Archive for the ‘wordpress’ tag
There is a new-to-me plugin that exports photos from Lightroom to a WordPress blog. It seems the plugin won’t automatically create a new post, but it does simplify adding images to the WordPress Media Gallery.
Twice now I’ve opened up my blog and discovered error messages in my header that look something like:
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in …/wp/wp-blog-header.php on line 1
Both times, when I logged into the WordPress Admin page, it looked weird too (as if there were no template or CSS file available). I reinstalled WP 4.2.2, and everything seems ok. Still weird, and I’m not sure how or why this happens.
Just out of curiosity, have you noticed anything weird in this space?
Yesterday, I logged on to my WordPress Dashboard to see if any upgrades were available. I usually log on a few times a week, depending upon how actively I’ve blogged, or if I know of a WordPress upgrade. Once I logged on, I got an odd message that my plugins didn’t load because something was wrong with their headers. I clicked the Plugins menu to see what was going on, and instead, there was a message saying “You do not appear to have any plugins available at this time.”
Earlier in the week, the same thing had happened to my photo blog – plugins suddenly were non-functional. I was in the middle of a work-related crisis, so asked my cousin, the WordPress expert who actually constructed the photo blog, to look into it. He found malware, restored the photo blog to an earlier version with a backup, and it seemed ok. Since I was still sweating out the work-related crises, I didn’t look deeper. The photo blog seemed to work ok.
But now my blog was doing the same thing, and I had some time to investigate. I logged in to my site via FTP, and looked in the plugins folder. Several plugins were there. I opened one plugin directory, and one PHP file1 at random: the first line was a long string of code, obviously some sort of malware. Ru-oh! I renamed the plugins folder, which rendered it unusable by WordPress, created a new folder called plugins, and quickly installed a fresh copy of Akismet, a spam comment blocker. In the 15 minutes or so it took from when I first encountered an error until when I reinstalled Akismet, I received 59 spam comments! Yeesh.
I looked at the various WordPress PHP files, bits of code that make the blog do what it does, every single one had the same piece of malware inserted in the first line. I reinstalled WordPress, which creates fresh copies of the majority of PHP files in wp-admin; in wp-includes and in the default WordPress directory. However, some files were not replaced, I had to open them manually and strip out the malware. Reinstalling WordPress does not touch anything in wp-content – themes, plugins, etc. I did not have backup copies of my Solipsism theme for some reason, so I had to clean several files here manually. Initially I mucked this procedure up by stripping out some good code as well, but eventually I figured out what was missing.2
I took a deeper look at my photo blog, and though the plugins were clean, and the theme files were clean, all other PHP files were corrupted. Again, I reinstalled a fresh copy of WordPress 4.1, and manually cleaned the remaining files (wp-config.php; wp-pass.php, wp-feed.php and so on).
You Do Not Have Any Plugins Available.PNG
I host a couple of subdomains3 which are static paged WordPress installations, both of these directories were full of the malware code. In fact, in the process of cleaning up, I discovered what the malware did. On both of these subdomains, there was a plugin directory called, innocuously enough, docs. I didn’t install this plugin, so I was curious what it did. I looked inside its directory, and found a directory called “cache”. In here were nearly 500 files with names like “29fb82abf5c8a42d970f94eed9d69ebf.dat”, and an XML file that indexed these pages using the subdomain’s URL. I opened one of these files with a text editor4 – it was a HTML-type page with the title of “Resume Writing Lookout Heights Kentucky KY 24/7 – Best Resume Writing Services”. The others were similar: “Cv Services Darwin * Best Resume Writing Services 2014 – Jake Bradshaw”; “Payday Loans Near Augusta Ga ! < 24/7 Online Payday Loans”; etc.
The HTML was horribly mangled, I would be surprised if it did anything, but maybe it would be enough if Google indexed a link pointing to some schmoe who paid a consultant for Search Engine Optimization. But maybe not.
For instance, a portion of that particular spam page opened in a web browser looks exactly like this:
Create alert Self experiencing problems with problem with your consult an experienced for example, an e-mail, which is suitable day work. Diamond Call Ross on employer should protect a union, they but it would. Kentucky Diamond View all Altisource Vacations Worldwide jobs jobs Learn more about working at Altisource You can below, together with spending 2-6 hours a day at home This work can be done Colleges Equal Opportunity Williamsburg, Virginia – be at least High School diploma. Diamond
Whatever. I deleted these as soon as I could, shaking my fist at the evil spammer.
I found a few PHP files in my root level directory, I deleted these or cleaned them as needed.
I had tried to install a Drupal blog a while ago, before abandoning it as a futile, frustrating endeavor, but the files were still residing on my server, and all its PHP files were compromised.
I put in a tech-support request to Pair.com, my web-host, asking them to double check if any PHP files remained that were corrupted, I haven’t yet heard back from them. But I think I cleaned up all the malware, all it took was eight hours of work on a Saturday night…
Today I’m planning on looking deeper into the MYSQL databases, and see if there are any unknown users or other oddnesses, and maybe change all my passwords. I’m not sure how the evil spammers were able to insert the malicious code, but I don’t want to have to go through all this again. Oh, and make backups! and backups of the backups!Footnotes:
Sorry if I make your eyes glaze over, but I had some trouble with my blog yesterday, and here is how I solved it.
Background: upgraded a WordPress plugin called Better WP Security, under its new name, iThemes Security Pro, and instantly my blog broke. I could no longer access my dashboard, could no longer make any changes to the blog, all that would happen would be an error message like this:
Warning: Cannot modify header information – headers already sent by (output started at [redacted]/wp-config.php:33) in [redacted]/wp-includes/pluggable.php on line 896
so of course I copied this error out, and Googled it. Unfortunately for me, I searched on the second phrase first, which led to instructions about fixing the code in pluggable.php
Silly me, I was too busy to read more. I opened my FTP program, opened the file pluggable.php and sure enough, the last line did not include a close tag. I added ?> and my blog was working again. I immediately went into plugins and deleted iThemes Security Pro, and as everything seemed fine, went back to my other tasks, considering the matter finished.
This morning, I noticed that the daily blog email didn’t get sent, and then noticed that my blog’s RSS feed reported an error. A few of my plugins were not working at all (such as my anti-spam plugin, Askimet, and others). Ru-oh!
I went back to the Codex WordPress FAQ Troubleshooting page, and read the entire entry:
It is usually because there are spaces, new lines, or other stuff before an opening <?php tag or after a closing ?> tag, typically in wp-config.php.
If the error message states: Warning: Cannot modify header information – headers already sent by (output started at /path/blog/wp-config.php:34) in /path/blog/wp-login.php on line 42, then the problem is at line #34 of wp-config.php, not line #42 of wp-login.php. In this scenario, line #42 of wp-login.php is the victim. It is being affected by the excess whitespace at line #34 of wp-config.php.
If the error message states: Warning: Cannot modify header information – headers already sent by (output started at /path/wp-admin/admin-header.php:8) in /path/wp-admin/post.php on line 569, then the problem is at line #8 of admin-header.php, not line #569 of post.php. In this scenario, line #569 of post.php is the victim. It is being affected by the excess whitespace at line #8 of admin-header.php.
(click here to continue reading FAQ Troubleshooting « WordPress Codex.)
Doh! My error message had told me the problem was in wp-config.php, and pluggable.php was the victim. I opened wp-config.php, and sure enough, there were 2 extra blank lines after the close tag. I don’t know how iThemes Security Pro added them, nor why, but once I deleted these two blank lines, my RSS feed validated through feed burner, etc. I trust the blog daily email will go out tonight, whether or not it will contain yesterday’s information too.
Irritatingly, I clicked “Use SSL” on my WordPress dashboard for the Ted Cruz post I just published, because I didn’t know what that would do. Now, Safari won’t load the page at all. I unchecked the checkbox, but the page still won’t load. I looked closely at the URL and it should be http://www.b12partners.net/wp/2013/09/23/ted-calgary-cruz/ but Safari insists upon loading the “https:” version. As far as I can tell, there is no way to edit URLs directly in Safari, and this behavior persists even after I quit Safari and restarted – I still get taken to the nonexistent “HTTPS” secure version of the page, even if I hand-type the “HTTP” myself.
Safari is Stupid
I tried using the “Short URL” version, I tried typing the correct URL, I tried copying and pasting, but all attempts lead instead to the HTTPS version.
If there is a typo on the page, let me know in comments or email or Twitter, since I can’t see the damn post myself (well, other than in the WordPress Dashboard version, which is not always perfectly accurate). I guess I could click the category archive (Politics), or the tag archive (GOP for instance), but I’m too irritated to do so at the moment.
Not sure what happened exactly, but my Postalicious plugin went a bit nutso last night, creating several posts that were erroneous. The plugin is a simple way to keep track of interesting URLs that I don’t have the time to make a full blog post about, when it works correctly.
The way the plugin is supposed to work is that it polls my delicious links ever hour, finds if there are any additions, merges these snippets into a page, and publishes the page once three entries are found. There is supposed to be a time regulator as well so that a Links post is only published ever 26 hours (so there aren’t multiple Links posts a day), but that didn’t keep several posts from being published last night, posts with empty URLs at that.
500 Internal Server Error – 500 Internal Server Error
I’ve disabled the plugin until I can figure out what went wrong (or there’s a new version, whichever comes first). It could be a problem at Delicious.com, or it could be because of the new version of the Postalicious plugin I installed yesterday, or some other factor.
Sorry about that.
A few interesting links collected December 16th through December 17th:
- The Secret Diary of Steve Jobs : AT&T: Chokehold is “irresponsible and pointless” – It’s their own fault, of course. Go look at their financial statements and open up the Financial Operations and Statistics Summary and look at capital expenditures over the past eight quarters. I’m no math whiz, but it looks like capex has gone down by about 30% over the time period. Scroll down a bit to the Wireless section and check out data revenues — they’re up 80% over the same period.
- WordPress › Pretty Link « WordPress Plugins – Shrink, track and share any URL on the Internet from your WordPress website. You can now shorten links using your own domain name (as opposed to using tinyurl.com, bit.ly, or any other link shrinking service)! In addition to creating clean links, Pretty Link tracks each hit on your URL and provides a full, detailed report of where the hit came from, the browser, os and host.
- The Conway Twitty Tribute Pistol (MP3s) – WFMU’s Beware of the Blog – If you’d prefer to remember Conway Twitty for his talents as a singer and songwriter, here are a few MP3s to help you out. All were written by Twitty, with the exception of Pop A Top, which was composed by Nat Stuckey.