specific reason why you have not updated your WordPress installation?

Every update used to cause some issues to the site. And the theme I am using is no longer officially supported. Just afraid to touch it.

Just for my own interest, why are you not current on WordPress?

Official support for the theme I use has discontinued, and even when it was available, every WP update used to break something. I am satisfied with my version. No money change hands on my site, so I doubt it is attractive for hackers.