![]() ![]() The Symptoms include redirection of homepage / cart / checkout to suspicious URL. ![]() We got these issues across many of our sites earlier today, the catch was ELEMENTOR PRO which had BROKEN ACCES CONTROL that provided hacker to modify the SITEURL, Admin email and add new ADMIN users. The issues are with the Elementor PRO vulnerability. Nothing like a major shutdown at the website to clean the website and wondering about future, life and a good excuse to drink another coffee. I've been also checking new users from past week no matter the role and deleted some clearly spam. I have some backups from UpdraftPlus, but sincerily I think it's safer not to restore and with least damaging to not use them. public_html/wp-content/plugins/use-your-drive/vendors/jquery-file-upload/SECURITY.md: SiteLock-PHP-SUSPICIOUS-fzl-logonly.UNOFFICIAL FOUNDĮngine version: devel-clamav-0.99-beta1-632-g8a582c7Īlso doing a checkup to removing and updating some plugins. So I guess it's a false positive due to this being related to access drive. The spam scan from bluehost gave the bellow result, but after opening the file and checking the code, I didn't find any sign of it. Also the search %ackersline% helped me to check if there were any leftovers. I'm not so used to use phpmyadmin and was not seeing all the fields until I noticed the listbox to change the number of visible results. I did change the following fields mailserver_url, mailserver_login, mailserver_pass, siteurl at table _options (just in case). After updating elementor it has also corrected the field _elementor_assets_data from the table _options, so no need to mess in there. ![]() After changing siteurl field at _options table, and regain access to wp cpanel and updating Elementor Pro plugin from version 3.5 to 3.12 (info says the vulnerability happens from 3.6 bellow) things started to get back in shape. Thank you all cause did put me in right direction to solve it. So has some friends pointed out here, the vulnerability comes from Elementor Pro + Woocommerce. Still have no clue on what was the flaw that allowed this and how to protect it from future attacks. I'll keep on digging and when find a solution for my case I'll share it. I don't know what values it should have but mailserver_pass password yes is not a good value for sure. At the wordpress _options table the following fields mailserver_url, mailserver_login, mailserver_pass also have strange values.I've changed it to my website url and this way had access to the wp cpanel. I have checked my _options wordpress table (the suffix may not be "wp", thank you Dimistris for pointing this table) and the field siteurl had indeed a hacked url.htaccess file and theme's header.php, footer.php, functions.php files and found nothing unusual there. An hour ago my website presented this output:Īnd after it started redirecting to different url and chained redirects with spam and ads.Also noticed there were new strange users being created. 16 hours ago I received a strange email saying the admin email had changed to Admin email sent through the website (like creating new user) started giving errors.Using Wordpress | Blueshost server | Cloudflare CDN | Elementor.and possible will have more info in an hour or so. It seems like it's exploiting some common flaw. With the WordPress 5.5 release, you can set the environment type using a constant (typically in the wp-config.I'm having the same issue starting a few hours ago. For example, instead of sending emails via Mailgun on my development site, I’ll conditionally load a small mu-plugin to deactivate the Mailgun plugin and test emails safely with Mailtrap (I’ll cover Mailtrap in more detail later). This is necessary to conditionally load code in different environments. ![]() We’ve used our own set of constants before and others have used the WP_ENV environment variable. There’s a lot to cover so although this post will have a tonne of information, it also features a good collection of links to other articles that dive deeper.ĭid you know that WordPress 5.5 introduces a way to set the environment type for a site? In the past developers had to roll their own method of setting the environment. In this post I’ll guide you through various ways to set up the dev environment, install WordPress locally, wrangle the database, debugging and lots in between. Running a WordPress dev environment for your sites is crucial to a productive and safe workflow as a developer. When running a WordPress website it’s best practice to at least run a local copy of the site so you can make changes without running the risk of completely ruining the live site. ![]()
0 Comments
Leave a Reply. |